Lucene search

K
MaxkbMaxkb

6 matches found

CVE
CVE
โ€ขadded 2025/05/11 8:15 p.m.โ€ข55 views

CVE-2025-4546

A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The attack can be launched remotely. The exploit has been disclos...

8.8CVSS7.5AI score0.00054EPSS
CVE
CVE
โ€ขadded 2025/04/10 2:15 p.m.โ€ข47 views

CVE-2025-32383

MaxKB (Max Knowledge Base) is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). A reverse shell vulnerability exists in the module of function library. The vulnerability allow privilegedโ€Œ users to create a reverse shell...

7.2CVSS4.5AI score0.00051EPSS
CVE
CVE
โ€ขadded 2025/01/02 3:15 p.m.โ€ข40 views

CVE-2024-56137

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerabili...

7.2CVSS7.5AI score0.00748EPSS
CVE
CVE
โ€ขadded 2025/06/03 7:15 p.m.โ€ข38 views

CVE-2025-48950

MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as /bin,/usr/bin, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directories...

8.8CVSS6.6AI score0.00051EPSS
CVE
CVE
โ€ขadded 2025/07/17 2:15 p.m.โ€ข6 views

CVE-2025-53928

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue.

9.8CVSS6.8AI score0.00413EPSS
CVE
CVE
โ€ขadded 2025/07/17 2:15 p.m.โ€ข5 views

CVE-2025-53927

MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. Therefore, an attacker can use the shutil.copy2 method in Python to copy the command they wa...

6.3CVSS7.1AI score0.00027EPSS