Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
The Hacker News

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

Drupal CVE-2026-9082 exploitation hit 15,000 attempts across 65 countries, forcing urgent patches by May 27, 2026.
SecurityWeek

SAP Patches Critical S/4HANA, Commerce Vulnerabilities

SAP has released 15 new security notes, including two addressing critical code injection flaws in S/4HANA and Commerce.
CSO Online

Drupal admins rushing to patch maximum severity SQL injection vulnerability

In its warning, Drupal said a vulnerability in this API allows an attacker to send specially crafted requests resulting in ...
GIGAZINE

It was pointed out that airport and cockpit security could be breached by SQL injection attacks

The Transportation Security Administration (TSA) has a program called 'KCM (Known Crewmember)' that allows pilots and flight attendants to pass security checks even when they are off. Similarly, there ...