CVE-2026-27832 Group-Office Has Authenticated SQL Injection in advancedQueryData.comparator

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection SQLi vulnerability, exploitable through the advancedQueryData parameter comparator field on an authenticated endpoint. The endpoint...

XML External Entity (XXE) Injection Payload List

An XML External Entity XXE attack sometimes called an XXE injection attack is a type of attack that abuses a widely available but rarely used feature of XML parsers. Using XXE, an attacker is able to cause Denial of Service DoS as well as access local and remote content and services. XXE can be...