1254 matches found
EUVD-2019-19938
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to...
CVE-2019-25598
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to...
PT-2026-26986
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to...
CVE-2026-32628
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...
Security Updates for Microsoft SQL Server (March 2026)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: - A privilege escalation vulnerability CVE-2026-21262, CVE-2026-26115, CVE-2026-26116 Note that Nessus has not tested for these issues but has instea...
KLA90939 OSI vulnerability in Microsoft SQL Server
An information disclosure vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2026-26133 Exploitation Related products Microsoft-Power-BI CVE list CVE-2026-26133 high Solution Install necessary...
CVE-2026-26116 SQL Server Elevation of Privilege Vulnerability
...
KB5077471 - Description of the security update for SQL Server 2017 CU31: March 10, 2026
KB5077471 - Description of the security update for SQL Server 2017 CU31: March 10, 2026 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains fix...
KLA90922 PE vulnerabilities in Microsoft SQL Server
An elevation of privilege vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to gain privileges. Original advisories CVE-2026-21262 CVE-2026-26115 CVE-2026-26116 Exploitation Related products Microsoft-SQL-Server Microsoft-Azure CVE list...
Microsoft SQL Server 访问控制错误漏洞
Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. There is an access control vulnerability in Microsoft SQL Server. Attackers can exploit this vulnerability to gain higher privileges. The followi...
CVE-2025-15560
An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...
CVE-2025-15560
An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...
CVE-2025-15560
CVE-2025-15560 describes an authenticated SQL injection in the NesterSoft WorkTime server widget API endpoint. The vulnerability allows an attacker with minimal permissions to inject SQL queries. With a Firebird backend, the attacker can retrieve all data from the database. With an MSSQL backend,...
CVE-2025-15560
An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...
PT-2026-20799
An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed a vulnerability in SQL Server Power BI. A malicious party could exploit the vulnerability to execute arbitrary code on the vulnerable SQL Server. Microsoft has made updates available that fix the described vulnerability. We recommend that you install these updates. More...
KLA90873 ACE vulnerability in Microsoft SQL Server
A remote code execution vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2026-21229 Exploitation Related products Microsoft-Power-BI CVE list CVE-2026-21229 critical Solution Install necessary update...
CVE-2025-59095
The program libraries DLL and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined with a cryptographic key cryptoKey to transform...
PT-2026-4745
The program libraries DLL and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined with a cryptographic key cryptoKey to transform...
Security Updates for Microsoft SQL Server (January 2026)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability CVE-2026-20803. An authenticated attacker who successfully exploited this vulnerability could gain elevated privileges on the SQL Server...