1377 matches found
CVE-2026-33375
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...
CVE-2026-33375
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...
CVE-2026-33375
CVE-2026-33375 concerns the Grafana MSSQL Data Source Plugin, where a logic flaw lets a low-privileged user (Viewer) bypass API restrictions and cause an Out-Of-Memory (OOM) DoS, crashing the host container. The connected records confirm the affected component (Grafana MSSQL data source plugin) a...
CVE-2026-32628
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...
Grafana MSSQL Data Source Plugin 安全漏洞
The Grafana MSSQL Data Source Plugin is an open-source plugin from Grafana that allows for connecting to Microsoft SQL Server. There is a security vulnerability in the Grafana MSSQL data source plugin. This vulnerability stems from a logical flaw that allows low-privilege users to bypass API...
EUVD-2019-19938
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to...
CVE-2019-25598
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to...
PT-2026-26986
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to...
CVE-2026-32628
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...
Security Updates for Microsoft SQL Server (March 2026)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: - A privilege escalation vulnerability CVE-2026-21262, CVE-2026-26115, CVE-2026-26116 Note that Nessus has not tested for these issues but has instea...
KLA90939 OSI vulnerability in Microsoft SQL Server
An information disclosure vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2026-26133 Exploitation Related products Microsoft-Power-BI CVE list CVE-2026-26133 high Solution Install necessary...
CVE-2026-26116 SQL Server Elevation of Privilege Vulnerability
...
KB5077471 - Description of the security update for SQL Server 2017 CU31: March 10, 2026
KB5077471 - Description of the security update for SQL Server 2017 CU31: March 10, 2026 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains fix...
KLA90922 PE vulnerabilities in Microsoft SQL Server
An elevation of privilege vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to gain privileges. Original advisories CVE-2026-21262 CVE-2026-26115 CVE-2026-26116 Exploitation Related products Microsoft-SQL-Server Microsoft-Azure CVE list...
Microsoft SQL Server 访问控制错误漏洞
Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. There is an access control vulnerability in Microsoft SQL Server. Attackers can exploit this vulnerability to gain higher privileges. The followi...
SQL Injection
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection via the MySQL, PostgreSQL, and Microsoft SQL nodes due to improper escaping of identifier values. An attacker can execute arbitrary SQL commands by supplying specially crafted table or...
n8n: SQL Injection in MySQL, PostgreSQL, and Microsoft SQL nodes
Impact An authenticated user with permission to create or modify workflows and access to a database credential could unknowingly create a workflow that was vulnerable to SQL injection, even while expecting inputs to be handled safely through escaped parameters. By supplying specially crafted tabl...
CVE-2025-15560
An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...
CVE-2025-15560
An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...
CVE-2025-15560
An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...