liqiang-fit2cloud

3 exploits Active since Sep 2023
CVE-2023-41878 WRITEUP MEDIUM WRITEUP
Metersphere < 2.10.7 - Hard-coded Credentials
MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high permissions. This issue has been addressed in version 2.10.7 LTS. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 4.6
CVE-2025-32383 WRITEUP MEDIUM WRITEUP
Maxkb < 1.10.4 - Code Injection
MaxKB (Max Knowledge Base) is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). A reverse shell vulnerability exists in the module of function library. The vulnerability allow privileged‌ users to create a reverse shell. This vulnerability is fixed in v1.10.4-lts.
CVSS 4.3
CVE-2025-66419 WRITEUP HIGH WRITEUP
MaxKB <2.4.0 - Privilege Escalation
MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.
CVSS 8.8