4559 matches found
CVE-2026-47295
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
CVE-2026-55002
External control of file name or path in SQL Server allows an authorized attacker to elevate privileges locally...
CVE-2026-54117
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network...
CVE-2026-54118
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network...
CVE-2026-54116
CVE-2026-54116 impacts Microsoft SQL Server components via a type-confusion flaw that could allow an authenticated, low-privilege attacker to disclose information over the network. The CVSSv3.1 base score is 6.5 (Medium); impact is confined to confidentiality. Affected products are SQL Server (pe...
CVE-2026-50468
CVE-2026-50468 affects Microsoft SQL Server. It is a buffer over-read that allows an authorized attacker to disclose information over the network. The published advisories indicate an impact of accessing sensitive data with a network attack vector and low privileges required; CVSS 3.1 base score ...
CVE-2026-54116 Microsoft SQL Server Information Disclosure Vulnerability
...
CVE-2026-50468 Microsoft SQL Server Information Disclosure Vulnerability
...
CVE-2026-47295 Microsoft SQL Server Elevation of Privilege Vulnerability
...
CVE-2026-47295
CVE-2026-47295 describes an elevation-of-privilege vulnerability in Microsoft SQL Server caused by improper neutralization of special elements used in SQL commands (SQL injection). The issue can be exploited by an authenticated attacker over a network to gain elevated privileges, with impact on c...
CVE-2026-55002 Microsoft SQL Server Elevation of Privilege Vulnerability
...
CVE-2026-55002
Technical details about CVE-2026-55002 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-54117 Microsoft SQL Server Remote Code Execution Vulnerability
...
CVE-2026-54117
CVE-2026-54117 affects Microsoft SQL Server and is caused by deserialization of untrusted data, enabling an authorized attacker to execute code over a network. The CVSS v3.1 base score is 8.8 (HIGH) with network access, low attack complexity, and privileges required as LOW; impact to confidential...
CVE-2026-42990 SQL Server ODBC driver Elevation of Privilege Vulnerability
...
CVE-2026-42990
CVE-2026-42990 affects the SQL Server ODBC driver, where a heap-based buffer overflow enables code execution over the network. The vulnerability is exploitable remotely (network vector) and is rated high severity (CVSS 3.1: 9.8, CRITICAL) with no privileges required and no user interaction. The a...
CVE-2026-47296 Microsoft SQL Server Elevation of Privilege Vulnerability
...
Microsoft SQL Server Remote Code Execution Vulnerability
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network...
Security Updates for Microsoft SQL Server (July 2026)
The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over...
PYSEC-2026-1684 Remote Code Execution Vulnerability in Microsoft Django Backend for SQL Server
Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability...