ReportizFlow
Filtered by vendor 1panel
Subscriptions
Filtered by product Maxkb
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66419 | 1 1panel | 1 Maxkb | 2025-12-12 | 8.8 High |
| MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0. | ||||
| CVE-2025-66446 | 1 1panel | 1 Maxkb | 2025-12-12 | 8.8 High |
| MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0. | ||||
| CVE-2025-64511 | 2 1panel, Maxkb | 2 Maxkb, Maxkb | 2025-12-04 | 7.4 High |
| MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network services such as databases through Python code in the tool module, although the process runs in a sandbox. Version 2.3.1 fixes the issue. | ||||
| CVE-2025-64703 | 2 1panel, Maxkb | 2 Maxkb, Maxkb | 2025-12-04 | 6.3 Medium |
| MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although the process run in sandbox. Version 2.3.1 fixes the issue. | ||||
Page 1 of 1.