CVE-2026-23522 Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion

LobeChat is an open source chat application platform. Prior to version 2.0.0-next.193, knowledgeBase.removeFilesFromKnowledgeBase tRPC ep allows authenticated users to delete files from any knowledge base without verifying ownership. userId filter in the database query is commented out, so it's...

CVE-2022-23522

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...

CVE-2020-23522

Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data Password parameter...

CVE-2025-23522

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matthew Haines-Young HM Portfolio hm-portfolio allows Reflected XSS.This issue affects HM Portfolio: from n/a through = 1.1.1...

CVE-2025-23522

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matthew Haines-Young HM Portfolio hm-portfolio allows Reflected XSS.This issue affects HM Portfolio: from n/a through = 1.1.1...

CVE-2025-23522

creationtimestamp| type| source ---|---|--- 2025-01-24 10:55:39+00:00| seen| https://infosec.exchange/users/cve/statuses/113882964879856931 2025-01-24 12:43:55+00:00| seen| https://t.me/cvedetector/16264...

CVE-2025-23522 WordPress HM Portfolio plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in humanmade limited, Joe Hoyle, Tom Wilmott, Matthew Haines-Young HM Portfolio allows Reflected XSS. This issue affects HM Portfolio: from n/a through 1.1.1...

CVE-2025-23522

CVE-2025-23522 is a WordPress HM Portfolio plugin vulnerability (Reflected XSS) due to improper input neutralization. Affected product: HM Portfolio (WordPress plugin) versions up to 1.1.1, with CVSS 3.1 base metrics: Network attack vector, Privileges NONE, User Interaction REQUIRED, Scope CHANGE...

CVE-2025-23522 WordPress HM Portfolio plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matthew Haines-Young HM Portfolio hm-portfolio allows Reflected XSS.This issue affects HM Portfolio: from n/a through = 1.1.1...

CVE-2024-23522

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7...

WordPress Formidable Forms Plugin <= 6.7 is vulnerable to Content Injection

Software Formidable Forms Type Plugin Vulnerable versions = 6.7 Fixed in 6.7.1 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-23522 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID b82c61d4e6f0 Credits Revan Arifio Required privilege...

CVE-2022-23522

CVE-2022-23522 concerns MindsDB, where unsafe extraction via shutil.unpack_archive() from remotely retrieved tarballs may write files outside the intended directory (TarSlip/ZipSlip variant). The underlying issue: validating destination paths during archive extraction is insufficient, enabling cr...

CVE-2022-23522 Arbitrary File Write when Extracting Tarballs retrieved from a remote location using in mindsdb

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...

CVE-2023-23522

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data...

CVE-2023-23522

Summary: CVE-2023-23522 is a macOS Ventura 13.2.1 vulnerability described as a privacy issue where an app could observe unprotected user data due to improved handling of temporary files. The issue is publicly documented across multiple sources, including Apple’s security content for Ventura 13.2....

CVE-2023-23522

creationtimestamp| type| source ---|---|--- 2023-02-14 07:35:46+00:00| seen| https://t.me/kasperskyb2b/455 2023-02-27 22:28:18+00:00| seen| https://t.me/cibsecurity/59062 2025-03-11 17:40:03+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7196...

macOS 13.x < 13.2.1 Multiple Vulnerabilities (HT213633)

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.2.1. It is, therefore, affected by multiple vulnerabilities: - A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3...

About the security content of macOS Ventura 13.2.1

About the security content of macOS Ventura 13.2.1 This document describes the security content of macOS Ventura 13.2.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

Tenda AC6 Stack Overflow Vulnerability (CNVD-2022-23522)

The Tenda AC6 is a wireless router. The Tenda AC6 suffers from a stack overflow vulnerability that can be exploited by an attacker to corrupt memory or cause a denial of service...

Pixelimity 1.0 Cross Site Request Forgery

Exploit Title: Pixelimity 1.0 - 'password' Cross-Site Request Forgery Date: 2020-06-03 Exploit Author: Noth Vendor Homepage: https://github.com/pixelimity/pixelimity Software Link: https://github.com/pixelimity/pixelimity Version: v1.0 CVE : 2020-23522 Pixelimity 1.0 has cross-site request forger...