CVE-2025-63914 — CVSS 6.5 (medium): An issue was discovered in Cinnamon kotaemon 0.11.0. The _may_extract_zip function in the \libs\ktem\ktem\index\file\ui.py file does not…
CVE-2025-56526 — CVSS 6.1 (medium): Cross site scripting (XSS) vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF.