CVE-2024-37980

Microsoft SQL Server Elevation of Privilege Vulnerability

CVE-2024-21373

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21398

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21415

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21425

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-49043

Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability

CVE-2024-37338

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVE-2024-37337

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

CVE-2024-37965

Microsoft SQL Server Elevation of Privilege Vulnerability

CVE-2024-37339

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVE-2024-37966

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

CVE-2024-37342

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

CVE-2024-26191

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVE-2025-49719

Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.

CVE-2024-37335

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVE-2025-49717

Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.

CVE-2025-49718

Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.

CVE-2025-24999

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-49758

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-49759

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-53727

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-47954

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-47997

Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network.

CVE-2025-55227

Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.