CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-55227 – Microsoft SQL Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-55227
09 Sep 2025 — Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55227 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-47997 – Microsoft SQL Server Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-47997
09 Sep 2025 — Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47997 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47954 – Microsoft SQL Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-47954
12 Aug 2025 — Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47954 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-49759 – Microsoft SQL Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-49759
12 Aug 2025 — Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49759 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-24999 – Microsoft SQL Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24999
12 Aug 2025 — Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24999 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-53727 – Microsoft SQL Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-53727
12 Aug 2025 — Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53727 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-49758 – Microsoft SQL Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-49758
12 Aug 2025 — Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49758 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2025-49718 – Microsoft SQL Server Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-49718
08 Jul 2025 — Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49718 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2025-49719 – Microsoft SQL Server Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-49719
08 Jul 2025 — Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network. • https://github.com/HExploited/CVE-2025-49719-Exploit • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-49717 – Microsoft SQL Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49717
08 Jul 2025 — Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49717 • CWE-122: Heap-based Buffer Overflow •