#SQL Injection
Drupal PostgreSQL SQLi shows how SELECT-only injection becomes RCE
Drupal PostgreSQL SQLi shows how SELECT-only injection becomes RCE Lexfo's May 26, 2026 write-up on CVE-2026-9082 matters because it breaks a common defensive a...
Lucas Oliveira
Research
CVE-2026-9082 makes Drupal on PostgreSQL an urgent KEV patch priority
CVE-2026-9082 makes Drupal on PostgreSQL an urgent KEV patch priority CVE-2026-9082 is no longer just a critical Drupal patch note. It is now an actively target...
Lucas Oliveira
Research
LiteLLM SQL injection flaw puts AI gateways on the front line
LiteLLM SQL injection flaw puts AI gateways on the front line CVE-2026-42208 matters because it turns an AI gateway into a high-value choke point for attackers....
Lucas Oliveira
Research
CVE-2026-42208 turns exposed LiteLLM gateways into a secrets exposure risk
CVE-2026-42208 turns exposed LiteLLM gateways into a secrets exposure risk CVE-2026-42208 is a critical SQL injection flaw in LiteLLM's proxy API key verificati...
Lucas Oliveira
Research
CVE-2026-21643: FortiClient EMS exploitation puts exposed endpoint managers at immediate risk
CVE-2026-21643: FortiClient EMS exploitation puts exposed endpoint managers at immediate risk CVE-2026-21643 is the kind of flaw defenders should treat as an im...
Lucas Oliveira
Research
LeakyLooker: 9 Google Looker Studio Flaws Enabled Cross-Tenant SQL and Data Theft
LeakyLooker: 9 Google Looker Studio Flaws Enabled Cross-Tenant SQL and Data Theft | 2026 Executive Summary LeakyLooker is the name Tenable gave to a set of nine...
Lucas Oliveira
Research