KB5077466 - Description of the security update for SQL Server 2025 CU2: March 10, 2026

KB5077466 - Description of the security update for SQL Server 2025 CU2: March 10, 2026 Applies To SQL Server 2025 on Windows all editions, SQL Server 2025 on Linux all editions Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download th...

KB5077471 - Description of the security update for SQL Server 2017 CU31: March 10, 2026

KB5077471 - Description of the security update for SQL Server 2017 CU31: March 10, 2026 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains fix...

KLA90922 PE vulnerabilities in Microsoft SQL Server

An elevation of privilege vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to gain privileges. Original advisories CVE-2026-21262 CVE-2026-26115 CVE-2026-26116 Exploitation Related products Microsoft-SQL-Server Microsoft-Azure CVE list...

PT-2026-24325

Name of the Vulnerable Software and Affected Versions SQL Server affected versions not specified Description Improper validation of a specified type of input in SQL Server can allow an authorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information...

Microsoft SQL Server 访问控制错误漏洞

Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. There is an access control vulnerability in Microsoft SQL Server. Attackers can exploit this vulnerability to gain higher privileges. The followi...

PT-2026-24260

Name of the Vulnerable Software and Affected Versions SQL Server versions 2016 SP3 through 2025 Description An improper access control issue in SQL Server allows an authorized attacker to elevate privileges over a network. An attacker can gain sysadmin privileges remotely on affected SQL Server...

CVE-2025-15560

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...

CVE-2025-15560

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...

CVE-2025-15560

CVE-2025-15560 describes an authenticated SQL injection in the NesterSoft WorkTime server widget API endpoint. The vulnerability allows an attacker with minimal permissions to inject SQL queries. With a Firebird backend, the attacker can retrieve all data from the database. With an MSSQL backend,...

CVE-2025-15560

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...

PT-2026-20799

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in SQL Server Power BI. A malicious party could exploit the vulnerability to execute arbitrary code on the vulnerable SQL Server. Microsoft has made updates available that fix the described vulnerability. We recommend that you install these updates. More...

KLA90873 ACE vulnerability in Microsoft SQL Server

A remote code execution vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2026-21229 Exploitation Related products Microsoft-Power-BI CVE list CVE-2026-21229 critical Solution Install necessary update...

PT-2026-5389

Name of the Vulnerable Software and Affected Versions Johnson Controls Metasys versions 12.0 through 14.1 Johnson Controls Metasys Application and Data Server ADS versions 14.1 and prior Johnson Controls Metasys Extended Application and Data Server ADX version 14.1 Johnson Controls Metasys System...

CVE-2025-59095

The program libraries DLL and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined with a cryptographic key cryptoKey to transform...

CVE-2025-59095

The program libraries DLL and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined with a cryptographic key cryptoKey to transform...

CVE-2025-59095

CVE-2025-59095 affects dormakaba Kaba exos 9300 software. Public descriptions in multiple sources indicate that DLLs/binaries (notably Kaba.EXOS.common.dll) use a hard-coded, static cryptoKey with a simple XOR-based encrypt/decrypt routine to process user PINs before storing them in MSSQL. The ro...

PT-2026-4745

The program libraries DLL and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined with a cryptographic key cryptoKey to transform...

Oracle GoldenGate for Big Data Multiple Vulnerabilities 21.x < 21.21.0.0.0 (January 2026 CPU)

According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is affected by multiple vulnerabilities: - Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network...

CVE-2025-61943

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Standard User to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server...