| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39426 | MaxKB: Stored XSS via Unsanitized iframe_render Parsing | 1Panel-dev | MaxKB | 中危 | - | 2026-04-14 01:25:11 | Deep Dive |
| CVE-2026-39425 | MaxKB: Stored XSS via Unsanitized html_rander Tags in Markdown Rendering | 1Panel-dev | MaxKB | 中危 | - | 2026-04-14 01:18:43 | Deep Dive |
| CVE-2026-39419 | MaxKB: Sandbox Result Validation Bypass via Tool Output Spoofing | 1Panel-dev | MaxKB | Low | 3.1 | 2026-04-14 01:03:41 | Deep Dive |
| CVE-2026-39424 | MaxKB has CSV Injection in its Application Chat Export Functionality | 1Panel-dev | MaxKB | 中危 | - | 2026-04-14 00:56:57 | Deep Dive |
| CVE-2026-39423 | Stored XSS via Eval Injection in EchartsRander Component | 1Panel-dev | MaxKB | 中危 | - | 2026-04-14 00:28:48 | Deep Dive |
| CVE-2026-39422 | MaxKB has Stored XSS via ChatHeadersMiddleware | 1Panel-dev | MaxKB | 中危 | - | 2026-04-14 00:22:51 | Deep Dive |
| CVE-2026-39421 | MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect | 1Panel-dev | MaxKB | Medium | 6.3 | 2026-04-14 00:17:10 | Deep Dive |
| CVE-2026-39420 | MaxKB: Sandbox escape via LD_PRELOAD bypass | 1Panel-dev | MaxKB | Medium | 6.3 | 2026-04-14 00:13:01 | Deep Dive |
| CVE-2026-39418 | MaxKB: SSRF via sandbox network hook bypass | 1Panel-dev | MaxKB | Medium | 5.0 | 2026-04-14 00:08:50 | Deep Dive |
| CVE-2026-39417 | MaxKB: RCE via MCP stdio command injection in workflow engine | 1Panel-dev | MaxKB | Medium | 4.6 | 2026-04-14 00:03:16 | Deep Dive |
| CVE-2025-15632 | 1Panel-dev MaxKB MdPreview chat.ts cross site scripting | 1Panel-dev | MaxKB | Low | 3.5 | 2026-04-13 09:30:21 | Deep Dive |
| CVE-2026-6108 | 1Panel-dev MaxKB Model Context Protocol Node base_mcp_node.py execute os command injection | 1Panel-dev | MaxKB | Medium | 6.3 | 2026-04-12 01:00:20 | Deep Dive |
| CVE-2026-6107 | 1Panel-dev MaxKB ChatHeadersMiddleware chat_headers_middleware.py cross site scripting | 1Panel-dev | MaxKB | Low | 3.5 | 2026-04-12 00:45:19 | Deep Dive |
| CVE-2026-6106 | 1Panel-dev MaxKB Public Chat static_headers_middleware.py StaticHeadersMiddleware cross site scripting | 1Panel-dev | MaxKB | Low | 3.5 | 2026-04-11 22:15:14 | Deep Dive |
| CVE-2026-23525 | 1panel App Store vulnerable to Cross-site Scripting | 1Panel-dev | 1Panel | Medium | 6.4 | 2026-01-18 22:11:00 | Deep Dive |
| CVE-2025-66446 | MaxKB has a Python sandbox LD_PRELOAD bypass | 1Panel-dev | MaxKB | High | 8.8 | 2025-12-11 21:47:22 | Deep Dive |
| CVE-2025-66419 | MaxKB vulnerable to privilege escalation through sandbox bypass | 1Panel-dev | MaxKB | High | 8.8 | 2025-12-11 21:39:15 | Deep Dive |
| CVE-2025-66508 | 1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers | 1Panel-dev | 1Panel | Medium | 6.5 | 2025-12-09 01:37:10 | Deep Dive |
| CVE-2025-66507 | 1Panel – CAPTCHA Bypass via Client-Controlled Flag | 1Panel-dev | 1Panel | High | 7.5 | 2025-12-09 01:25:48 | Deep Dive |
| CVE-2025-64703 | MaxKB has Information Leak in sandbox | 1Panel-dev | MaxKB | Medium | 6.3 | 2025-11-13 15:52:44 | Deep Dive |