CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-9082link is external Drupal Core SQL Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses...

CVE-2026-25606

A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multiple Search Filters allows for SQL Injection attacks. It allows an authenticated attacker to view sensitive data such as data belonging to other users, or any other data that the...

CVE-2026-25606 SQL Injection in STER

A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multiple Search Filters allows for SQL Injection attacks. It allows an authenticated attacker to view sensitive data such as data belonging to other users, or any other data that the...

ethical-hacking-toolkit

ethical-hacking-toolkit Ferramentas de segurança ofensiva e d...

WordPress WP ERP Pro plugin <= 1.5.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by kudasav in WordPress Plugin WP ERP Pro versions = 1.5.1...

CVE-2026-4834

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

CVE-2026-4834

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

EUVD-2026-31391

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

PT-2026-42810

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.4 Description An unauthenticated SQL injection exists in the Bazar form-import functionality. An unauthenticated visitor can inject arbitrary SQL into an INSERT statement via the FormManager::create function. This...

PT-2026-42742

A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multiple Search Filters allows for SQL Injection attacks. It allows an authenticated attacker to view sensitive data such as data belonging to other users, or any other data that the...

PT-2026-42719

Name of the Vulnerable Software and Affected Versions WP ERP Pro versions prior to 1.5.2 Description The WP ERP Pro plugin for WordPress contains a flaw allowing unauthenticated attackers to append additional SQL queries to existing ones. This is caused by insufficient escaping of the user-suppli...

PT-2026-42837

Name of the Vulnerable Software and Affected Versions RT versions 5.0.0 through 5.0.9 RT versions 6.0.0 through 6.0.2 Description An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing them to read or modify data in the...

WordPress plugin WP ERP Pro SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Request Tracker SQL注入漏洞

Request Tracker is a problem and ticket tracking system developed by Request Tracker Inc. Versions 5.0.0 to 5.0.9, as well as 6.0.0 to 6.0.2, have a SQL injection vulnerability. This vulnerability arises from SQL injections, allowing authenticated users to construct inputs and merge them into...

VulnCheck KEV: CVE-2026-9082

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0...

Unity Linux 20.1070e Security Update: hibernate3 (UTSA-2026-016759)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016759 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...

Unity Linux 20.1070e Security Update: hibernate (UTSA-2026-016690)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016690 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : PostgreSQL vulnerabilities (USN-8294-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8294-1 advisory. It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use...

Drupal Core SQL Injection Vulnerability

Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API...

Imperva Customers Protected Against CVE-2026-9082 in Drupal Core

TL;DR:CVE-2026-9082 is a highly critical SQL injection vulnerability in Drupal core that can be exploited by unauthenticated users against Drupal sites using PostgreSQL. The vulnerability affects Drupal’s database abstraction API and can allow specially crafted requests to trigger arbitrary SQL...