CVE-2025-2291

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

DEBIAN-CVE-2025-2291

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

UBUNTU-CVE-2025-2291

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

CVE-2025-32475

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

SUSE-SU-2025:1324-1 Security update for apache2-mod_auth_openidc

This update for apache2-modauthopenidc fixes the following issues: - CVE-2025-31492: Fixed a bug where OIDCProviderAuthRequestMethod POSTs can leak protected data. bsc1240893...

PgBouncer 安全漏洞

PgBouncer is an open source lightweight connection pool for PostgreSql from the PgBouncer community. A security vulnerability exists in PgBouncer that stems from authquery not taking into account the VALID UNTIL value of Postgres, which could lead to logging in with an expired password...

CVE-2025-28137

The TOTOLINK A810R V4.1.2cu.5182B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2025-28137

The TOTOLINK A810R V4.1.2cu.5182B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2025-28137

The CVE-2025-28137 entry concerns TOTOLINK A810R firmware (example: V4.1.2cu.5182_B20201026) with a pre-auth remote command execution in the setNoticeCfg function via the NoticeUrl parameter. Affected component: setNoticeCfg. Root cause: failure to properly filter special characters in NoticeUrl ...

CVE-2025-31491 AutoGPT allows leakage of cross-domain cookies and protected headers in requests redirect

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows of leakage of cross-domain cookies and protected headers in requests redirect. AutoGPT uses a wrapper around the requests...

UBUNTU-CVE-2025-32912

A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash...

Xinet Elegant 6 Asset Lib Web UI 6.1.655 - SQL Injection

Exploit Title: Xinet Elegant 6 Asset Lib Web UI 6.1.655 - SQL Injection Exploit author: hyp3rlinx import requests,time,re,sys,argparse NAPC Xinet Elegant 6 Asset Library v6.1.655 Pre-Auth SQL Injection 0day Exploit By hyp3rlinx ApparitionSec UPDATED: Jan 2024 for python3 TODO: add SSL support...

libsoup 代码问题漏洞

libsoup is a GNOME HTTP client/server library from the GNOME Project. A code issue vulnerability exists in libsoup, which stems from the presence of a null pointer dereference in SoupAuthDigest, which could lead to a client-side crash...

Medium: php8.2

Issue Overview: Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. CVE-2025-1219...

CVE-2025-2881

The CVE CVE-2025-2881 concerns the Developer Toolbar plugin for WordPress. According to the supplied documents, it is an unauthenticated information exposure vulnerability that affects versions up to and including 1.0.3, occurring via a publicly accessible phpinfo.php script. The connected docume...

SUSE-SU-2025:1193-1 Security update for apparmor

This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452...

apache2-mod_auth_openidc-2.4.16.11-1.1 on GA media (moderate)

apache2-modauthopenidc-2.4.16.11-1.1 on GA media Announcement ID: openSUSE-SU-2025:14972-1 Rating: moderate Cross-References: CVE-2025-31492 CVSS scores: CVE-2025-31492 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2025-31492 SUSE : 8.2...

CVE-2025-30150

CVE-2025-30150 affects Shopware 6 platforms. The vulnerability allows an attacker using the store-api to determine whether an email address is registered by querying /store-api/account/recovery-password ; responses differentiate between found vs not found accounts, enabling information exposure. ...

CVE-2025-31492

modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a modauthopenidc results in disclosure of protected content to unauthenticated users. The...

PT-2025-15122

Name of the Vulnerable Software and Affected Versions mod auth openidc versions prior to 2.4.16.11 Description A bug in mod auth openidc results in disclosure of protected content to unauthenticated users. The conditions for disclosure include an OIDCProviderAuthRequestMethod POST, a valid accoun...