17 matches found
EUVD-2025-6914
Malicious code in bioql PyPI...
CVE-2024-8027
A stored Cross-Site Scripting XSS vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS attacks during user chats. This vulnerability affects all versions prior to the fix...
CVE-2024-8024
A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly implementing a restrictive CORS policy is crucial to prevent such securit...
CVE-2024-10264
HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and...
CVE-2024-12864 Unauthenticated DoS by Sending Large Filename at File Upload Endpoint in netease-youdao/qanything
A Denial of Service DoS vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a large...
CVE-2024-12864 Unauthenticated DoS by Sending Large Filename at File Upload Endpoint in netease-youdao/qanything
A Denial of Service DoS vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a large...
CVE-2024-8024 CORS Misconfiguration in netease-youdao/qanything
A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly implementing a restrictive CORS policy is crucial to prevent such securit...
CVE-2024-10264 HTTP Request Smuggling in netease-youdao/qanything
HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and...
CVE-2024-10264 HTTP Request Smuggling in netease-youdao/qanything
HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and...
CVE-2024-7099
netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...
Local File Inclusion in netease-youdao/qanything
This report is not public...
CVE-2024-7099
netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...
CVE-2024-7099 SQL Injection in netease-youdao/qanything
netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...
CVE-2024-7099 SQL Injection in netease-youdao/qanything
netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...
CVE-2024-7099
The CVE-2024-7099 issue affects netease-youdao/qanything, vulnerable in version 1.4.1 where unsafe data from user input is concatenated into SQL queries. Functions such as get_knowledge_base_name, from_status_to_status, delete_files, and get_file_by_status are implicated, enabling an attacker to ...
CVE-2024-7099 SQL Injection in netease-youdao/qanything
netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...
PT-2024-38074 · Netease Youdao · Qanything
Name of the Vulnerable Software and Affected Versions: netease-youdao/qanything version 1.4.1 Description: The issue concerns a SQL injection vulnerability where unsafe data obtained from user input is concatenated in SQL queries. This affects functions including get knowledge base name, from...