Lucene search
+L

17 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-6914

Malicious code in bioql PyPI...

8.1CVSS8.2AI score0.00228EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:15 a.m.6 views

CVE-2024-8027

A stored Cross-Site Scripting XSS vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS attacks during user chats. This vulnerability affects all versions prior to the fix...

6.1CVSS6.4AI score0.00329EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-8024

A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly implementing a restrictive CORS policy is crucial to prevent such securit...

7.5CVSS0.00293EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.4 views

CVE-2024-10264

HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and...

9.8CVSS0.00874EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.10 views

CVE-2024-12864 Unauthenticated DoS by Sending Large Filename at File Upload Endpoint in netease-youdao/qanything

A Denial of Service DoS vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a large...

7.5CVSS0.00811EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:10 a.m.6 views

CVE-2024-12864 Unauthenticated DoS by Sending Large Filename at File Upload Endpoint in netease-youdao/qanything

A Denial of Service DoS vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a large...

7.5CVSS7.1AI score0.00811EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.12 views

CVE-2024-8024 CORS Misconfiguration in netease-youdao/qanything

A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly implementing a restrictive CORS policy is crucial to prevent such securit...

7.5CVSS0.00293EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.10 views

CVE-2024-10264 HTTP Request Smuggling in netease-youdao/qanything

HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and...

7.5CVSS0.00874EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:10 a.m.4 views

CVE-2024-10264 HTTP Request Smuggling in netease-youdao/qanything

HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and...

7.5CVSS7.4AI score0.00874EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/05 11:49 a.m.9 views

CVE-2024-7099

netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...

9.8CVSS7.7AI score0.00608EPSS
Exploits1References1
Huntr
Huntr
added 2024/10/16 11:49 a.m.8 views

Local File Inclusion in netease-youdao/qanything

This report is not public...

7.5CVSS7.1AI score0.0139EPSS
Exploits1
NVD
NVD
added 2024/10/13 9:15 p.m.10 views

CVE-2024-7099

netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...

9.8CVSS0.00608EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/13 9:9 p.m.17 views

CVE-2024-7099 SQL Injection in netease-youdao/qanything

netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...

9.8CVSS0.00608EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/10/13 9:9 p.m.9 views

CVE-2024-7099 SQL Injection in netease-youdao/qanything

netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...

9.8CVSS9.6AI score0.00608EPSS
Exploits1References2
CVE
CVE
added 2024/10/13 9:9 p.m.54 views

CVE-2024-7099

The CVE-2024-7099 issue affects netease-youdao/qanything, vulnerable in version 1.4.1 where unsafe data from user input is concatenated into SQL queries. Functions such as get_knowledge_base_name, from_status_to_status, delete_files, and get_file_by_status are implicated, enabling an attacker to ...

9.8CVSS9.7AI score0.00608EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/10/13 9:9 p.m.10 views

CVE-2024-7099 SQL Injection in netease-youdao/qanything

netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...

9.8CVSS7.5AI score0.00608EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/10/13 12:0 a.m.13 views

PT-2024-38074 · Netease Youdao · Qanything

Name of the Vulnerable Software and Affected Versions: netease-youdao/qanything version 1.4.1 Description: The issue concerns a SQL injection vulnerability where unsafe data obtained from user input is concatenated in SQL queries. This affects functions including get knowledge base name, from...

9.8CVSS10AI score0.00608EPSS
Exploits1References11
Rows per page
Query Builder