Advertisement
Drupal 7.x SQL Injection CVE-2014-3704 — Active Exploitation Alert
CISA adds Drupalgeddon SQL injection (CVE-2014-3704) to KEV catalog, mandating federal agencies to patch critical legacy systems against active exploits.
CVE-2025-26980: Ghost CMS SQL Injection Exploited in ClickFix Campaign
A critical SQL injection vulnerability in Ghost CMS (CVE-2025-26980) is being exploited to deliver ClickFix malware through malicious JavaScript injections.
CVE-2024-2123 & CVE-2024-2510: Avada Builder Patch Guidance
Critical flaws in Avada Builder WordPress plugin (CVE-2024-2123, CVE-2024-2510) allow for credential theft and LFI. Immediate update to version 3.11.7 required.
CVE-2026-42208: Active Exploitation of LiteLLM SQL Injection
Attackers are actively exploiting CVE-2026-42208, a critical SQL injection flaw in LiteLLM, within 36 hours of disclosure. Patch to prevent database compromise.
CISA KEV Update: Fortinet FortiClient EMS CVE-2026-21643 Under Attack
CISA adds six flaws to the KEV catalog, including a critical unauthenticated SQL injection in Fortinet FortiClient EMS (CVE-2026-21643). Patch immediately.
FortiClient EMS RCE via CVE-2023-48788 — Patch Guidance
CISA mandates federal agencies patch the critical FortiClient EMS SQL injection flaw, CVE-2023-48788, which allows unauthenticated remote code execution.