CVE-2026-20803 Microsoft SQL Server Elevation of Privilege Vulnerability

...

CVE-2026-20803 Microsoft SQL Server Elevation of Privilege Vulnerability

...

CVE-2026-20803

CVE-2026-20803 is a Microsoft SQL Server elevation of privilege vulnerability. The issue allows an authenticated attacker to gain elevated privileges on the SQL Server instance over a network, due to missing authentication for a critical function. Connected advisories confirm exploitation risk an...

Microsoft SQL Server Elevation of Privilege Vulnerability

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network...

Microsoft SQL Server 访问控制错误漏洞

Microsoft SQL Server is a large commercial database system from Microsoft Corporation that is used on Microsoft Windows systems. An access control error vulnerability exists in Microsoft SQL Server. An attacker could exploit the vulnerability to elevate privileges. The following products and...

CVE-2021-33583

REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file...

CVE-2025-62575

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures...

CVE-2025-62575

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures...

Microsoft Windows SMB to MSSQL Relay

This module supports running an SMB server which validates credentials, and then attempts to execute a relay attack against an MSSQL server on the configured RHOSTS hosts. If the relay succeeds, an MSSQL session to the target will be created. This can be used by any modules that support MSSQL...

Security Updates for Microsoft SQL Server (November 2025)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected a vulnerability: - Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in SQL Server. An authenticated malicious party can exploit the vulnerability to use specially prepared SQL statements SQL Injection to grant themselves elevated privileges and thus gain access to sensitive information that the malicious party is not initially...

CVE-2025-59499 Microsoft SQL Server Elevation of Privilege Vulnerability

...

CVE-2025-59499 Microsoft SQL Server Elevation of Privilege Vulnerability

...

CVE-2025-59499

CVE-2025-59499 is a Microsoft SQL Server Elevation of Privilege vulnerability caused by improper neutralization of special elements in SQL commands (SQL injection). Exploitation could allow an authenticated attacker to elevate privileges over the network without user interaction. The CVE is addre...

KB5068401 - Description of the security update for SQL Server 2016 SP3 GDR: November 11, 2025

KB5068401 - Description of the security update for SQL Server 2016 SP3 GDR: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contai...

KLA90053 PE vulnerability in Microsoft SQL Server

An elevation of privilege vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-59499 Related products Microsoft-SQL-Server Microsoft-Azure CVE list CVE-2025-59499 critical KB list 5068405 5068403 5068401...

Microsoft SQL Server SQL注入漏洞

Microsoft SQL Server is a large commercial database system from Microsoft Corporation USA that is applied under the Microsoft Windows system. A SQL injection vulnerability exists in Microsoft SQL Server. An attacker can exploit the vulnerability to elevate privileges. The following products and...

CVE-2025-11177

The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

SQL Plugin Job Fails with Error: "Mandatory arguments not set" or "Starting retention policy task"

Challenge After the upgrade or installation of the patch for Veeam Backup & Replication 12.3.2.4165, existing Veeam Plug-In for Microsoft SQL jobs fail with the following error: Failed to backup database. Error: Mandatory arguments not set Session failed: Mandatory arguments not set. Starting...

CVE-2025-11177 External Login <= 1.11.2 - Unauthenticated SQL Injection via log

The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...