Application security news, updated daily (if there is any news to share).
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.
Newly published CVE-2019-25675 details union-based SQL injection in `eDirectory` login that can authenticate as admin and read arbitrary PHP files via `language_file.php`.
CVE-2024-58341 discloses a High-severity unauthenticated SQL injection in OpenCart Core’s product search endpoint, enabling database data extraction via blind techniques in affected deployments.
Wordfence published a High-severity unauthenticated time-based SQL injection in the WordPress `WP Maps` plugin (`wp-google-map-plugin`) affecting versions up to 4.9.1, enabling remote database data extraction.
Zammad published advisory ZAA-2026-06 for a critical SQL injection in Zammad 6.5.x.