CVE-2025-10970

CRITICAL WAF: High

CVSS 9.8 Published: 2026-02-20

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection.This issue affects Talentics: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

WAF Coverage Analysis

SQL Injection High WAF Coverage

OWASP: A03:2021 Injection

942xxx - SQL Injection

References

www.usom.gov.tr

Back to CVE Database