📦 Qanything

CVE-2024-10264 is an HTTP request smuggling vulnerability in netease-youdao/qanything version 1.4.1 that allows attackers to bypass security controls by exploiting differences in how HTTP requests are...

A CORS misconfiguration in netease-youdao/qanything version 1.4.1 allows attackers to bypass Same-Origin Policy protections, potentially exposing sensitive data from web applications. This affects any...

An unauthenticated Denial of Service vulnerability exists in netease-youdao/qanything v2.0.0 where attackers can send file upload requests with excessively large filenames, overwhelming the server and...

A local file inclusion vulnerability in netease-youdao/qanything v2.0.0 allows attackers to read arbitrary files on the file system. This can lead to sensitive data exposure including SSH keys, config...

A stored Cross-Site Scripting vulnerability in netease-youdao/QAnything allows attackers to upload malicious knowledge files that execute arbitrary JavaScript when users interact with the chat interfa...