Tag: SQL injection

Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Active exploitation of Fortinet SQL injection vulnerability
FeaturedSecurity

Cybersecurity Threat Advisory: Active exploitation of Fortinet SQL injection vulnerability

Fortinet has issued urgent security guidance following the active exploitation of a critical SQL injection vulnerability affecting FortiClient Enterprise Management Server (EMS). The flaw allows unauthenticated attackers to achieve remote code execution through specially crafted HTTP requests sent to the...

/ April 6, 2026
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical FortiClientEMS SQL injection vulnerability
FeaturedSecurity

Cybersecurity Threat Advisory: Critical FortiClientEMS SQL injection vulnerability

An improper neutralization of special elements used in SQL commands in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands through specially crafted HTTP requests. This vulnerability, tracked as CVE‑2026‑21643 with a CVSS score of...

/ February 12, 2026
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: FreePBX critical vulnerabilities
FeaturedSecurity

Cybersecurity Threat Advisory: FreePBX critical vulnerabilities

Several vulnerabilities in the FreePBX platform have been disclosed and patched, including a critical authentication bypass and flaws enabling SQL injection and arbitrary file upload. Read this Cybersecurity Threat Advisory for an analysis, remediation steps, and detection guidance. What is...

/ December 17, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical FreePBX zero-day vulnerability
FeaturedSecurity

Cybersecurity Threat Advisory: Critical FreePBX zero-day vulnerability

Researchers have discovered a zero-day vulnerability in Sangoma FreePBX, identified as CVE-2025-57819. This flaw allows unauthenticated remote attackers to take control of affected PBX systems, potentially resulting in remote code execution (RCE), arbitrary database manipulation, and full system compromise. Review...

/ September 3, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical vulnerability in PostgreSQL
FeaturedSecurity

Cybersecurity Threat Advisory: Critical vulnerability in PostgreSQL

Security experts identified a critical PostgreSQL vulnerability, CVE-2025-1094, with a CVSS of 8.1. The vulnerability poses a significant risk to database integrity in enterprise and production environments. Review this Cybersecurity Threat Advisory to learn how to mitigate your risks. What...

/ February 28, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Active exploitation of VSCode tunnels
FeaturedSecurity

Cybersecurity Threat Advisory: Active exploitation of VSCode tunnels

An advanced persistent threat (APT) group, Stately Taurus, has been exploiting a vulnerability in Visual Studio Code (VSCode) tunnels to maintain persistent remote access in compromised systems. Review the details in this Cybersecurity Threat Advisory to secure your environment. What...

/ December 11, 2024