https://www.securityweek.com/millions-of-user-records-stolen-from-65-websites-via-sql-injection-attacks/

https://www.darkreading.com/remote-workforce/critical-security-flaw-wordpress-sql-injection

https://www.tenable.com/blog/cve-2023-48788-critical-fortinet-forticlientems-sql-injection-vulnerability

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a

https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cwe_id=CWE-89&isCpeNameSearch=false

You can fiddle with the nvd search settings to find whatever severity score you like, or filter by execution parameters.

https://nvd.nist.gov/vuln/detail/CVE-2024-1597

That one was a treat when I check under critical, since it’s an injection attack that can bypass parameterized query protections for the database driver, which is why “defense in depth” and “always sanitize your fucking inputs” are such key things to remember.

I hope that provided what you’re looking for, and maybe increases your awareness of SQL injection. 😊