CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-55227 – Microsoft SQL Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-55227
09 Sep 2025 — Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55227 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-47997 – Microsoft SQL Server Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-47997
09 Sep 2025 — Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47997 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47954 – Microsoft SQL Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-47954
12 Aug 2025 — Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47954 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-49759 – Microsoft SQL Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-49759
12 Aug 2025 — Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49759 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-24999 – Microsoft SQL Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24999
12 Aug 2025 — Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24999 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-53727 – Microsoft SQL Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-53727
12 Aug 2025 — Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53727 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-49758 – Microsoft SQL Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-49758
12 Aug 2025 — Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49758 • CWE-269: Improper Privilege Management •