Security Updates for Microsoft SQL Server (August 2025)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - An elevation of privilege vulnerability. CVE-2025-53727 Note that Nessus has not tested for this issue but has instead relied only on the application...

Microsoft SQL Server 安全漏洞

Microsoft SQL Server is a large commercial database system from Microsoft Corporation USA that is used under Microsoft Windows. A security vulnerability exists in Microsoft SQL Server. An attacker can exploit the vulnerability to elevate privileges. The following products and versions are...

Microsoft SQL Server SQL注入漏洞

Microsoft SQL Server is a large commercial database system from Microsoft Corporation USA that is applied under the Microsoft Windows system. A SQL injection vulnerability exists in Microsoft SQL Server. An attacker can exploit the vulnerability to elevate privileges. The following products and...

Security Updates for Microsoft SQL Server (July 2025) (Remote)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. A malicious party could exploit the vulnerabilities to execute arbitrary code or gain access to sensitive data. Of the vulnerability with reference CVE-2025-49719, Microsoft says it has information that it has the attention of researchers on clos...

CVE-2025-49718 Microsoft SQL Server Information Disclosure Vulnerability

...

CVE-2025-49718 Microsoft SQL Server Information Disclosure Vulnerability

...

CVE-2025-49719 Microsoft SQL Server Information Disclosure Vulnerability

...

CVE-2025-49719 Microsoft SQL Server Information Disclosure Vulnerability

...

CVE-2025-49717 Microsoft SQL Server Remote Code Execution Vulnerability

...

CVE-2025-49717 Microsoft SQL Server Remote Code Execution Vulnerability

...

Microsoft SQL Server Information Disclosure Vulnerability

Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network...

Microsoft SQL Server Remote Code Execution Vulnerability

Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network...

Microsoft SQL Server Information Disclosure Vulnerability

Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network...

PT-2025-28609

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server affected versions not specified Description A vulnerability exists in Microsoft SQL Server due to improper input validation. This allows an unauthorized attacker to disclose sensitive information over a network. The...

Security Updates for Microsoft SQL Server (July 2025)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

Microsoft SQL Server 安全漏洞

Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A security vulnerability exists in Microsoft SQL Server. An attacker can exploit the vulnerability to gain access to sensitive...

KLA85523 Multiple vulnerabilities in Microsoft SQL Server

Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Microsoft SQL Server can be exploited...

CVE-2023-30558

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the dbname in the sql/datadictionary.py tablelist endpoint is passed to the methods that follow in...

CVE-2023-47800

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL...