1300 matches found
CVE-2026-50468
CVE-2026-50468 affects Microsoft SQL Server. It is a buffer over-read that allows an authorized attacker to disclose information over the network. The published advisories indicate an impact of accessing sensitive data with a network attack vector and low privileges required; CVSS 3.1 base score ...
CVE-2026-54116
CVE-2026-54116 impacts Microsoft SQL Server components via a type-confusion flaw that could allow an authenticated, low-privilege attacker to disclose information over the network. The CVSSv3.1 base score is 6.5 (Medium); impact is confined to confidentiality. Affected products are SQL Server (pe...
CVE-2026-47295
CVE-2026-47295 describes an elevation-of-privilege vulnerability in Microsoft SQL Server caused by improper neutralization of special elements used in SQL commands (SQL injection). The issue can be exploited by an authenticated attacker over a network to gain elevated privileges, with impact on c...
CVE-2026-55002 Microsoft SQL Server Elevation of Privilege Vulnerability
...
CVE-2026-54117 Microsoft SQL Server Remote Code Execution Vulnerability
...
CVE-2026-6093
Corteza contains a SQL injection vulnerability in its Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8...
Security Updates for Microsoft SQL Server (May 2026)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. CVE-2026-40370 Note that Nessus has...
Security Updates for Microsoft SQL Server (May 2026) (Remote)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. CVE-2026-40370 Note that Nessus has...
The vulnerability was exploited in Microsoft SQL Server
Microsoft has identified a vulnerability in SQL Server. A malicious individual with authorized access can exploit this vulnerability to execute arbitrary code under the control of the SQL Server. Microsoft has provided updates that address the described vulnerabilities. We recommend that you...
KLA91039 ACE vulnerability in Microsoft SQL Server
A remote code execution vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2026-40370 Exploitation Related products Microsoft-SQL-Server Microsoft-Azure CVE list CVE-2026-40370 critical KB list 5090354...
CVE-2026-6093 Corteza 2024.9.8 - SQL Injection in MSSQL JSON-path meta filter via incorrect T-SQL string escaping
Corteza contains a SQL injection vulnerability in its Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8...
CVE-2026-6093 Corteza 2024.9.8 - SQL Injection in MSSQL JSON-path meta filter via incorrect T-SQL string escaping
Corteza contains a SQL injection vulnerability in its Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8...
mssql_timebased_SQLI
No d...
📄 Microsoft SQL Server 2022/2025 Privilege Escalation
This Python script demonstrates a privilege escalation technique targeting Microsoft SQL Server, associated with CVE-2025-24999. The exploit abuses improper permission controls on system stored procedures in the msdb database to elevate a low-privileged account to SYSADMIN...
Security Updates for Microsoft SQL Server (April 2026)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: - A privilege escalation vulnerability CVE-2026-32167, CVE-2026-32176 - A remote code execution vulnerability CVE-2026-33120 Note that Nessus has not...
Vulnerabilities in Microsoft SQL Server
Microsoft has addressed vulnerabilities in SQL Server. A malicious individual could exploit these vulnerabilities by having SQL Server improperly neutralize inputs and dereference untrusted pointers. This could allow an authorized attacker to gain elevated privileges locally or execute code...
CVE-2026-32176 SQL Server Elevation of Privilege Vulnerability
...
CVE-2026-33120 Microsoft SQL Server Remote Code Execution Vulnerability
...
CVE-2026-33120
CVE-2026-33120 affects Microsoft SQL Server and is a remote code execution vulnerability. The entry documents a network-based exploit with low attack complexity and low privileges required, resulting in high impact to confidentiality, integrity, and availability. The CVSS v3.1 base score is 8.8 (...
Microsoft SQL Server Remote Code Execution Vulnerability
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network...