A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the ‘promo_send’ parameter in the ‘/assets/php/calculate_discount.php‘ CVE CVE-2025-40639 CVSSv3 9.8 Published Date 9 March 2026 Exploitation None Impact Not applicable Solution: Eventbot team has been fix this vulnerability.

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04 CVE CVE-2025-15029 CVSSv3 9.8 Critical Published Date 5 Jan 2026 Impact device…