1253 matches found
Security Updates for Microsoft SQL Server (May 2026) (Remote)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. CVE-2026-40370 Note that Nessus has...
Security Updates for Microsoft SQL Server (May 2026)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. CVE-2026-40370 Note that Nessus has...
The vulnerability was exploited in Microsoft SQL Server
Microsoft has identified a vulnerability in SQL Server. A malicious individual with authorized access can exploit this vulnerability to execute arbitrary code under the control of the SQL Server. Microsoft has provided updates that address the described vulnerabilities. We recommend that you...
KLA91039 ACE vulnerability in Microsoft SQL Server
A remote code execution vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2026-40370 Exploitation Related products Microsoft-SQL-Server Microsoft-Azure CVE list CVE-2026-40370 critical KB list 5090354...
CVE-2026-6093 Corteza 2024.9.8 - SQL Injection in MSSQL JSON-path meta filter via incorrect T-SQL string escaping
Corteza contains a SQL injection vulnerability in its Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8...
mssql_timebased_SQLI
No d...
📄 Microsoft SQL Server 2022/2025 Privilege Escalation
This Python script demonstrates a privilege escalation technique targeting Microsoft SQL Server, associated with CVE-2025-24999. The exploit abuses improper permission controls on system stored procedures in the msdb database to elevate a low-privileged account to SYSADMIN...
Security Updates for Microsoft SQL Server (April 2026)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: - A privilege escalation vulnerability CVE-2026-32167, CVE-2026-32176 - A remote code execution vulnerability CVE-2026-33120 Note that Nessus has not...
Vulnerabilities in Microsoft SQL Server
Microsoft has addressed vulnerabilities in SQL Server. A malicious individual could exploit these vulnerabilities by having SQL Server improperly neutralize inputs and dereference untrusted pointers. This could allow an authorized attacker to gain elevated privileges locally or execute code...
CVE-2026-32176 SQL Server Elevation of Privilege Vulnerability
...
CVE-2026-33120
CVE-2026-33120 affects Microsoft SQL Server and is a remote code execution vulnerability. The entry documents a network-based exploit with low attack complexity and low privileges required, resulting in high impact to confidentiality, integrity, and availability. The CVSS v3.1 base score is 8.8 (...
CVE-2026-33120 Microsoft SQL Server Remote Code Execution Vulnerability
...
Microsoft SQL Server Remote Code Execution Vulnerability
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. There are security vulnerabilities in Microsoft SQL Server. Attackers can exploit these vulnerabilities to execute code...
Microsoft SQL Server SQL注入漏洞
Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. Microsoft SQL Server has a SQL injection vulnerability. Attackers can exploit this vulnerability to gain higher privileges. The following product...
Microsoft SQL Server SQL注入漏洞
Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. Microsoft SQL Server has a SQL injection vulnerability. Attackers can exploit this vulnerability to gain higher privileges. The following product...
KLA90987 Multiple vulnerabilities in Microsoft SQL Server
Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft SQL Server can be exploited remotely to...
CVE-2026-32628
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...
Grafana MSSQL Data Source Plugin 安全漏洞
The Grafana MSSQL Data Source Plugin is an open-source plugin from Grafana that allows for connecting to Microsoft SQL Server. There is a security vulnerability in the Grafana MSSQL data source plugin. This vulnerability stems from a logical flaw that allows low-privilege users to bypass API...
EUVD-2019-19938
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to...