CVE-2025-24999

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network...

CVE-2025-47954 Microsoft SQL Server Elevation of Privilege Vulnerability

...

KB5063814 - Description of the security update for SQL Server 2022 CU20: August 12, 2025

KB5063814 - Description of the security update for SQL Server 2022 CU20: August 12, 2025 Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information Informati...

Microsoft SQL Server 安全漏洞

Microsoft SQL Server is a large commercial database system from Microsoft Corporation USA that is used under Microsoft Windows. A security vulnerability exists in Microsoft SQL Server. An attacker can exploit the vulnerability to elevate privileges. The following products and versions are...

Microsoft SQL Server SQL注入漏洞

Microsoft SQL Server is a large commercial database system from Microsoft Corporation USA that is applied under the Microsoft Windows system. A SQL injection vulnerability exists in Microsoft SQL Server. An attacker can exploit the vulnerability to elevate privileges. The following products and...

Microsoft SQL Server 访问控制错误漏洞

Microsoft SQL Server is a large commercial database system from Microsoft Corporation USA that is used under the Microsoft Windows system. An access control error vulnerability exists in Microsoft SQL Server. An attacker can exploit the vulnerability to elevate privileges. The following products...

Microsoft SQL Server SQL注入漏洞

Microsoft SQL Server is a large commercial database system from Microsoft Corporation USA that is applied under the Microsoft Windows system. A SQL injection vulnerability exists in Microsoft SQL Server. An attacker can exploit the vulnerability to elevate privileges. The following products and...

Microsoft SQL Server SQL注入漏洞

Microsoft SQL Server is a large commercial database system from Microsoft Corporation USA that is applied under the Microsoft Windows system. A SQL injection vulnerability exists in Microsoft SQL Server. An attacker can exploit the vulnerability to elevate privileges. The following products and...

PT-2025-32772

Name of the Vulnerable Software and Affected Versions: SQL Server affected versions not specified Description: The improper neutralization of special elements used in an SQL command 'SQL injection' in SQL Server allows an authorized attacker to elevate privileges over a network. Recommendations: ...

PT-2025-32739 · Microsoft · Sql Server

Name of the Vulnerable Software and Affected Versions: SQL Server affected versions not specified Description: Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. Recommendations: At the moment, there is no information about a newer version th...

Security Updates for Microsoft SQL Server (August 2025)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - An elevation of privilege vulnerability. CVE-2025-53727 Note that Nessus has not tested for this issue but has instead relied only on the application...

Oracle MySQL Server Resource Management Error Vulnerability (CNVD-2025-17182)

Oracle MySQL Server is a relational database from Oracle Corporation. A resource management error vulnerability exists in Oracle MySQL Server that stems from improper access control of the Optimizer component and can be exploited by an attacker to cause a denial of service...

July Microsoft Patch Tuesday

July Microsoft Patch Tuesday. A total of 152 vulnerabilities - twice as many as in June. Of these, 15 vulnerabilities were added between the June and July MSPT. One vulnerability is exploited in the wild: Memory Corruption - Chromium CVE-2025-6554 One vulnerability has an exploit available on...

Patch Tuesday - July 2025

Microsoft is addressing 137 vulnerabilities this July 2025 Patch Tuesday, which is above average. Microsoft is aware of public disclosure for just one of the vulnerabilities published today, and Microsoft isn’t aware of in-the-wild exploitation for any of today’s batch. This is the tenth...

The vulnerability of the Microsoft SQL Server database management system, related to buffer overflows in dynamic memory, allows an attacker to execute arbitrary code.

The vulnerability of the Microsoft SQL Server database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the Microsoft SQL Server relational database management system, related to insufficient validation of input data, allows attackers to disclose sensitive information that should be protected.

The vulnerability of the Microsoft SQL Server relational database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

Security Updates for Microsoft SQL Server (July 2025) (Remote)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

CVE-2025-49719

Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network...

CVE-2025-49717

Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network...

CVE-2025-49718

Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network...