8.1
CVE-2025-2291 - PgBouncer default auth_query does not take Postgres password expiry into account
Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password
8.7
CVE-2025-32872 -
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetOverview' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wβ¦
8.7
CVE-2025-32871 -
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'MigrateDatabase' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from aβ¦
8.7
CVE-2025-32870 -
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetTraces' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wriβ¦
8.7
CVE-2025-32869 -
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read fromβ¦
8.7
CVE-2025-32868 -
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ExportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read fromβ¦
8.7
CVE-2025-32867 -
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateBackup' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and β¦
8.7
CVE-2025-32866 -
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetLogs' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and writeβ¦
8.7
CVE-2025-32865 -
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateLog' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wriβ¦
8.7
CVE-2025-32864 -
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wβ¦