Palo Alto VPN Flaw Exploited, SQL Injection Wave Hits Business Software
Palo Alto Networks VPN flaw added to KEV as attackers exploit critical SQL injection bugs across business software.

A critical authentication bypass vulnerability in Palo Alto Networks PAN-OS software, CVE-2026-0257, has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog. This flaw allows unauthenticated attackers to bypass security restrictions and establish unauthorized VPN connections through the GlobalProtect portal and gateway. Multiple security outlets, including CyberScoop and Dark Reading, have reported on the active exploitation of this bug, highlighting its significant risk to organizations using affected Palo Alto Networks devices. The vulnerability affects Panorama and Cloud NGFW as well, underscoring the broad impact. Organizations are urged to patch immediately to mitigate the risk of compromise.
A wave of critical SQL injection vulnerabilities has been disclosed across various software products, with many affecting business management and monitoring systems. CVE-2024-13152 in BSS Software's Mobuy Online Machinery Monitoring Panel, CVE-2024-13150 in Fayton Software's fayton.Pro ERP, and CVE-2024-13151 in Auto Service Software's Auto Service Software are among those allowing attackers to manipulate database queries. Other affected products include Delta SQL (CVE-2018-25412), Arma Store (CVE-2024-13149), and Finder ERP/CRM (CVE-2024-12144), among others. The widespread nature of these SQL injection flaws across diverse business applications poses a significant risk, potentially leading to data breaches and unauthorized access.
Several WordPress plugins and AI tools are also facing critical vulnerabilities, including privilege escalation flaws. CVE-2026-48879 in the WordPress AI Copilot Content Generator and CVE-2026-42680 in the Contest Gallery Pro plugin allow attackers to escalate their privileges within the WordPress environment. Additionally, a critical vulnerability in Totolink's N300RH router, CVE-2026-10187, affects its Web Management Interface, potentially allowing manipulation of Wi-Fi basic configurations. The Postiz AI social media scheduling tool is also affected by a critical vulnerability, CVE-2026-42298, in its Docker image build workflow, enabling unauthenticated remote code execution.