2 matches found
CVE-2025-53928
MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue...
CVE-2025-48950
MaxKB (open-source AI assistant) prior to version 1.10.8-lts is affected by a sandbox bypass in the Python function library: the sandbox only enforces execution permissions for binaries in common directories (e.g., /bin, /usr/bin), allowing attackers to exploit files with execution permission in ...