CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4416 matches found

Tenable Nessus•added 2026/04/27 12:0 a.m.•4 views

Tenable Identity Exposure < 3.77.17 Multiple Vulnerabilities (TNS-2026-11)

The version of the Tenable Identity Exposure running on the remote host is prior to 3.77.17. It is, therefore, affected by multiple vulnerabilities according to advisory TNS-2026-11: - A flaw in Node.js's Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictio...

9.4CVSS7.4AI score0.03634EPSS

Exploits2References20

Packet Storm•added 2026/04/24 12:0 a.m.•73 views

📄 Microsoft SQL Server 2022/2025 Privilege Escalation

This Python script demonstrates a privilege escalation technique targeting Microsoft SQL Server, associated with CVE-2025-24999. The exploit abuses improper permission controls on system stored procedures in the msdb database to elevate a low-privileged account to SYSADMIN...

8.8CVSS5.6AI score0.00758EPSS

Exploits2

ATTACKERKB•added 2026/04/21 8:35 p.m.•8 views

CVE-2026-34303

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...

6.5CVSS5.7AI score0.00046EPSS

Exploits0References2Affected Software1

Debian CVE•added 2026/04/21 8:35 p.m.•2 views

CVE-2026-22015

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

4.3CVSS7.1AI score0.00032EPSS

Exploits0

Tenable Nessus•added 2026/04/18 12:0 a.m.•4 views

Tenable Identity Exposure < 3.77.17 Multiple Vulnerabilities (TNS-2026-11)

9.4CVSS7.1AI score0.03634EPSS

Exploits6References24

Tenable Nessus•added 2026/04/17 12:0 a.m.•2 views

Security Updates for Microsoft SQL Server (April 2026)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: - A privilege escalation vulnerability CVE-2026-32167, CVE-2026-32176 - A remote code execution vulnerability CVE-2026-33120 Note that Nessus has not...

8.8CVSS6.5AI score0.00089EPSS

Exploits0References6

Tenable Nessus•added 2026/04/17 12:0 a.m.•2 views

Security Updates for Microsoft SQL Server (April 2026)

8.8CVSS6.5AI score0.00089EPSS

Exploits0References6

RedhatCVE•added 2026/04/15 7:24 p.m.•3 views

CVE-2026-32176

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges locally...

7.8CVSS5.9AI score0.00068EPSS

Exploits0References1

RedhatCVE•added 2026/04/15 7:24 p.m.•0 views

CVE-2026-33120

Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network...

8.8CVSS6.5AI score0.00089EPSS

Exploits0References1

NCSC•added 2026/04/14 7:24 p.m.•1 views

Vulnerabilities in Microsoft SQL Server

Microsoft has addressed vulnerabilities in SQL Server. A malicious individual could exploit these vulnerabilities by having SQL Server improperly neutralize inputs and dereference untrusted pointers. This could allow an authorized attacker to gain elevated privileges locally or execute code...

8.8CVSS6AI score0.00089EPSS

Exploits0

EUVD•added 2026/04/14 6:30 p.m.•1 views

EUVD-2026-22637

Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network...

8.8CVSS6AI score0.00089EPSS

Exploits0References2

EUVD•added 2026/04/14 6:30 p.m.•1 views

EUVD-2026-22561

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges locally...

6.7CVSS5.8AI score0.00068EPSS

Exploits0References2

NVD•added 2026/04/14 6:17 p.m.•3 views

CVE-2026-32167

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00068EPSS

Exploits0References1

CVE•added 2026/04/14 4:58 p.m.•16 views

CVE-2026-32176

CVE-2026-32176 arises from improper neutralization of input in SQL Server, enabling an authorized local user to elevate privileges. Connected sources confirm this is one of multiple SQL Server elevation-of-privilege issues addressed in the Microsoft April 2026 security updates (e.g., KB5084815 fo...

7.8CVSS5.8AI score0.00068EPSS

Exploits0References1Affected Software5

Cvelist•added 2026/04/14 4:58 p.m.•24 views

CVE-2026-32176 SQL Server Elevation of Privilege Vulnerability

...

6.7CVSS0.00068EPSS

Exploits0References1

ATTACKERKB•added 2026/04/14 4:57 p.m.•2 views

CVE-2026-33120

Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network...

8.8CVSS6AI score0.00089EPSS

Exploits0References2Affected Software1

CVE•added 2026/04/14 4:57 p.m.•35 views

CVE-2026-33120

CVE-2026-33120 affects Microsoft SQL Server and is a remote code execution vulnerability. The entry documents a network-based exploit with low attack complexity and low privileges required, resulting in high impact to confidentiality, integrity, and availability. The CVSS v3.1 base score is 8.8 (...

8.8CVSS6AI score0.00089EPSS

Exploits0References1Affected Software5