Youdao Qanything
5 CVEs affecting Youdao Qanything. Latest disclosed: 2025-03-20. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-10264 | Critical | 9.8 | 2025-03-20 | HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP reques… |
CVE-2024-8024 | High | 7.5 | 2025-03-20 | A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy… |
CVE-2024-12866 | High | 7.5 | 2025-03-20 | A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an attacker to read arbitrary files on the fi… |
CVE-2024-12864 | High | 7.5 | 2025-03-20 | A Denial of Service (DoS) vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to impro… |
CVE-2024-8027 | Medium | 6.1 | 2025-03-20 | A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, whi… |