27 matches found
CVE-2025-64703 MaxKB has Information Leak in sandbox
MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although the process run in sandbox. Version 2.3.1 fixes the issue...
CVE-2025-64511
MaxKB is vulnerable in versions prior to 2.3.1 due to SSRF in the tool module’s Python code, which can access internal network services (e.g., databases) even though the process runs in a sandbox. The issue is resolved in version 2.3.1. Connected sources corroborate the sandboxed Python-access pa...
CVE-2025-64511 MaxKB has SSRF in sandbox
MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network services such as databases through Python code in the tool module, although the process runs in a sandbox. Version 2.3.1 fixes the issue...
MaxKB 代码问题漏洞
MaxKB is a 1Panel-dev open source open source knowledge base question and answer system based on a large language model and RAG. A code issue vulnerability exists in MaxKB versions prior to 2.3.1, which stems from a user being able to access internal web services via Python code in a tool module,...
MaxKB 信息泄露漏洞
MaxKB is a 1Panel-dev open source open source knowledge base question and answer system based on a large language model and RAG. An information disclosure vulnerability exists in MaxKB versions prior to 2.3.1, which stems from the fact that users can obtain sensitive information via Python code i...
PT-2025-46861
MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although the process run in sandbox. Version 2.3.1 fixes the issue...
EUVD-2006-7004
Malware in sbrugna...