CVE-2025-49758 — CVSS 8.8 (high): Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate…
CVE-2025-49759 — CVSS 8.8 (high): Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate…
CVE-2025-53727 — CVSS 8.8 (high): Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate…
CVE-2025-55227 — CVSS 8.8 (high): Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate…
CVE-2025-59499 — CVSS 8.8 (high): Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate…
CVE-2026-21262 — CVSS 8.8 (high): Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-26115 — CVSS 8.8 (high): Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-26116 — CVSS 8.8 (high): Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate…
CVE-2026-33120 — CVSS 8.8 (high): Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-40370 — CVSS 8.8 (high): External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-32167 — CVSS 6.7 (medium): Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate…
CVE-2026-32176 — CVSS 6.7 (medium): Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate…
CVE-2025-47997 — CVSS 6.5 (medium): Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to…