CVE-2025-61943 AVEVA Process Optimization SQL Injection

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Standard User to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server...

Security Updates for Microsoft SQL Server (January 2026) (Remote)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability CVE-2026-20803. An authenticated attacker who successfully exploited this vulnerability could gain elevated privileges on the SQL Server...

Security Updates for Microsoft SQL Server (January 2026)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability CVE-2026-20803. An authenticated attacker who successfully exploited this vulnerability could gain elevated privileges on the SQL Server...

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in SQL Server A malicious party can exploit the vulnerability to gain unauthorized access to DEBUG functionality and thereby generate, among other things, memory dumps. These dumps can also involve memory outside the scope of SQL Server, allowing the malicious...

CVE-2026-20803

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network...

CVE-2026-20803 Microsoft SQL Server Elevation of Privilege Vulnerability

...

CVE-2026-20803

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network...

CVE-2026-20803 Microsoft SQL Server Elevation of Privilege Vulnerability

...

CVE-2026-20803

CVE-2026-20803 is a Microsoft SQL Server elevation of privilege vulnerability. The issue allows an authenticated attacker to gain elevated privileges on the SQL Server instance over a network, due to missing authentication for a critical function. Connected advisories confirm exploitation risk an...

Microsoft SQL Server Elevation of Privilege Vulnerability

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network...

Microsoft SQL Server 访问控制错误漏洞

Microsoft SQL Server is a large commercial database system from Microsoft Corporation that is used on Microsoft Windows systems. An access control error vulnerability exists in Microsoft SQL Server. An attacker could exploit the vulnerability to elevate privileges. The following products and...

PT-2026-2656

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server affected versions not specified Description A missing authentication check for a critical function in Microsoft SQL Server can allow an authorized attacker to elevate privileges over a network. The issue, caused by missing...

CVE-2009-4182

Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a remote SQL server is used, allow remote attackers to obtain access to data or cause a denial of service, possibly by leveraging authentication and encryption weaknesses on the SQL server...

CVE-2021-33583

REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file...

CVE-2020-10875

Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp...

CVE-2022-0859

McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server restricted to...

Metasploit Wrap-Up 12/12/2025

React2shell Module As you may have heard, on December 3, 2025, the React team announced a critical Remote Code Execution RCE vulnerability in servers using the React Server Components RSC Flight protocol. The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0 and is informally...

EUVD-2025-200320

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures...

CVE-2025-64298

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...

CVE-2025-62575

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures...