Maxkb
Monthly
MaxKB is an open-source AI assistant for enterprise. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
MaxKB is an open-source AI assistant for enterprise. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
MaxKB prior to version 1.10.8-lts contains an incomplete sandbox implementation that only blacklists binary execution in common system directories (/bin, /usr/bin, etc.), allowing local attackers with low privileges to execute arbitrary code via executable files in non-blacklisted directories and achieve full system compromise. The vulnerability affects enterprise AI assistant deployments and has a high CVSS score of 8.8 reflecting significant impact potential; exploitation requires local access but no user interaction.
A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
MaxKB (Max Knowledge Base) is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.
MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
MaxKB is an open-source AI assistant for enterprise. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
MaxKB is an open-source AI assistant for enterprise. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
MaxKB prior to version 1.10.8-lts contains an incomplete sandbox implementation that only blacklists binary execution in common system directories (/bin, /usr/bin, etc.), allowing local attackers with low privileges to execute arbitrary code via executable files in non-blacklisted directories and achieve full system compromise. The vulnerability affects enterprise AI assistant deployments and has a high CVSS score of 8.8 reflecting significant impact potential; exploitation requires local access but no user interaction.
A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
MaxKB (Max Knowledge Base) is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.
MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.