4529 matches found
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. There are security vulnerabilities in Microsoft SQL Server. Attackers can exploit these vulnerabilities to execute code remotely. The following...
KLA91039 ACE vulnerability in Microsoft SQL Server
A remote code execution vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2026-40370 Exploitation Related products Microsoft-SQL-Server Microsoft-Azure CVE list CVE-2026-40370 critical KB list 5090354...
CVE-2026-6093 Corteza 2024.9.8 - SQL Injection in MSSQL JSON-path meta filter via incorrect T-SQL string escaping
Corteza contains a SQL injection vulnerability in its Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8...
mssql_timebased_SQLI
No d...
Tenable Identity Exposure < 3.77.17 Multiple Vulnerabilities (TNS-2026-11)
The version of the Tenable Identity Exposure running on the remote host is prior to 3.77.17. It is, therefore, affected by multiple vulnerabilities according to advisory TNS-2026-11: - A flaw in Node.js's Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictio...
📄 Microsoft SQL Server 2022/2025 Privilege Escalation
This Python script demonstrates a privilege escalation technique targeting Microsoft SQL Server, associated with CVE-2025-24999. The exploit abuses improper permission controls on system stored procedures in the msdb database to elevate a low-privileged account to SYSADMIN...
CVE-2026-34303
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...
CVE-2026-22015
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...
Tenable Identity Exposure < 3.77.17 Multiple Vulnerabilities (TNS-2026-11)
The version of the Tenable Identity Exposure running on the remote host is prior to 3.77.17. It is, therefore, affected by multiple vulnerabilities according to advisory TNS-2026-11: - A flaw in Node.js's Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictio...
Security Updates for Microsoft SQL Server (April 2026)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: - A privilege escalation vulnerability CVE-2026-32167, CVE-2026-32176 - A remote code execution vulnerability CVE-2026-33120 Note that Nessus has not...
Security Updates for Microsoft SQL Server (April 2026)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: - A privilege escalation vulnerability CVE-2026-32167, CVE-2026-32176 - A remote code execution vulnerability CVE-2026-33120 Note that Nessus has not...
CVE-2026-32176
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges locally...
CVE-2026-33120
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network...
Vulnerabilities in Microsoft SQL Server
Microsoft has addressed vulnerabilities in SQL Server. A malicious individual could exploit these vulnerabilities by having SQL Server improperly neutralize inputs and dereference untrusted pointers. This could allow an authorized attacker to gain elevated privileges locally or execute code...
EUVD-2026-22637
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network...
EUVD-2026-22561
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges locally...
CVE-2026-32167
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges locally...
CVE-2026-32176 SQL Server Elevation of Privilege Vulnerability
...
CVE-2026-32176
CVE-2026-32176 arises from improper neutralization of input in SQL Server, enabling an authorized local user to elevate privileges. Connected sources confirm this is one of multiple SQL Server elevation-of-privilege issues addressed in the Microsoft April 2026 security updates (e.g., KB5084815 fo...
CVE-2026-33120
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network...