6.9
CVE-2025-3171 - Project Worlds Online Lawyer Management System approve_lawyer.php sql injection
A vulnerability classified as critical was found in Project Worlds Online Lawyer Management System 1.0. This vulnerability affects unknown code of the file /approve_lawyer.php. The manipulation of the argument unblock_id leads to sql injection. The attack can be initiated remotely. The exploit has β¦
5.3
CVE-2025-31126 - Element X iOS allows the entity in control of the well-known file to break the confidentiality of eβ¦
Element X iOS is a Matrix iOS Client provided by Element. In Element X iOS version between 1.6.13 and 25.03.7, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability isβ¦
5.3
CVE-2025-31127 - Element X Android allows the entity in control of the well-known file to break the confidentiality β¦
Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This β¦
6.9
CVE-2025-3170 - Project Worlds Online Lawyer Management System admin_user.php sql injection
A vulnerability classified as critical has been found in Project Worlds Online Lawyer Management System 1.0. This affects an unknown part of the file /admin_user.php. The manipulation of the argument block_id/unblock_id leads to sql injection. It is possible to initiate the attack remotely. The expβ¦
2.3
CVE-2025-3169 - Projeqtor saveAttachment.php unrestricted upload
A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. The attack may be launched remotely. The compβ¦
6.9
CVE-2025-3168 - PHPGurukul Time Table Generator System edit-class.php sql injection
A vulnerability was found in PHPGurukul Time Table Generator System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-class.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotelβ¦
8.7
CVE-2025-31115 - XZ has a heap-use-after-free bug in threaded .xz decoder
XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on theβ¦
3.3
CVE-2025-32054 -
In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file
5.3
CVE-2023-47639 - API Platform Core can leak exceptions message that may contain sensitive information
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5.
7.1
CVE-2025-3167 - Tenda AC23 API Interface VerAPIMant denial of service
A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The attack may be initiated rβ¦