104 matches found
EUVD-2026-29079
Corteza contains a SQL injection vulnerability in its Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8...
CVE-2019-25598
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to...
Microsoft SQL Server SQL注入漏洞
Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. Microsoft SQL Server has a SQL injection vulnerability. Attackers can exploit this vulnerability to gain higher privileges. The following product...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. There are security vulnerabilities in Microsoft SQL Server. Attackers can exploit these vulnerabilities to gain higher privileges. The following...
GHSA-F3F2-MCXC-PWJX n8n: SQL Injection in MySQL, PostgreSQL, and Microsoft SQL nodes
Impact An authenticated user with permission to create or modify workflows and access to a database credential could unknowingly create a workflow that was vulnerable to SQL injection, even while expecting inputs to be handled safely through escaped parameters. By supplying specially crafted tabl...
CVE-2025-15560 SQL Injection in NesterSoft WorkTime
An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...
CVE-2025-62575 Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource
NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures...
Microsoft JDBC Driver 输入验证错误漏洞
Microsoft JDBC Driver is a SQL Server database connection driver from Microsoft Corporation USA. An input validation error vulnerability exists in Microsoft JDBC Driver, which can be exploited by an attacker to perform a spoofing attack...
KLA89272 SUI vulnerability in Microsoft SQL Server
A spoofing vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to spoof user interface, bypass security restrictions. Original advisories CVE-2025-59250 Related products Microsoft-SQL-Server CVE list CVE-2025-59250 critical Solution Install necessary...
CVE-2025-55227
CVE-2025-55227 is an Elevation of Privilege vulnerability in Microsoft SQL Server caused by improper neutralization of special elements in a command (command injection). The CVE entry notes that an authenticated, network-connected attacker can leverage this to elevate privileges. Microsoft adviso...
KB5065220 - Description of the security update for SQL Server 2022 CU20: September 9, 2025
KB5065220 - Description of the security update for SQL Server 2022 CU20: September 9, 2025 Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information...
MAL-2025-38653 Malicious code in vscode-mssql (npm)
The package vscode-mssql was found to contain malicious code...
Vulnerabilities fixed in Microsoft SQL Server
Microsoft has fixed vulnerabilities in SQL Server. The vulnerabilities are related to improper access management and SQL injection, which allows authorized attackers to escalate privileges within a network. This can lead to unauthorized access and manipulation of sensitive data. The vulnerabiliti...
CVE-2025-47954 Microsoft SQL Server Elevation of Privilege Vulnerability
...
CVE-2025-49759 Microsoft SQL Server Elevation of Privilege Vulnerability
...
CVE-2025-24999 Microsoft SQL Server Elevation of Privilege Vulnerability
...
CVE-2025-49758 Microsoft SQL Server Elevation of Privilege Vulnerability
...
Microsoft SQL Server Elevation of Privilege Vulnerability
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network...
KB5063757 - Description of the security update for SQL Server 2019 CU32: August 12, 2025
KB5063757 - Description of the security update for SQL Server 2019 CU32: August 12, 2025 Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information Informati...
KB5063762 - Description of the security update for SQL Server 2016 SP3 GDR: August 12, 2025
KB5063762 - Description of the security update for SQL Server 2016 SP3 GDR: August 12, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains...