microsoft sql_server_2019 CVE 漏洞（136）

CVE 数: 136 CPE versions: View versions table

摘要

本页列出影响 microsoft sql_server_2019 的已公开 CVE 漏洞（通过 NVD CPE 关联）。每行包含严重程度评分、摘要与发布日期，便于识别与分析安全问题。

CVE	摘要	来源	最高 CVSS	EPSS %	公开时间	更新时间
CVE-2026-33120	Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.	[email protected]	8.8	0.66%	2026-04-14	2026-05-06
CVE-2026-32176	Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.	[email protected]	6.7	0.24%	2026-04-14	2026-05-07
CVE-2026-32167	Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.	[email protected]	6.7	0.30%	2026-04-14	2026-05-07
CVE-2026-26116	Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.	[email protected]	8.8	1.19%	2026-03-10	2026-03-13
CVE-2026-26115	Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.	[email protected]	8.8	1.06%	2026-03-10	2026-03-13
CVE-2026-21262	Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.	[email protected]	8.8	2.04%	2026-03-10	2026-03-13
CVE-2025-59499	Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.	[email protected]	8.8	1.11%	2025-11-11	2025-11-17
CVE-2025-55227	Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.	[email protected]	8.8	1.26%	2025-09-09	2025-09-12
CVE-2025-47997	Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network.	[email protected]	6.5	0.77%	2025-09-09	2025-09-12
CVE-2025-53727	Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.	[email protected]	8.8	1.02%	2025-08-12	2025-08-14
CVE-2025-49759	Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.	[email protected]	8.8	1.03%	2025-08-12	2025-08-14
CVE-2025-49758	Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.	[email protected]	8.8	0.86%	2025-08-12	2025-08-14
CVE-2025-24999	Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.	[email protected]	8.8	1.52%	2025-08-12	2025-08-14
CVE-2025-49719	Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.	[email protected]	7.5	10.17%	2025-07-08	2025-07-17
CVE-2025-49718	Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.	[email protected]	7.5	2.77%	2025-07-08	2025-07-17
CVE-2025-49717	Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.	[email protected]	8.5	0.92%	2025-07-08	2025-07-17
CVE-2024-49043	Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability	[email protected]	7.8	0.59%	2024-11-12	2024-11-15
CVE-2024-49021	Microsoft SQL Server Remote Code Execution Vulnerability	[email protected]	7.8	0.74%	2024-11-12	2024-11-15
CVE-2024-49018	SQL Server Native Client Remote Code Execution Vulnerability	[email protected]	8.8	1.52%	2024-11-12	2024-11-15
CVE-2024-49017	SQL Server Native Client Remote Code Execution Vulnerability	[email protected]	8.8	1.34%	2024-11-12	2024-11-15

cvelogic Threat Intelligence