Microsoft SQL Server - 411 CVEs (Page 1/4)

About “Microsoft SQL Server”

A curated feed of “Microsoft SQL Server”-related CVEs appears below. We currently track 411 CVEs for this tag (all time). In the last 365 days, 43 were published. Average CVSS is 8.0 (all time; 8.1 over 365d), and 80% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE-20 - Improper Input Validation, CWE-787 - Out-of-bounds Write.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: mssqlserver

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

Cycle	Release	Latest	Premier Support	Extended Support	EOL
17.0	2025-11-18	17.0.4045.5 CU5	2031-01-06	Unavailable	2036-01-06
16.0	2022-11-16	16.0.4255.1 CU25	2028-01-11	Unavailable	2033-01-11
13.0-sp3-acp	2022-05-19	13.0.7080.1 Azure Connect pack+GDR	2026-07-14	2029-07-17	2026-07-14 Soon
13.0-sp3	2021-09-15	13.0.6485.1 GDR	2026-07-14	2029-07-17	2026-07-14 Soon
15.0	2019-11-04	15.0.4470.1 CU32+GDR	2025-02-28	Unavailable	2030-01-08
12.0-sp3	2018-10-30	12.0.6449.1 CU4+GDR	2019-07-09	2027-07-12	2024-07-09 Expired
13.0-sp2	2018-04-24	13.0.5893.48 CU17+GDR	2022-10-11	Unavailable	2022-10-11 Expired
11.0-sp4	2017-10-05	11.0.7512.11 GDR	2022-07-12	2025-07-08	2022-07-12 Expired
14.0	2017-09-29	14.0.3525.1 CU31+GDR	2022-10-11	Unavailable	2027-10-12
13.0-sp1	2016-11-16	13.0.4604.0 CU15+GDR	2019-07-09	Unavailable	2019-07-09 Expired
12.0-sp2	2016-07-14	12.0.5687.1 CU18	2020-01-14	Unavailable	2020-01-14 Expired
13.0	2016-06-01	13.0.2218.0 CU9+GDR	2018-01-09	Unavailable	2018-01-09 Expired
11.0-sp3	2015-12-01	11.0.6614.2 CU10+QFE	2018-10-09	Unavailable	2018-10-09 Expired
12.0-sp1	2015-04-14	12.0.4522.0 CU13	2017-10-10	Unavailable	2017-10-10 Expired
10.50-sp3	2014-07-07	10.50.6785.2 GDR	2014-07-08	2022-07-12	2019-07-09 Expired
10.0-sp4	2014-07-07	10.0.6814.4 CU17+GDR	2014-07-08	2022-07-12	2019-07-09 Expired
11.0-sp2	2014-06-10	11.0.5678.0 CU16	2017-01-10	Unavailable	2017-01-10 Expired
12.0	2014-06-05	12.0.2569.0 CU14	2016-07-12	Unavailable	2016-07-12 Expired
11.0-sp1	2012-11-07	11.0.3513.0 CU13+QFE	2015-07-14	Unavailable	2015-07-14 Expired
10.50-sp2	2012-07-26	10.50.4339.0 CU13+QFE	2015-10-13	Unavailable	2015-10-13 Expired
11.0	2012-05-20	11.0.2424.0 CU11	2014-01-14	Unavailable	2014-01-14 Expired
10.00-sp3	2011-10-06	10.00.5861 CU16+QFE	2015-10-13	Unavailable	2015-10-13 Expired
10.50-sp1	2011-07-12	10.50.2881.0 CU14	2013-10-08	Unavailable	2013-10-08 Expired
9.0-sp4	2010-12-13	9.0.5324.0 QFE	2011-04-12	Unavailable	2016-04-12 Expired
10.00-sp2	2010-09-24	10.00.4371 CU10+QFE	2012-10-09	Unavailable	2012-10-09 Expired
10.50-r2	2010-07-20	10.50.1815.0 CU13	2012-07-10	Unavailable	2012-07-10 Expired
10.00-sp1	2009-03-31	10.00.2850 CU16	2011-10-11	Unavailable	2011-10-11 Expired
9.00-sp3	2008-12-15	9.00.4309 CU11	2012-01-10	Unavailable	2012-01-10 Expired
10.00	2008-11-06	10.00.1835 CU10	2010-04-13	Unavailable	2010-04-13 Expired
9.00-sp2	2007-02-19	9.00.3325 CU13	2010-01-12	Unavailable	2010-01-12 Expired
9.0-sp1	2006-04-18	9.0.2233	2008-04-08	Unavailable	2008-04-08 Expired
9.0	2006-01-14	9.0.1399	2007-07-10	Unavailable	2007-07-10 Expired
8.0-sp4	2005-05-06	8.0.2305 QFE	2008-04-08	Unavailable	2013-04-09 Expired
7.0-sp4	2002-04-26	7.0.1152	2005-12-31	Unavailable	2011-01-11 Expired
6.50-sp5a	1998-12-24	6.50.480	2002-01-01	Unavailable	2002-01-01 Expired
6.0-sp3	1995-06-13	6.0.151	1999-03-31	Unavailable	1999-03-31 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS · RSS (expired) · ICS

Subscribe CVEs: RSS for “Microsoft SQL Server” · RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2026-06-01

Critical

CVE-2026-25879

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

2026-05-26

Critical

CVE-2026-45721

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent…

CVSS: 9.0 CWE: CWE-20 - Improper Input Validation View on NVD

High

CVE-2026-44680

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper…

CVSS: 7.6 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

2026-05-12

High

CVE-2026-40370

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-73 - External Control of File Name or Path View on NVD

2026-05-11

Medium

CVE-2026-6093

Corteza contains a SQL injection vulnerability in its Microsoft SQL Server (MSSQL) backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8.

CVSS: 6.0 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

2026-04-14

High

CVE-2026-33120

Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD

Medium

CVE-2026-32176

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

CVSS: 6.7 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

Medium

CVE-2026-32167

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

CVSS: 6.7 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

2026-04-08

Critical

CVE-2025-14816

Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi E…

CVSS: 9.3 CWE: CWE-317 - Cleartext Storage of Sensitive Information in GUI View on NVD

Critical

CVE-2025-14815

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric…

CVSS: 9.3 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD

2026-03-26

Medium

CVE-2026-33375

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, cras…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD

2026-03-22

Medium

CVE-2019-25598

HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers…

CVSS: 6.2 CWE: CWE-787 - Out-of-bounds Write View on NVD

2026-03-18

High

CVE-2025-58112

Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of customized reports via raw SQL queries in an upload of a .rdl (Report Definition Language) file; th…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

2026-03-16

High

CVE-2026-32628

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Ag…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

2026-03-11

Medium

CVE-2019-25475

SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of da…

CVSS: 6.2 CWE: CWE-787 - Out-of-bounds Write View on NVD

2026-03-10

High

CVE-2026-26116

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

High

CVE-2026-26115

Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 CWE: CWE-1287 - Improper Validation of Specified Type of Input View on NVD

High

CVE-2026-21262

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD

2026-02-19

High

CVE-2025-15560

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

2026-01-26

Medium

CVE-2025-59095

The program libraries (DLL) and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algor…

CVSS: 6.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD

High

CVE-2025-59093

Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostna…

CVSS: 8.5 CWE: CWE-656 - Reliance on Security Through Obscurity View on NVD

2026-01-16

High

CVE-2025-61943

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server…

CVSS: 8.4 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

2026-01-13

High

CVE-2026-20803

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 7.2 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD

2025-12-02

High

CVE-2025-64298

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, t…

CVSS: 8.4 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD

High

CVE-2025-62575

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remot…

CVSS: 8.3 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD

High

CVE-2025-61940

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication che…

CVSS: 8.3 CWE: CWE-603 - Use of Client-Side Authentication View on NVD

2025-11-19

High

CVE-2025-10703

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Re…

CVSS: 8.6 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

High

CVE-2025-10702

CVSS: 8.6 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

2025-11-11

High

CVE-2025-59499

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

2025-10-21

Critical

CVE-2025-10640

An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional…

CVSS: 9.8 CWE: CWE-602 - Client-Side Enforcement of Server-Side Security View on NVD

2025-10-15

High

CVE-2025-11177

The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

2025-10-14

High

CVE-2025-59250

Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.

CVSS: 8.1 CWE: CWE-20 - Improper Input Validation View on NVD

2025-09-09

High

CVE-2025-55227

Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD

Medium

CVE-2025-47997

Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network.

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

2025-08-12

High

CVE-2025-53727

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

High

CVE-2025-49759

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

High

CVE-2025-49758

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD

High

CVE-2025-47954

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

High

CVE-2025-24999

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD

2025-07-08

High

CVE-2025-49719

Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD

High

CVE-2025-49718

Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.

CVSS: 7.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD

High

CVE-2025-49717

Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.

CVSS: 8.5 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

2025-07-03

Medium

CVE-2025-43713

ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services that support license key management and deprecated Windows netw…

CVSS: 6.5 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD

2025-04-12

High

CVE-2025-29803

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD

2025-03-20

Critical

CVE-2025-29980

A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

2024-12-06

Critical

CVE-2024-52335

A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input data before sending it to the SQL server. This could allo…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

2024-11-12

High

CVE-2024-49021

Microsoft SQL Server Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2024-49018

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-197 - Numeric Truncation Error View on NVD

High

CVE-2024-49017

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-49016

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2024-49015

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-49014

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-415 - Double Free View on NVD

High

CVE-2024-49013

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-49012

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-49011

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-49010

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-49009

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-49008

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-49007

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-49006

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-49005

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-49004

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-49003

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2024-49002

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-49001

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-49000

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-48999

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-48998

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-48997

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-48996

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-48995

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-48994

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-48993

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-43462

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-43459

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2024-38255

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

2024-10-08

High

CVE-2024-43519

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-197 - Numeric Truncation Error View on NVD

2024-09-10

High

CVE-2024-43474

Microsoft SQL Server Information Disclosure Vulnerability

CVSS: 7.6 CWE: CWE-170 - Improper Null Termination View on NVD

High

CVE-2024-37980

Microsoft SQL Server Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD

High

CVE-2024-37966

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2024-37965

Microsoft SQL Server Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD

High

CVE-2024-37342

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2024-37341

Microsoft SQL Server Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD

High

CVE-2024-37340

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD

High

CVE-2024-37339

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD

High

CVE-2024-37338

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2024-37337

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

CVSS: 7.1 CWE: CWE-197 - Numeric Truncation Error View on NVD

High

CVE-2024-37335

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-26191

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-26186

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

2024-07-22

Critical

CVE-2024-6912

Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.This issue affects ProcessPlus: through 1.11.6507.0.

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD

2024-07-09

High

CVE-2024-38088

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-38087

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-415 - Double Free View on NVD

High

CVE-2024-37336

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD

High

CVE-2024-37334

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-37333

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-37332

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-37331

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-37330

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-37329

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-37328

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-37327

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-37326

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-37324

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-37323

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD

High

CVE-2024-37322

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-37321

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-37320

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2024-37319

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-37318

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-35272

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-35271

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-35256

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-28928

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD

High

CVE-2024-21449

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-21428

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD

High

CVE-2024-21425

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-21415

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-21414

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2024-21398

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD