CVE-2026-39417 MaxKB: RCE via MCP stdio command injection in workflow engine

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing code path loading MCP config from the...

EUVD-2024-0623

Malicious code in bioql PyPI...

CVE-2024-0964

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

Gradio Path Traversal vulnerability

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

CVE-2024-0964

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

Denial Of Service (DOS)

The org.kopitubruk.util.JSONUtil library is vulnerable to Denial Of Service Attack DOS . The vulnerability is due to not restricting user supplied JSON to a maximum length causing Stack Overflow Error when the JSON is parsed leading to Denial Of Service DOS attack...

Denial Of Service (DOS)

The net.sf.sojo.sojo library is vulnerable to Denial Of Service Attack DOS . The vulnerability is due to not restricting user supplied JSON and CSV to a maximum length causing Stack Overflow Error/Out Of Memory -Heap Error when the input is parsed leading to Denial Of Service DOS attack...