Filtered by vendor Microsoft Subscriptions
Filtered by product Sql Server 2025 Subscriptions
Total 15 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-54116 1 Microsoft 3 Microsoft Sql Server 2025 (cu 2), Microsoft Sql Server 2025 For X64-based Systems (gdr), Sql Server 2025 2026-07-16 6.5 Medium
Access of resource using incompatible type ('type confusion') in SQL Server allows an authorized attacker to disclose information over a network.
CVE-2026-54117 1 Microsoft 3 Microsoft Sql Server 2025 (cu 2), Microsoft Sql Server 2025 For X64-based Systems (gdr), Sql Server 2025 2026-07-15 8.8 High
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-47295 1 Microsoft 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more 2026-07-15 8.8 High
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-54118 1 Microsoft 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more 2026-07-15 8.8 High
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-55002 1 Microsoft 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more 2026-07-15 7.8 High
External control of file name or path in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-50468 1 Microsoft 3 Microsoft Sql Server 2025 (cu 2), Microsoft Sql Server 2025 For X64-based Systems (gdr), Sql Server 2025 2026-07-15 6.5 Medium
Buffer over-read in SQL Server allows an authorized attacker to disclose information over a network.
CVE-2026-47296 1 Microsoft 10 Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (gdr), Microsoft Sql Server 2019 (gdr) and 7 more 2026-07-14 7.8 High
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-40370 1 Microsoft 10 Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (gdr), Microsoft Sql Server 2019 (gdr) and 7 more 2026-05-13 8.8 High
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-32167 1 Microsoft 10 Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (gdr), Microsoft Sql Server 2019 (gdr) and 7 more 2026-05-07 6.7 Medium
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-32176 1 Microsoft 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more 2026-05-07 6.7 Medium
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-33120 1 Microsoft 5 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 2 more 2026-05-06 8.8 High
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-20803 1 Microsoft 2 Sql Server 2022, Sql Server 2025 2026-04-16 7.2 High
Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-26116 1 Microsoft 5 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 2 more 2026-04-14 8.8 High
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-26115 1 Microsoft 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more 2026-04-14 8.8 High
Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-21262 1 Microsoft 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more 2026-04-14 8.8 High
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.