CISA flags critical Microsoft SCCM flaw as exploited in attacks

CISA ordered federal agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager ...
Bleeping Computer

CISA urges software devs to weed out SQL injection vulnerabilities

CISA and the FBI urged executives of technology manufacturing companies to prompt formal reviews of their organizations' software and implement mitigations to eliminate SQL injection (SQLi) security ...
Dark Reading

Cacti Monitoring Tool Spiked by Critical SQL Injection Vulnerability

A critical vulnerability in the Cacti Web-based open source framework for monitoring network performance gives attackers a way to disclose Cacti's entire database contents — presenting a prickly risk ...
CSOonline

SQL injection, XSS vulnerabilities continue to plague organizations

Errors that allow SQL injection and cross-site scripting attacks are still the top vulnerabilities that pen-testers find, especially at smaller companies. Despite years topping vulnerability lists, ...
The Hacker News

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively exploited.
SDxCentral

CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate SQL ...

Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating SQL Injection Vulnerabilities in Software. This Alert was crafted in response to a recent ...
Searchenginejournal.com

Vulnerabilities Discovered in Five WooCommerce WordPress Plugins

The U.S government National Vulnerability Database (NVD) published warnings of vulnerabilities in five WooCommerce WordPress plugins affecting over 135,000 installations. Many of the vulnerabilities ...
Dark Reading

Vulnerabilities Surge, But Messy Reporting Blurs Picture

Another year, another record for vulnerability reports. For the ninth year in a row, the number of reported vulnerabilities set a new record, with 48,177 issues assigned a 2025 Common Vulnerabilities ...