CVE-2026-61461: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in langgenius dify
Dify before version 1.16.0-rc1 contains a SQL injection vulnerability in its MyScale vector store backend. This flaw allows attackers to execute arbitrary SQL commands by supplying unsanitized search…
Read the full articleYou might also wanna read

WAF - WAF Release - 2026-06-15
This week's release introduces new managed protection to address a critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980) and a

WAF - WAF Release - 2026-06-09
This release introduces new detections for a critical SQL injection vulnerability in Drupal installations utilizing PostgreSQL (CVE-2026-908

WAF - WAF Release - 2025-10-06
This week’s highlights prioritise an emergency Oracle E-Business Suite RCE rule deployed to block active, high-impact exploitation. Also add
Check Point Researchers Chain SQL Injection in LangGraph AI Agent Memory to Achieve Remote Code Execution
CheckPoint-LangGraph RCE Chain: How a SQL Injection in AI Agent Memory Opens the Door to Full Server Takeover + Video - "Undercode Testing":
undercodetesting.com·18d ago
WAF - WAF Release - 2026-04-21
This week's release introduces a new detection for a Remote Code Execution (RCE) vulnerability in Apache ActiveMQ (CVE-2026-34197) and an up

Comments
Sign in to join the conversation.
No comments yet. Be the first.