Browse all 7 CVE security advisories affecting netease-youdao. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Netease-youdao provides internet services including translation tools, email, and cloud collaboration platforms. Historically, their vulnerabilities have frequently included remote code execution, cross-site scripting, and privilege escalation flaws. The company has faced multiple security incidents, with seven CVEs recorded to date, highlighting ongoing challenges in securing their web applications and APIs. Their security posture appears typical for Chinese internet firms, with vulnerabilities often stemming from insufficient input validation and access control issues. While no major public breaches have been widely reported, the consistent discovery of vulnerabilities suggests room for improvement in their secure development lifecycle and patch management processes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-12866 | Local File Inclusion in netease-youdao/qanything — netease-youdao/qanythingCWE-22 | 9.8 | - | 2025-03-20 |
| CVE-2024-8026 | CSRF due to overly permissive CORS headers in netease-youdao/qanything — netease-youdao/qanythingCWE-352 | 8.8 | - | 2025-03-20 |
| CVE-2024-12864 | Unauthenticated DoS by Sending Large Filename at File Upload Endpoint in netease-youdao/qanything — netease-youdao/qanythingCWE-400 | 7.5 | - | 2025-03-20 |
| CVE-2024-8027 | Stored Cross-Site Scripting (XSS) in netease-youdao/QAnything — netease-youdao/qanythingCWE-79 | 5.4 | - | 2025-03-20 |
| CVE-2024-8024 | CORS Misconfiguration in netease-youdao/qanything — netease-youdao/qanythingCWE-346 | 7.5 | - | 2025-03-20 |
| CVE-2024-10264 | HTTP Request Smuggling in netease-youdao/qanything — netease-youdao/qanythingCWE-444 | 9.8 | - | 2025-03-20 |
| CVE-2024-7099 | SQL Injection in netease-youdao/qanything — netease-youdao/qanythingCWE-89 | 9.1 | - | 2024-10-13 |
This page lists every published CVE security advisory associated with netease-youdao. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.