Scaner-VSvulnerability catalog · v4.2

Home Catalog Sources CWE CAPEC ATT&CK Mitigations Products Vendors Docs

← Back to List

Microsoft›Applicationnvd

Sql Server 2022

Vulnerabilities

108

Known exploited

0

Max CVSS

9.8

Top EPSS

0.1017

Severity breakdown

Critical

2

High

103

Medium

3

Low

0

Affected version ranges

16.0.0.0–16.0.1121.416.0.1000.6–16.0.1115.116.0.1000.6–16.0.1121.416.0.1000.6–16.0.1125.116.0.1000.6–16.0.1135.216.0.1000.6–16.0.1140.616.0.1000.6–16.0.1145.116.0.1000.6–16.0.1150.116.0.1000.6–16.0.1160.116.0.1000.6–16.0.1165.116.0.1000.6–16.0.1170.516.0.1000.6–16.0.1175.116.0.4003.1–16.0.4120.1< 16.0.1121.4

Also matched as (raw): sql_server_2022,sql_2016_azure_connect_feature_pack,sql_server_2016,sql_server_2017,sql_server_2025,visual_studio_2019,sql_server_2019,ole_db_driver_for_sql_server,visual_studio_2022,odbc_driver_for_sql_server

Top vulnerabilities

CVE-2024-37980Microsoft SQL Server Elevation of Privilege Vulnerability

CVE-2024-37341Microsoft SQL Server Elevation of Privilege Vulnerability

CVE-2026-33120Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.

CVE-2026-26116Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-26115Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-21262Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-59499Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-55227Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-53727Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-49759Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-49758Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-47954Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-24999Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2024-38088SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-38087SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37965Microsoft SQL Server Elevation of Privilege Vulnerability

CVE-2024-37340Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVE-2024-37339Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVE-2024-37338Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVE-2024-37336SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37335Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVE-2024-37334Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVE-2024-37333SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37332SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37331SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

View vendor →Open in catalog with product filter →