#SQL Injection
APT Campaign Exploits cPanel CVE-2026-41940 to Breach Government and Military Servers Across South-East Asia
A sophisticated threat actor has exploited the critical cPanel authentication bypass CVE-2026-41940 to compromise government and military servers across South-East Asia, while also deploying a custom zero-day SQL-to-OS...
Critical SAP SQL Injection CVE-2026-27681 (CVSS 9.9) Exposes Financial Data in Business Planning and Warehouse Systems
SAP's April 2026 Patch Day addresses CVE-2026-27681, a near-perfect CVSS 9.9 SQL injection flaw in SAP Business Planning and Consolidation (BPC) and Business Warehouse (BW). A low-privileged user...
Critical Fortinet FortiClient EMS Vulnerability CVE-2026-21643 Actively Exploited — CISA Demands Patch Today
CISA has added CVE-2026-21643, a critical pre-authentication SQL injection flaw in Fortinet FortiClient EMS (CVSS 9.1), to its Known Exploited Vulnerabilities catalog with a mandatory patching deadline of...