|
351
|
4.6 |
MEDIUM
Network
|
-
|
-
|
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of…
Update
|
CWE-20
CWE-78
Improper Input Validation
OS Command
|
CVE-2026-39417
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352
|
7.5 |
HIGH
Network
|
-
|
-
|
jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table op…
Update
|
CWE-328
CWE-407
Use of Weak Hash
Inefficient Algorithmic Complexity
|
CVE-2026-40164
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
353
|
5.0 |
MEDIUM
Network
|
-
|
-
|
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed by using socket.sendto() with the MSG_FASTOPEN flag. This allows authentic…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-39418
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354
|
6.3 |
MEDIUM
Network
|
-
|
-
|
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the …
Update
|
CWE-78
CWE-693
OS Command
Protection Mechanism Failure
|
CVE-2026-39420
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355
|
- |
|
-
|
-
|
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability through the application name or icon fields when creating an ap…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-39422
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
356
|
- |
|
-
|
-
|
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with…
Update
|
CWE-79
CWE-95
Cross-site Scripting
Eval Injection
|
CVE-2026-39423
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talen…
Update
|
-
|
CVE-2026-6264
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
358
|
6.3 |
MEDIUM
Network
|
-
|
-
|
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute ra…
Update
|
CWE-94
CWE-693
Code Injection
Protection Mechanism Failure
|
CVE-2026-39421
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
359
|
- |
|
-
|
-
|
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administr…
Update
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-39424
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
360
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allow…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-34225
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
