CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47954 – Microsoft SQL Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-47954
12 Aug 2025 — Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47954 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-49759 – Microsoft SQL Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-49759
12 Aug 2025 — Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49759 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-24999 – Microsoft SQL Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24999
12 Aug 2025 — Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24999 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-53727 – Microsoft SQL Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-53727
12 Aug 2025 — Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53727 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-49758 – Microsoft SQL Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-49758
12 Aug 2025 — Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49758 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2025-49718 – Microsoft SQL Server Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-49718
08 Jul 2025 — Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49718 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2025-49719 – Microsoft SQL Server Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-49719
08 Jul 2025 — Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network. • https://github.com/HExploited/CVE-2025-49719-Exploit • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-49717 – Microsoft SQL Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49717
08 Jul 2025 — Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49717 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-49021 – Microsoft SQL Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49021
12 Nov 2024 — Microsoft SQL Server Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49021 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-49043 – Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49043
12 Nov 2024 — Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49043 • CWE-426: Untrusted Search Path •