KB5077473 - Description of the security update for SQL Server 2016 SP3 Azure Connect Feature Pack: March 10, 2026

KB5077473 - Description of the security update for SQL Server 2016 SP3 Azure Connect Feature Pack: March 10, 2026 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This...

KB5077472 - Description of the security update for SQL Server 2017 GDR: March 10, 2026

KB5077472 - Description of the security update for SQL Server 2017 GDR: March 10, 2026 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains fixe...

KB5077469 - Description of the security update for SQL Server 2019 CU32: March 10, 2026

KB5077469 - Description of the security update for SQL Server 2019 CU32: March 10, 2026 Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information Informatio...

KB5077474 - Description of the security update for SQL Server 2016 SP3 GDR: March 10, 2026

KB5077474 - Description of the security update for SQL Server 2016 SP3 GDR: March 10, 2026 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains...

KB5077470 - Description of the security update for SQL Server 2019 GDR: March 10, 2026

KB5077470 - Description of the security update for SQL Server 2019 GDR: March 10, 2026 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains fixe...

SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

KLA90922 PE vulnerabilities in Microsoft SQL Server

An elevation of privilege vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to gain privileges. Original advisories CVE-2026-21262 CVE-2026-26115 CVE-2026-26116 Exploitation Related products Microsoft-SQL-Server Microsoft-Azure CVE list...

PT-2026-24260

Name of the Vulnerable Software and Affected Versions SQL Server versions 2016 SP3 through 2025 Description An improper access control issue in SQL Server allows an authorized attacker to elevate privileges over a network. An attacker can gain sysadmin privileges remotely on affected SQL Server...

PT-2026-24325

Name of the Vulnerable Software and Affected Versions SQL Server affected versions not specified Description Improper validation of a specified type of input in SQL Server can allow an authorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information...

Microsoft SQL Server 访问控制错误漏洞

Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. There is an access control vulnerability in Microsoft SQL Server. Attackers can exploit this vulnerability to gain higher privileges. The followi...

CVE-2025-15560

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...

CVE-2025-15560

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...

CVE-2025-15560

CVE-2025-15560 : An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server “widget” API endpoint to inject SQL queries. If the backend uses Firebird , the attacker can retrieve all data from the database. If the backend uses MSSQL , the attacker can exe...

CVE-2025-15560

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...

PT-2026-20799

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in SQL Server Power BI. A malicious party could exploit the vulnerability to execute arbitrary code on the vulnerable SQL Server. Microsoft has made updates available that fix the described vulnerability. We recommend that you install these updates. More...

KLA90873 ACE vulnerability in Microsoft SQL Server

A remote code execution vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2026-21229 Exploitation Related products Microsoft-Power-BI CVE list CVE-2026-21229 critical Solution Install necessary update...

PT-2026-5389

Name of the Vulnerable Software and Affected Versions Johnson Controls Metasys versions 12.0 through 14.1 Johnson Controls Metasys Application and Data Server ADS versions 14.1 and prior Johnson Controls Metasys Extended Application and Data Server ADX version 14.1 Johnson Controls Metasys System...

CVE-2025-59095

The program libraries DLL and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined with a cryptographic key cryptoKey to transform...

CVE-2025-59095

CVE-2025-59095 affects dormakaba Kaba exos 9300 software. Public descriptions in multiple sources indicate that DLLs/binaries (notably Kaba.EXOS.common.dll) use a hard-coded, static cryptoKey with a simple XOR-based encrypt/decrypt routine to process user PINs before storing them in MSSQL. The ro...