CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

966 matches found

CVE•added 2025/11/13 3:52 p.m.•16 views

CVE-2025-64703

MaxKB (open‑source enterprise AI assistant) contains an information disclosure vulnerability in versions prior to 2.3.1. The issue arises from Python code in the tool module, where a user can obtain sensitive information despite the process running in a sandbox. The root cause is effectively a sa...

6.5CVSS6.5AI score0.00042EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/11/13 3:51 p.m.•3 views

CVE-2025-64511 MaxKB has SSRF in sandbox

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network services such as databases through Python code in the tool module, although the process runs in a sandbox. Version 2.3.1 fixes the issue...

7.4CVSS0.00056EPSS

Exploits0References1

Packet Storm News•added 2025/11/12 12:0 a.m.•2 views

Taught by the Flawed: How Dataset Insecurity Breeds Vulnerable AI Code

AI programming assistants have demonstrated a tendency to generate code containing basic security vulnerabilities. While developers are ultimately responsible for validating and reviewing such outputs, improving the inherent quality of these generated code snippets remains essential. A key...

7.3AI score

Exploits0

Snyk•added 2025/11/01 6:46 a.m.•2 views

Eval Injection

Overview talkpipe is a Python internal and external DSL for writing generative AI analytics Affected versions of this package are vulnerable to Eval Injection due to using the function eval unsafe in the compileLambda function in the talkpipe/util/datamanipulation.py file. An attacker can execute...

9.8CVSS7.8AI score

Exploits0References3

GithubExploit•added 2025/10/21 12:47 a.m.•151 views

YouTube-Scraper-POC

What this repo is The code in this repository is a proof of...

7.1AI score

Exploits0

OSV•added 2025/10/10 4:27 p.m.•3 views

MAL-2025-191843 Malicious code in python3-6 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d48e27507362baa15b8e41d1554bce82077fcc870112ab6cb4d17694b47c8ef3 During installation, the obfuscated code is run and connect with a remote server. In the current version, the code just opens a URL without exfiltrating any...

7.1AI score

Exploits0References1