|
1491
|
7.4 |
HIGH
Network
|
maxkb
|
maxkb
|
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the …
|
CWE-78
CWE-693
OS Command
Protection Mechanism Failure
|
CVE-2026-39420
|
2026-04-21 02:35 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1492
|
7.4 |
HIGH
Network
|
maxkb
|
maxkb
|
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute ra…
|
CWE-94
CWE-693
Code Injection
Protection Mechanism Failure
|
CVE-2026-39421
|
2026-04-21 02:35 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1493
|
5.4 |
MEDIUM
Network
|
maxkb
|
maxkb
|
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability through the application name or icon fields when creating an ap…
|
CWE-79
Cross-site Scripting
|
CVE-2026-39422
|
2026-04-21 02:34 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1494
|
5.4 |
MEDIUM
Network
|
maxkb
|
maxkb
|
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with…
|
CWE-79
CWE-95
Cross-site Scripting
Eval Injection
|
CVE-2026-39423
|
2026-04-21 02:34 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1495
|
4.7 |
MEDIUM
Network
|
maxkb
|
maxkb
|
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administr…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-39424
|
2026-04-21 02:34 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1496
|
3.1 |
LOW
Network
|
maxkb
|
maxkb
|
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python fram…
|
CWE-74
CWE-290
CWE-693
Injection
Authentication Bypass by Spoofing
Protection Mechanism Failure
|
CVE-2026-39419
|
2026-04-21 02:32 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1497
|
5.4 |
MEDIUM
Network
|
maxkb
|
maxkb
|
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability that allows authenticated users to inject arbitrary HTML and Ja…
|
CWE-80
Basic XSS
|
CVE-2026-39425
|
2026-04-21 02:31 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1498
|
5.4 |
MEDIUM
Network
|
maxkb
|
maxkb
|
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability where the frontend's MdRenderer.vue component parses custom <if…
|
CWE-79
Cross-site Scripting
|
CVE-2026-39426
|
2026-04-21 02:31 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1499
|
- |
|
-
|
-
|
miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPActio…
|
CWE-125
CWE-191
Out-of-bounds Read
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-5720
|
2026-04-21 02:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1500
|
8.8 |
HIGH
Network
|
-
|
-
|
KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_ff…
|
CWE-122
CWE-190
Heap-based Buffer Overflow
Integer Overflow or Wraparound
|
CVE-2026-41445
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
