44 matches found
EUVD-2026-22180
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LDPRELOAD-based...
CVE-2026-39421 MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LDPRELOAD-based...
CVE-2026-39421
CVE-2026-39421 affects MaxKB (versions 2.7.1 and earlier). The sandbox escape occurs in ToolExecutor via Python ctypes calling raw syscalls to bypass LD_PRELOAD sandbox.so, enabling arbitrary code execution through direct kernel syscalls and potential full container/network compromise. The librar...
MaxKB 安全漏洞
MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a security vulnerability. This vulnerability stemmed from a sandbox escape issue in the ToolExecutor component, which could allow...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001788)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001788 advisory. The overriderelease function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a unam...
EUVD-2021-9611
Malicious code in bioql PyPI...
EUVD-2021-9602
Malicious code in bioql PyPI...
EUVD-2023-25213
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-27009
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in...
CVE-2025-38188
In the Linux kernel, the following vulnerability has been resolved: drm/msm/a7xx: Call CPRESETCONTEXTSTATE Calling this packet is necessary when we switch contexts because there are various pieces of state used by userspace to synchronize between BR and BV that are persistent across submits and w...
CVE-2021-39647
In monsmcloadsp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smcbooting.S, there is a possible reinitialization of TEE due to improper locking. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2021-22465
A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable...
ASB-A-252951342
In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel...
CVE-2021-20321
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system...
CVE-2021-0961
In quotaprocwrite of xtquota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...
Huawei HarmonyOS component has a data processing error vulnerability
Huawei HarmonyOS is an operating system from Huawei, China. It provides a microkernel-based distributed operating system. A security vulnerability exists in the Huawei HarmonyOS component, which could be exploited by a local attacker to render the kernel system unusable...
CVE-2021-22456
A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable...
Heap overflow
A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable...
Design/Logic Flaw
A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable...
CVE-2021-22465
A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable...