Microsoft: >> Sql Server 2022 >> 16.0.1121.4 Security Vulnerabilities
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.005
Published
2026-05-12
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.007
Published
2026-04-14
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVSS Score
6.7
EPSS Score
0.002
Published
2026-04-14
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVSS Score
6.7
EPSS Score
0.003
Published
2026-04-14
Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.8
EPSS Score
0.011
Published
2026-03-10
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.8
EPSS Score
0.012
Published
2026-03-10
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.8
EPSS Score
0.02
Published
2026-03-10
Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.
CVSS Score
7.2
EPSS Score
0.012
Published
2026-01-13
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.8
EPSS Score
0.011
Published
2025-11-11
Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.8
EPSS Score
0.013
Published
2025-09-09
Page 1