Drupal: Critical SQL injection flaw now targeted in attacks

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier ...
SecurityWeek

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking

Drupal has patched CVE-2026-9082, a highly critical vulnerability that could allow threat actors to hack websites.
Linux Journal

Drupageddon: SQL Injection, Database Abstraction and Hundreds of Thousands of Web Sites

Drupal is a very widely used open-source content management system. It initially was released in 2001, and recent statistics show Drupal as the third-most popular content management system, with just ...
CSO Online

Drupal admins rushing to patch maximum severity SQL injection vulnerability

Administrators of the Drupal open source content management platform are rushing to install an emergency patch issued today ...

Over a million WordPress sites hit in plugin flaw — here's what we know

A popular WordPress plugin was found carrying two flaws that can cause data leaks.

Ivanti EPM: Security flaws allow SQL injection, privilege escalation

Ivanti warns of three security vulnerabilities in Endpoint Manager (EPM). They allow SQL injection or privilege escalation.
Bleeping Computer

Telegram-Based SQL Injection Scanner Available for $500 on Hacking Forum

A new tool is making the rounds on the criminal underground. Called Katyusha Scanner, this is a hybrid between a classic SQL injection (SQLi) vulnerability scanner and Anarchi Scanner, an open-source ...

ProFTPD: Code injection via mod_sql possible

The FTP server ProFTPD includes a module called mod_sql. It contains an SQL injection vulnerability that can ultimately lead to the execution of injected code.