39 matches found
EUVD-2024-23033
Malicious code in bioql PyPI...
EUVD-2025-6914
Malicious code in bioql PyPI...
CVE-2024-25722
qanythingkernel/connector/database/mysql/mysqlclient.py in qanything.ai QAnything before 1.2.0 allows SQL Injection...
CVE-2024-8027
A stored Cross-Site Scripting XSS vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS attacks during user chats. This vulnerability affects all versions prior to the fix...
CVE-2024-8026
A Cross-Site Request Forgery CSRF vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc. The backend server has overly permissive CORS headers, allowing all cross-origin calls. This vulnerability affects all backend endpoints, enabling actions such as creating,...
CVE-2024-8024
A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly implementing a restrictive CORS policy is crucial to prevent such securit...
CVE-2024-8024
A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly implementing a restrictive CORS policy is crucial to prevent such securit...
CVE-2024-12864
A Denial of Service DoS vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a large...
CVE-2024-12866
A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an attacker to read arbitrary files on the file system, which can lead to remote code execution by retrieving private SSH keys, reading private files, source code, and configuration...
CVE-2024-10264
HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and...
CVE-2024-10264
HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and...
CVE-2024-12864 Unauthenticated DoS by Sending Large Filename at File Upload Endpoint in netease-youdao/qanything
A Denial of Service DoS vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a large...
CVE-2024-8027 Stored Cross-Site Scripting (XSS) in netease-youdao/QAnything
A stored Cross-Site Scripting XSS vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS attacks during user chats. This vulnerability affects all versions prior to the fix...
CVE-2024-8027 Stored Cross-Site Scripting (XSS) in netease-youdao/QAnything
A stored Cross-Site Scripting XSS vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS attacks during user chats. This vulnerability affects all versions prior to the fix...
CVE-2024-8024 CORS Misconfiguration in netease-youdao/qanything
A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly implementing a restrictive CORS policy is crucial to prevent such securit...
CVE-2024-10264 HTTP Request Smuggling in netease-youdao/qanything
HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and...
NetEase QAnything 路径遍历漏洞
NetEase QAnything is a local knowledgebase question and answer system from China's NetEase that is designed to support files or databases in any format, and can be installed and used offline. A path traversal vulnerability exists in NetEase QAnything version v2.0.0, which stems from an unvalidate...
NetEase QAnything 安全漏洞
NetEase QAnything is a local knowledge base question and answer system dedicated to supporting arbitrary format files or databases from China's NetEase NetEase, which can be installed and used offline. A security vulnerability exists in NetEase QAnything, which stems from a cross-site request...
NetEase QAnything 访问控制错误漏洞
NetEase QAnything is a local knowledge base question and answer system from China's NetEase NetEase dedicated to supporting arbitrary format files or databases, which can be installed and used offline. An access control error vulnerability exists in NetEase QAnything version 1.4.1, which stems fr...
NetEase QAnything 环境问题漏洞
NetEase QAnything is a local knowledge base question and answer system dedicated to supporting arbitrary format files or databases from China's NetEase NetEase, which can be installed and used offline. An environmental issue vulnerability exists in NetEase QAnything version 1.4.1 that originates...