CVE-2025-32383

MEDIUM Year: 2025
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

MaxKB (Max Knowledge Base) is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). A reverse shell vulnerability exists in the module of function library. The vulnerability allow privileged‌ users to create a reverse shell. This vulnerability is fixed in v1.10.4-lts.

Related Vulnerabilities

CVE-2022-3242

MEDIUM
CVSS:4.3(Medium)

Code Injection in GitHub repository microweber/microweber prior to 1.3.2.

CWE-942022

CVE-2022-3245

MEDIUM
CVSS:4.3(Medium)

HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit in...

CWE-942022

CVE-2023-50710

MEDIUM
CVSS:4.3(Medium)

Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a r...

CWE-942023

CVE-2023-6126

MEDIUM
CVSS:4.3(Medium)

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

CWE-942023

CVE-2024-13420

MEDIUM
CVSS:4.3(Medium)

Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access due to a missing capability check on several AJAX actions like 'gsf_reset_section_options', 'gsf_reset_section_option...

CWE-942024

CVE-2024-33442

MEDIUM
CVSS:4.3(Medium)

An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component.

CWE-942024