CVE-2025-59095

The program libraries DLL and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined with a cryptographic key cryptoKey to transform...

PT-2026-4745

The program libraries DLL and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined with a cryptographic key cryptoKey to transform...

Oracle GoldenGate for Big Data Multiple Vulnerabilities 21.x < 21.21.0.0.0 (January 2026 CPU)

According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is affected by multiple vulnerabilities: - Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network...

CVE-2025-61943

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Standard User to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server...

CVE-2025-61943 AVEVA Process Optimization SQL Injection

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Standard User to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server...

Security Updates for Microsoft SQL Server (January 2026) (Remote)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability CVE-2026-20803. An authenticated attacker who successfully exploited this vulnerability could gain elevated privileges on the SQL Server...

Security Updates for Microsoft SQL Server (January 2026)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability CVE-2026-20803. An authenticated attacker who successfully exploited this vulnerability could gain elevated privileges on the SQL Server...

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in SQL Server A malicious party can exploit the vulnerability to gain unauthorized access to DEBUG functionality and thereby generate, among other things, memory dumps. These dumps can also involve memory outside the scope of SQL Server, allowing the malicious...

CVE-2026-20803

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network...

CVE-2026-20803 Microsoft SQL Server Elevation of Privilege Vulnerability

...

CVE-2026-20803 Microsoft SQL Server Elevation of Privilege Vulnerability

...

CVE-2026-20803

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network...

CVE-2026-20803

CVE-2026-20803 is a Microsoft SQL Server elevation of privilege vulnerability. The issue allows an authenticated attacker to gain elevated privileges on the SQL Server instance over a network, due to missing authentication for a critical function. Connected advisories confirm exploitation risk an...

Microsoft SQL Server Elevation of Privilege Vulnerability

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network...

PT-2026-2656

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server affected versions not specified Description A missing authentication check for a critical function in Microsoft SQL Server can allow an authorized attacker to elevate privileges over a network. The issue, caused by missing...

Microsoft SQL Server 访问控制错误漏洞

Microsoft SQL Server is a large commercial database system from Microsoft Corporation that is used on Microsoft Windows systems. An access control error vulnerability exists in Microsoft SQL Server. An attacker could exploit the vulnerability to elevate privileges. The following products and...

CVE-2009-4182

Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a remote SQL server is used, allow remote attackers to obtain access to data or cause a denial of service, possibly by leveraging authentication and encryption weaknesses on the SQL server...

CVE-2021-33583

REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file...

CVE-2020-10875

Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp...

CVE-2022-0859

McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server restricted to...