The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Drupal Core active exploited vulnerability to its Known Exploited Vulnerabilities catalog. Tracked as CVE-2026-9082, successful exploitation of the vulnerability may allow an attacker to elevate privileges and execute code remotely. CISA urged users to patch the vulnerability before May 27, 2026. Drupal mentioned in the advisory that exploit attempts are now being detected in the wild.
Tag: SQL Injection Vulnerability
Fortinet FortiWeb Unauthenticated SQL Injection Vulnerability (CVE-2025-25257)
Kentaro Kawane from GMO Cybersecurity discovered a vulnerability of critical severity impacting FortiWeb. Tracked as CVE-2025-25257, the vulnerability has a CVSS score of 9.6. Upon successful exploitation of the vulnerability, an unauthenticated attacker can execute unauthorized SQL code via crafted HTTP or HTTPS requests. FortiWeb is a web application firewall (WAF) designed to protect web … Continue reading “Fortinet FortiWeb Unauthenticated SQL Injection Vulnerability (CVE-2025-25257)”
Mattermost Releases Fixes for Critical Vulnerabilities (CVE-2025-25279, CVE-2025-20051, & CVE-2025-24490)
Mattermost has addressed three critical security vulnerabilities impacting its Boards plugin. The vulnerabilities are tracked as CVE-2025-20051, CVE-2025-24490, and CVE-2025-25279. Successful exploitation of the vulnerabilities may allow attackers to read arbitrary files on the system and execute SQL injection attacks.
Zimbra Collaboration Suite (ZCS) SQL Injection Vulnerability (CVE-2025-25064)
Zimbra released a security advisory to address a security vulnerability in the Zimbra Collaboration Suite (ZCS). Tracked as CVE-2025-25064, the vulnerability has a critical severity rating with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow attackers to gain unauthorized access to sensitive data and internal network resources.
Sophos Patches Multiple Vulnerabilities in Firewall (CVE-2024-12727, CVE-2024-12728, & CVE-2024-12729)
Sophos released a security advisory to address three vulnerabilities impacting Sophos Firewall products. Tracked as CVE-2024-12727, CVE-2024-12728, & CVE-2024-12729, the vulnerabilities may lead to remote code execution and information disclosure.
Zabbix Server Critical SQL Injection Vulnerability (CVE-2024-42327)
Zabbix server is vulnerable to a critical severity flaw tracked as CVE-2024-42327. The vulnerability has a CVSS score of 9.9. Successful exploitation of the vulnerability may allow attackers to escalate privileges and gain complete control of vulnerable Zabbix servers.
Ivanti Patches Multiple Vulnerabilities Impacting Endpoint Manager (EPM)
Ivanti released a security advisory to address ten vulnerabilities in its Endpoint Manager. The vulnerabilities are given critical and high security vulnerabilities. On successful exploitation, an attacker with access to the internal network can execute arbitrary SQL queries and retrieve output without needing authentication. This can then allow the attacker control over machines running the … Continue reading “Ivanti Patches Multiple Vulnerabilities Impacting Endpoint Manager (EPM)”
Atlassian SQL Injection Vulnerability Impacts Jira and Confluence (CVE-2024-1597)
Atlassian released a security advisory to address a critical severity vulnerability impacting its popular products, Jira and Confluence. Tracked as CVE-2024-1597, the vulnerability has a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an unauthenticated attacker to expose assets in the environment. The org.postgresql:postgresql dependency vulnerability is only exploited when the instance … Continue reading “Atlassian SQL Injection Vulnerability Impacts Jira and Confluence (CVE-2024-1597)”
Zabbix Server Audit Log Time-Based SQL Injection Vulnerability (CVE-2024-22120)
The Zabbix server is vulnerable to an SQL injection vulnerability, tracked as CVE-2024-22120. The vulnerability has been given a critical severity rating with a CVSS score of 9.1. Successful exploitation of the vulnerability may allow a remote authenticated attacker to execute arbitrary SQL queries, allowing the threat actors to dump the database, escalate privileges to admin, … Continue reading “Zabbix Server Audit Log Time-Based SQL Injection Vulnerability (CVE-2024-22120)”
F5 BIG-IP Next Central Manager Multiple Vulnerabilities (CVE-2024-21793 & CVE-2024-26026)
F5 BIG-IP Central Manager is vulnerable to two remotely exploitable security flaws, CVE-2024-21793 & CVE-2024-26026. Successful exploitation of the vulnerabilities may allow attackers to gain complete administrative control of the device and subsequently create accounts on any F5 assets managed by the Next Central Manager.