Lucene search
K

1300 matches found

CVE
CVE
added yesterday5 views

CVE-2026-50468

CVE-2026-50468 affects Microsoft SQL Server. It is a buffer over-read that allows an authorized attacker to disclose information over the network. The published advisories indicate an impact of accessing sensitive data with a network attack vector and low privileges required; CVSS 3.1 base score ...

6.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-54116

CVE-2026-54116 impacts Microsoft SQL Server components via a type-confusion flaw that could allow an authenticated, low-privilege attacker to disclose information over the network. The CVSSv3.1 base score is 6.5 (Medium); impact is confined to confidentiality. Affected products are SQL Server (pe...

6.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-47295

CVE-2026-47295 describes an elevation-of-privilege vulnerability in Microsoft SQL Server caused by improper neutralization of special elements used in SQL commands (SQL injection). The issue can be exploited by an authenticated attacker over a network to gain elevated privileges, with impact on c...

8.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-55002 Microsoft SQL Server Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-54117 Microsoft SQL Server Remote Code Execution Vulnerability

...

8.8CVSS6.1AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.13 views

CVE-2026-6093

Corteza contains a SQL injection vulnerability in its Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8...

6CVSS5.6AI score0.00211EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.215 views

Security Updates for Microsoft SQL Server (May 2026)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. CVE-2026-40370 Note that Nessus has...

8.8CVSS6.1AI score0.00555EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.126 views

Security Updates for Microsoft SQL Server (May 2026) (Remote)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. CVE-2026-40370 Note that Nessus has...

8.8CVSS6.1AI score0.00555EPSS
Exploits0References11
NCSC
NCSC
added 2026/05/12 5:53 p.m.15 views

The vulnerability was exploited in Microsoft SQL Server

Microsoft has identified a vulnerability in SQL Server. A malicious individual with authorized access can exploit this vulnerability to execute arbitrary code under the control of the SQL Server. Microsoft has provided updates that address the described vulnerabilities. We recommend that you...

8.8CVSS6.2AI score0.00555EPSS
Exploits0
Kaspersky
Kaspersky
added 2026/05/12 12:0 a.m.20 views

KLA91039 ACE vulnerability in Microsoft SQL Server

A remote code execution vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2026-40370 Exploitation Related products Microsoft-SQL-Server Microsoft-Azure CVE list CVE-2026-40370 critical KB list 5090354...

8.8CVSS6.7AI score0.00555EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/05/11 2:3 p.m.46 views

CVE-2026-6093 Corteza 2024.9.8 - SQL Injection in MSSQL JSON-path meta filter via incorrect T-SQL string escaping

Corteza contains a SQL injection vulnerability in its Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8...

6CVSS0.00211EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 2:3 p.m.5 views

CVE-2026-6093 Corteza 2024.9.8 - SQL Injection in MSSQL JSON-path meta filter via incorrect T-SQL string escaping

Corteza contains a SQL injection vulnerability in its Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8...

6CVSS6AI score0.00211EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/06 11:59 a.m.95 views

mssql_timebased_SQLI

No d...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/24 12:0 a.m.127 views

📄 Microsoft SQL Server 2022/2025 Privilege Escalation

This Python script demonstrates a privilege escalation technique targeting Microsoft SQL Server, associated with CVE-2025-24999. The exploit abuses improper permission controls on system stored procedures in the msdb database to elevate a low-privileged account to SYSADMIN...

8.8CVSS5.6AI score0.01625EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.7 views

Security Updates for Microsoft SQL Server (April 2026)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: - A privilege escalation vulnerability CVE-2026-32167, CVE-2026-32176 - A remote code execution vulnerability CVE-2026-33120 Note that Nessus has not...

8.8CVSS6.5AI score0.00706EPSS
Exploits0References6
NCSC
NCSC
added 2026/04/14 7:24 p.m.7 views

Vulnerabilities in Microsoft SQL Server

Microsoft has addressed vulnerabilities in SQL Server. A malicious individual could exploit these vulnerabilities by having SQL Server improperly neutralize inputs and dereference untrusted pointers. This could allow an authorized attacker to gain elevated privileges locally or execute code...

8.8CVSS6AI score0.00706EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/14 4:58 p.m.50 views

CVE-2026-32176 SQL Server Elevation of Privilege Vulnerability

...

6.7CVSS0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 4:57 p.m.39 views

CVE-2026-33120 Microsoft SQL Server Remote Code Execution Vulnerability

...

8.8CVSS0.00706EPSS
Exploits0References1
CVE
CVE
added 2026/04/14 4:57 p.m.112 views

CVE-2026-33120

CVE-2026-33120 affects Microsoft SQL Server and is a remote code execution vulnerability. The entry documents a network-based exploit with low attack complexity and low privileges required, resulting in high impact to confidentiality, integrity, and availability. The CVSS v3.1 base score is 8.8 (...

8.8CVSS6AI score0.00706EPSS
Exploits0References1Affected Software5
Microsoft CVE
Microsoft CVE
added 2026/04/14 2:0 p.m.14 views

Microsoft SQL Server Remote Code Execution Vulnerability

Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network...

8.8CVSS6.5AI score0.00706EPSS
Exploits0
Rows per page
Query Builder