KLA82402 PE vulnerability in Microsoft SQL Server

An elevation of privilege vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-29803 Related products Microsoft-SQL-Server Microsoft-SQL-Server-Management-Studio CVE list CVE-2025-29803 high Solution Insta...

PT-2025-15719 · Microsoft · Sql Server Management Studio +1

Name of the Vulnerable Software and Affected Versions: Visual Studio Tools for Applications version 16.0 SQL Server Management Studio affected versions not specified Description: The issue is related to an uncontrolled search path element in Visual Studio Tools for Applications and SQL Server...

Microsoft Visual Studio 代码问题漏洞

Microsoft Visual Studio is a family of development tool suites and a largely complete set of development tools from Microsoft Corporation USA that includes most of the tools needed throughout the software lifecycle. A code issue vulnerability exists in Microsoft Visual Studio. An attacker could...

KLA82405 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in ASP.NET Core and Visual Studi...

📄 Microsoft SQL Server 2022 Missing Log Entry

Microsoft SQL Server 2022 fails to properly log when a security audit is configured for SERVERPERMISSIONCHANGEGROUP. Title: SQL Server 2022 Security Audit Failure Vulnerability Product: Microsoft SQL Server Affected Versions: 2022 RTM-CU18 KB5050771 Tested Versions: 2022 RTM-CU18 KB5050771 Fix:...

CentralSquare eTRAKiT 安全漏洞

CentralSquare eTRAKiT is a public online portal from CentralSquare, Inc. that interacts with internal community development systems. A security vulnerability exists in CentralSquare eTRAKiT version 3.2.1.77, which stems from improper input validation and could allow a remote, unauthenticated...

NocoDB Cross-Site Scripting Vulnerability (CNVD-2025-05387)

NocoDB is an open source Airtable alternative. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb to a smart spreadsheet. A cross-site scripting vulnerability exists in NocoDB versions prior to 0.258.0, which stems from the lack of effective filtering and escaping of user-supplied data...

Linux Distros Unpatched Vulnerability : CVE-2015-8879

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The odbcbindcols function in ext/odbc/phpodbc.c in PHP before 5.6.12 mishandles driver behavior for SQLWVARCHAR columns, which allows remote attackers to cause ...

Linux Distros Unpatched Vulnerability : CVE-2017-11509

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement. CVE-2017-115...

Under The Hoodie: The Pen Test Diaries

Breaking In So You Don’t Have To Each year, Rapid7 penetration testers conduct over 1,000 security assessments, pushing boundaries to expose vulnerabilities before the bad guys do. The mission? Get in, escalate privileges, and own the environment—physically, digitally, or sometimes just by...

Security Updates for Microsoft SQL Server (July 2024)

The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2024-20701,...

Security Updates for Microsoft SQL Server (July 2024)

The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2024-20701,...

Microsoft SQL Server Privilege Escalation

Microsoft SQL Server versions 2016, 2017, 2019, and 2022 suffer from multiple privilege escalation vulnerabilities to the SYSADMIN role. Title: Microsoft SQL Server Privilege Escalation from Control Server To Sysadmin role Product: Microsoft SQL Server Affected Versions: sql server...

CVE-2024-27941

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database...

UBUNTU-CVE-2025-21525

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromi...

cn.tenmg:flink-connector-sqlserver-cdc-log (=1.0.0), com.ascentstream.pulsar:pulsar-io-debezium-mssql (>=2.10.6.9 <=2.10.7.4-SNAPSHOT-35e64fa) +28 more potentially affected by CVE-2023-1419 via io.debezium:debezium-connector-sqlserver (>=0.10.0.Final <=2.2.1.Final)

io.debezium:debezium-connector-sqlserver MAVEN version =0.10.0.Final, =2.10.6.9, =2.2.0, =0.1.0, =0.4.1, =2.9.0-candidate-4, =0.1.0, =1.0.0, =1.0.0, =1.0.0-CR2, =3.0.0, =3.0.0, =3.1.0, =3.6.0-2.2 and more Source cves: CVE-2023-1419...

Microsoft SQL Server Native Client Remote Code Execution Vulnerability (CNVD-2025-02466)

Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists in Microsoft SQL Server Native Client, which can be exploited by an attacker to...

Microsoft SQL Server Native Client Remote Code Execution Vulnerability (CNVD-2025-02468)

Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists in Microsoft SQL Server Native Client, which can be exploited by an attacker to...

Security Updates for Microsoft SQL Server (November 2024)

The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2024-38255,...

Microsoft SQL Server Native Client Remote Code Execution Vulnerability

Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists in Microsoft SQL Server Native Client, which can be exploited by an attacker to...