81 matches found
CVE-2026-6625
A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogupicture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture...
CVE-2026-42337
MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API chat/api/oss/geturl. The endpoint uses applicationid from the URL path without validating ownership, allowing attackers to perfo...
CVE-2026-42335
MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch chat/api/oss/geturl endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse...
CVE-2026-42337
MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API chat/api/oss/geturl. The endpoint uses applicationid from the URL path without validating ownership, allowing attackers to perfo...
CVE-2026-42336 MaxKB: SSRF Bypass via DNS Rebinding in MaxKB OSS URL Fetch
MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch functionality due to inconsistent DNS resolution between validation and actual request execution, allowing attackers to access...
CVE-2026-42336
CVE-2026-42336 concerns MaxKB: OSS file service URL fetch in MaxKB 2.8.0 and earlier is vulnerable to an SSRF bypass caused by inconsistent DNS resolution between validation and the actual request, enabling access to internal networks via DNS rebinding. The issue is mitigated by upgrading to 2.8....
EUVD-2026-31989
MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch functionality due to inconsistent DNS resolution between validation and actual request execution, allowing attackers to access...
CVE-2026-42337
MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API chat/api/oss/geturl. The endpoint uses applicationid from the URL path without validating ownership, allowing attackers to perfo...
CVE-2026-42337 MaxKB: Broken Access Control in MaxKB OSS URL Fetch API
MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API chat/api/oss/geturl. The endpoint uses applicationid from the URL path without validating ownership, allowing attackers to perfo...
EUVD-2026-31988
MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API chat/api/oss/geturl. The endpoint uses applicationid from the URL path without validating ownership, allowing attackers to perfo...
MaxKB 代码问题漏洞
MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.0 contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing bypass vulnerability in the OSS file service URL...
MaxKB 代码问题漏洞
MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.1 contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the OSS file service URL retrieval...
MaxKB 安全漏洞
MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from access control flaws in the API for retrieving OSS file service URLs, which...
CVE-2026-7844
A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/listfiles/retrievefile/retrievefilecontent/deletefile of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Compatible File Service...
CVE-2026-7844
A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/listfiles/retrievefile/retrievefilecontent/deletefile of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Compatible File Service...
CVE-2026-7844
A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/listfiles/retrievefile/retrievefilecontent/deletefile of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Compatible File Service...
CVE-2026-7844 chatchat-space Langchain-Chatchat Compatible File Service openai_routes.py delete_file missing authentication
A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/listfiles/retrievefile/retrievefilecontent/deletefile of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Compatible File Service...
CVE-2026-7844 chatchat-space Langchain-Chatchat Compatible File Service openai_routes.py delete_file missing authentication
A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/listfiles/retrievefile/retrievefilecontent/deletefile of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Compatible File Service...
CVE-2026-7844
CVE-2026-7844 concerns the chatchat-space Langchain-Chatchat project up to version 0.3.1.3. The vulnerability resides in the Compatible File Service, specifically the function set in libs/chatchat-server/chatchat/server/api_server/openai_routes.py (delete_file, as well as related file endpoints l...
LangChain-Chatchat 授权问题漏洞
LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Versions of Langchain-Chatchat 0.3.1.3 and earlier had an authorization vulnerability. This vulnerability stems from a lack of authentication in the functions...