Every CVE whose affected-product data names Youdao Qanything, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2024-10264 — CVSS 9.8 (critical): HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the…
CVE-2024-12864 — CVSS 7.5 (high): A Denial of Service (DoS) vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The…
CVE-2024-12866 — CVSS 7.5 (high): A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an attacker to read…
CVE-2024-8024 — CVSS 7.5 (high): A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the…
CVE-2024-8027 — CVSS 6.1 (medium): A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the…