CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Qanything: Security Vulnerabilities

CVE-2024-8026

A Cross-Site Request Forgery (CSRF) vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc. The backend server has overly permissive CORS headers, allowing all cross-origin calls. This vulnerability affects all backend endpoints, enabling actions such as creating, uploading, listing, deleting files, and managing knowledge bases.

CVSS Score

8.1

EPSS Score

0.0

Published

2025-03-20

CVE-2024-25722

qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection.

CVSS Score

9.8

EPSS Score

0.0

Published

2024-02-11

Page 1

Vulnerabilities

Vulnerable Software

Qanything: Security Vulnerabilities

Products

Pricing

Contact Us