CVE-2026-58493: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in getgrav grav
grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::__call builds PDO DSN strings by directly concatenating user-configurable YAML values from fields such as host…
Read the full articleYou might also wanna read

WAF - WAF Release - 2026-06-09
This release introduces new detections for a critical SQL injection vulnerability in Drupal installations utilizing PostgreSQL (CVE-2026-908

WAF - WAF Release - 2026-06-15
This week's release introduces new managed protection to address a critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980) and a
Supply Chain Attack Compromises Official GravityForms Plugin Repository
Update 7-12-2025 06:00 UTC: We have observed some activity in regard to one of the backdoors that involves a gf_api_token parameter. The IP

WAF - WAF Release - 2026-05-04
This week's release focuses on new detections to expand coverage across command injection, SQL injection, PHP object injection, remote code

WAF - WAF Release - 2025-10-06
This week’s highlights prioritise an emergency Oracle E-Business Suite RCE rule deployed to block active, high-impact exploitation. Also add

Comments
Sign in to join the conversation.
No comments yet. Be the first.