CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32383 – MaxKB has a reverse shell vulnerability in function library
https://notcve.org/view.php?id=CVE-2025-32383
10 Apr 2025 — MaxKB (Max Knowledge Base) is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). A reverse shell vulnerability exists in the module of function library. The vulnerability allow privileged users to create a reverse shell. This vulnerability is fixed in v1.10.4-lts. • https://github.com/1Panel-dev/MaxKB/commit/4ae02c8d3eb65542c88ef58c0abd94c52c949d8f • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56137 – MaxKB RCE vulnerability in function library
https://notcve.org/view.php?id=CVE-2024-56137
02 Jan 2025 — MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerability allow privileged users to execute OS command in custom scripts. The vulnerability has been fixed in v1.9.0. • https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-76w2-2g72-cg85 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •