6.9
CVE-2025-3172 - Project Worlds Online Lawyer Management System lawyer_booking.php sql injection
A vulnerability, which was classified as critical, has been found in Project Worlds Online Lawyer Management System 1.0. This issue affects some unknown processing of the file /lawyer_booking.php. The manipulation of the argument unblock_id leads to sql injection. The attack may be initiated remoteβ¦
6.9
CVE-2025-3171 - Project Worlds Online Lawyer Management System approve_lawyer.php sql injection
A vulnerability classified as critical was found in Project Worlds Online Lawyer Management System 1.0. This vulnerability affects unknown code of the file /approve_lawyer.php. The manipulation of the argument unblock_id leads to sql injection. The attack can be initiated remotely. The exploit has β¦
5.3
CVE-2025-31126 - Element X iOS allows the entity in control of the well-known file to break the confidentiality of eβ¦
Element X iOS is a Matrix iOS Client provided by Element. In Element X iOS version between 1.6.13 and 25.03.7, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability isβ¦
5.3
CVE-2025-31127 - Element X Android allows the entity in control of the well-known file to break the confidentiality β¦
Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This β¦
6.9
CVE-2025-3170 - Project Worlds Online Lawyer Management System admin_user.php sql injection
A vulnerability classified as critical has been found in Project Worlds Online Lawyer Management System 1.0. This affects an unknown part of the file /admin_user.php. The manipulation of the argument block_id/unblock_id leads to sql injection. It is possible to initiate the attack remotely. The expβ¦
2.3
CVE-2025-3169 - Projeqtor saveAttachment.php unrestricted upload
A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. The attack may be launched remotely. The compβ¦
6.9
CVE-2025-3168 - PHPGurukul Time Table Generator System edit-class.php sql injection
A vulnerability was found in PHPGurukul Time Table Generator System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-class.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotelβ¦
8.7
CVE-2025-31115 - XZ has a heap-use-after-free bug in threaded .xz decoder
XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on theβ¦
3.3
CVE-2025-32054 -
In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file
5.3
CVE-2023-47639 - API Platform Core can leak exceptions message that may contain sensitive information
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5.