Sql Server 2019
Vulnerabilities
136
Known exploited
0
Max CVSS
9.8
Top EPSS
0.1017
Severity breakdown
Critical
2
High
131
Medium
3
Low
0
Affected version ranges
15.0.0.0–15.0.2116.215.0.2000.5–15.0.2110.415.0.2000.5–15.0.2116.215.0.2000.5–15.0.2120.115.0.2000.5–15.0.2130.315.0.2000.5–15.0.2135.515.0.2000.5–15.0.2140.115.0.2000.5–15.0.2145.115.0.2000.5–15.0.2155.215.0.2000.5–15.0.2160.415.0.2000.5–15.0.2165.115.0.4003.23–15.0.4360.2< 15.0.2116.2
Also matched as (raw): sql_server_2019,sql_server_2022,visual_studio_2019,visual_studio_2022,sql_server_2016,sql_server_2017,sql_2016_azure_connect_feature_pack,sql_server_2025,ole_db_driver_for_sql_server,odbc_driver_for_sql_server
Top vulnerabilities
CVE-2024-37980Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2024-37341Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2026-33120Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-26116Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-26115Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-21262Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-59499Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-55227Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-53727Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-49759Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-49758Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-24999Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2024-49018SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49017SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49016SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49015SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49014SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49013SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49012SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49011SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49010SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49009SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49008SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49007SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49006SQL Server Native Client Remote Code Execution Vulnerability