CISA orders feds to patch actively exploited Drupal vulnerability

CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection ...
Arabian Post

Drupal flaw draws urgent patch race

US cyber authorities have added a critical Drupal Core SQL injection flaw to their exploited-vulnerabilities list after attacks began targeting unpatched websites using PostgreSQL databases, ...
Security NEXT

「Drupal」に深刻なSQLi脆弱性 - 影響ない環境も更新を強く推奨

「Drupal」のセキュリティチームは、現地時間2026年5月20日にセキュリティアドバイザリを公開。細工したリクエストによりSQLインジェクションが可能となる脆弱性「CVE-2026-9082」について明らかにした。
TechRepublic

Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk

A security flaw in the Ally WordPress plugin used on more than 400,000 sites could allow attackers to extract sensitive data without logging in. A vulnerability in a ...