109 matches found
CVE-2026-20803
CVE-2026-20803 is a Microsoft SQL Server elevation of privilege vulnerability. The issue allows an authenticated attacker to gain elevated privileges on the SQL Server instance over a network, due to missing authentication for a critical function. Connected advisories confirm exploitation risk an...
CVE-2026-21262
CVE-2026-21262 affects Microsoft SQL Server and is a privilege-escalation vulnerability caused by improper access control. An authorized, network-present attacker with low privileges can elevate to sysadmin, potentially reading/changing data, creating accounts, or altering configurations, as desc...
CVE-2025-59499
CVE-2025-59499 is a Microsoft SQL Server Elevation of Privilege vulnerability caused by improper neutralization of special elements in SQL commands (SQL injection). Exploitation could allow an authenticated attacker to elevate privileges over the network without user interaction. The CVE is addre...
CVE-2026-26116
CVE-2026-26116 is a SQL Server Elevation of Privilege vulnerability due to improper neutralization of special elements in SQL commands. Affected product: Microsoft SQL Server (SQL Server 2025 GDR) with potential network‑based exploitation and high impact (CVE-2026-26116). The issue is mitigated b...
CVE-2025-49718
CVE-2025-49718 is a Microsoft SQL Server information-disclosure vulnerability described as “Use of uninitialized resource in SQL Server” that could allow an attacker to disclose information over the network. Connected sources confirm this CVE is addressed by Microsoft security updates and fixes i...
CVE-2025-53727
CVE-2025-53727 is an Elevation of Privilege vulnerability in Microsoft SQL Server tied to improper neutralization of SQL elements (SQL injection). Publicly referenced fixes are included in SQL Server 2017 CU31 (build 14.0.3500.1) per KB5063759 and related security updates, and in SQL Server 2017 ...
CVE-2025-55227
CVE-2025-55227 is an Elevation of Privilege vulnerability in Microsoft SQL Server caused by improper neutralization of special elements in a command (command injection). The CVE entry notes that an authenticated, network-connected attacker can leverage this to elevate privileges. Microsoft adviso...
CVE-2025-49759
CVE-2025-49759 is a Microsoft SQL Server Elevation of Privilege vulnerability arising from improper neutralization of input used in SQL commands (SQL injection) in system procedures. An authenticated attacker could exploit this over a network to elevate privileges within the affected SQL Server d...
CVE-2025-47954
CVE-2025-47954 is a Microsoft SQL Server elevation-of-privilege vulnerability arising from improper neutralization of special elements in SQL commands (SQL injection). It affects SQL Server components where an attacker, leveraging network access and with low privileges, can achieve total privileg...