All 7 CVE vulnerabilities found in netease-youdao/qanything, with AI-generated Chinese analysis, references, and POCs.
Vendor: netease-youdao
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-12866 | Local File Inclusion in netease-youdao/qanything CWE-22 | 9.8 | - | 2025-03-20 |
| CVE-2024-8026 | CSRF due to overly permissive CORS headers in netease-youdao/qanything CWE-352 | 8.8 | - | 2025-03-20 |
| CVE-2024-12864 | Unauthenticated DoS by Sending Large Filename at File Upload Endpoint in netease-youdao/qanything CWE-400 | 7.5 | - | 2025-03-20 |
| CVE-2024-8027 | Stored Cross-Site Scripting (XSS) in netease-youdao/QAnything CWE-79 | 5.4 | - | 2025-03-20 |
| CVE-2024-8024 | CORS Misconfiguration in netease-youdao/qanything CWE-346 | 7.5 | - | 2025-03-20 |
| CVE-2024-10264 | HTTP Request Smuggling in netease-youdao/qanything CWE-444 | 9.8 | - | 2025-03-20 |
| CVE-2024-7099 | SQL Injection in netease-youdao/qanything CWE-89 | 9.1 | - | 2024-10-13 |
All 7 known CVE vulnerabilities affecting netease-youdao/qanything with full Chinese analysis, references, and POCs where available.