sql-injection

(2 articles)

May 26, 2026

CISA Orders Patch for Exploited Drupal SQL Injection

CISA added CVE-2026-9082, an actively exploited Drupal SQL injection flaw, to its KEV catalog. Federal agencies must patch by May 27. Here's what developers need to know.

May 24, 2026

Ghost CMS SQL Injection CVE-2026-26980 Exploited

CVE-2026-26980 in Ghost CMS is being actively exploited in a ClickFix campaign hitting 700+ domains. Here's what happened and how to protect your site.