CVE-2026-42336

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch functionality due to inconsistent DNS resolution between validation and actual request execution, allowing attackers to access...

CVE-2026-42337 MaxKB: Broken Access Control in MaxKB OSS URL Fetch API

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API chat/api/oss/geturl. The endpoint uses applicationid from the URL path without validating ownership, allowing attackers to perfo...

CVE-2026-42337

CVE-2026-42337 : MaxKB (open-source AI assistant) versions 2.8.0 and earlier are affected by a broken access control in the OSS file service URL fetch API (chat/api/oss/get_url). The endpoint uses the application_id from the URL path without validating ownership, allowing operations under other a...

CVE-2026-42335 MaxKB: SSRF Bypass in MaxKB OSS URL Fetch due to URL Parsing Discrepancy

MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch chat/api/oss/geturl endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse...

CVE-2024-31454

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. The...

Low: file

Issue Overview: File before 5.43 has an stack-based buffer over-read in filecopystr in funcs.c. NOTE: "File" is the name of an Open Source project. CVE-2022-48554 Affected Packages: file Issue Correction: Run dnf update file --releasever 2023.1.20230906 or dnf update --advisory ALAS2023-2023-333...

IBOS open source the latest version of a arbitrary file upload

No description provided by source...

openmotif libUil buffer overflows

Multiple buffer overflows in libUil libUil.so in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the 1 diagissuediagnostic function in UilDiags.c and 2 opensourcefile function in UilSrcSrc.c...

[Full-disclosure] [xfocus-SD-051202]openMotif libUil Multiple vulnerability

Title: xfocus-SD-051202openMotif-libUil-Multiplevulnerability Affected version : openmotif 2.2.3not got 2.2.4,so not test in openmotif 2.2.4 Product: http://www.motifzone.net/ xfocus http://www.xfocus.org have discovered multiple vulnerability in openmotif libUil library. details following: 1:...