NC 漏洞列表
共找到 200 个与 NC 相关的漏洞
📅 加载漏洞趋势中...
- 2025-11-14用友NC /portal/pt/oacoSchedulerEvents/uncancelEvent SQL 注入漏洞
- 2025-11-14用友NC /ebvp/register/qrySubPurchaseOrgByParentPk SQL 注入漏洞
- 2025-11-07用友 NC Cloud /ncchr/pm/obj/queryPsnInfo SQL 注入漏洞
- 2025-11-03用友NC /portal/pt/infopathimport/importExcelTemplate pageId 文件上传漏洞
- 2025-10-22用友NC OAUserQryServlet 反序列化漏洞
- 2025-10-13用友NC OAUserAuthenticationServlet 反序列化漏洞
- 2025-10-11用友NC ContactsQueryServiceServlet 反序列化漏洞
- POC 2025-10-11用友NC UserSynchronizationServlet 反序列化漏洞
- 2025-10-11用友NC ContactsFuzzySearchServlet 反序列化漏洞
- 2025-10-10用友NC fwd XSS漏洞
- 2025-10-09(CVE-2025-54253)Adobe Experience Manager配置错误导致任意代码执行漏洞
- 2025-10-07(CVE-2025-61882)Oracle Concurrent Processing BI Publisher Integration 远程接管漏洞
- 2025-09-25用友 U8 Cloud NCCloudGatewayServlet存在命令执行漏洞
- 2025-09-18QNAP Qsync Central 路径遍历漏洞
- 2025-09-18QNAP Qsync Central 路径遍历漏洞
- 2025-09-18QNAP Qsync Central SQL注入漏洞
- 2025-09-18QNAP Qsync Central 信任管理问题漏洞
- 2025-09-09(CVE-2025-54251)Adobe Experience Manager XML注入漏洞导致安全功能绕过
- 2025-09-09(CVE-2025-54249) Adobe Experience Manager SSRF漏洞导致安全功能绕过
- 2025-09-05ChanCMS系统/api/sysUser/login存在默认弱口令
- POC 2025-09-05用友NC IMsgCenterWebService 命令执行漏洞
- POC 2025-09-05用友nc soapRequest.ajax 命令执行漏洞
- 2025-09-04用友NC存在 PaWfm2/open SQL注入漏洞
- 2025-09-01用友NC系统workflowService接口SQL注入漏洞
- 2025-09-01用友NC importTemplate XML实体注入(XXE)漏洞
- 2025-09-01CVE-2019-3396: Atlassian Confluence Path Traversal
- 2025-09-01yonyou-nc-arbitrary-file-upload: Yonyou NC Arbitrary file upload
- 2025-09-01yonyou-nc-monitorservlet-rce: Yonyou NC monitors servlet RCE
- 2025-09-01yonyou-nc-ncmessageservlet-rce: Yonyou NC messages servlet RCE
- 2025-09-01yonyou-nc-portalfile-fileread: 用友NC portal/file 任意文件读取漏洞
- 2025-09-01yonyou-nc-uploadservlet-rce: Yonyou NC upload servlet rce
- 2025-09-01nacos-sync-login-bypass: Nacos-Sync 未授权进后台
- 2025-08-28用友NC content存在XXE实体注入漏洞
- 2025-08-28Dell KACE Systems Management Appliance (K1000)存在命令执行漏洞(CVE-2019-20504)
- 2025-08-28Network Technologies Inc ENVIROMUX存在默认口令
- 2025-08-27用友NC getOtherData 存在SQL注入漏洞
- 2025-08-26用友NC mtapptimeline/doApply 存在SQL注入漏洞
- 2025-08-25Atlassian Confluence /json/setup-restore.action 文件上传漏洞(CVE-2023-22518)
- 2025-08-25用友NC doSingUp SQL注入漏洞
- 2025-08-22用友NC /portal/pt/oacoSchedulerEvents/changeEvent SQL 注入漏洞
- 2025-08-21用友NC /portal/pt/oncelogin/getAuth SQL 注入漏洞
- 2025-08-20ETQ Reliance存在反射xss漏洞(CVE-2025-34141)
- POC 2025-08-15用友NC importExcelTemplate 任意文件上传
- 2025-08-15(CVE-2025-5047)Autodesk AutoCAD解析DGN文件未初始化变量漏洞
- 2025-08-15(CVE-2025-5046)Autodesk AutoCAD DGN文件处理越界读漏洞
- 2025-08-13ChanCMS 存在远程命令执行漏洞(CVE-2025-8266)
- 2025-08-12用友NC importCombo XML实体注入(XXE)漏洞
- 2025-08-12关于NC系统oncelogin getAuth 接口存在sql注入漏洞的修复通告
- 2025-08-11用友NC系统pagesServlet接口SQL注入漏洞
- 2025-08-08用友NC /ebvp/infopub/warningDetailInfo SQL 注入漏洞
- 2025-08-08用友NC /ebvp/advorappcoll/complainbilldetail SQL 注入漏洞
- 2025-08-08用友NC /portal/pt/downTax/download SQL 注入漏洞
- 2025-08-08用友NC /portal/pt/servlet/pagesServlet/doPost SQL 注入漏洞
- 2025-08-07InvisionCommunity存在代码注入漏洞(CVE-2025-47916)
- POC 2025-08-01CVE-2023-49105: OwnCloud - WebDAV API Authentication Bypass
- POC 2025-08-01CVE-2010-1345: Joomla! Component Cookex Agency CKForms - Local File Inclusion
- POC 2025-08-01CVE-2010-4231: Camtron CMNC-200 IP Camera - Directory Traversal
- POC 2025-08-01CVE-2011-4618: Advanced Text Widget < 2.0.2 - Cross-Site Scripting
- POC 2025-08-01CVE-2013-7240: WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal
- POC 2025-08-01CVE-2015-6477: Nordex NC2 - Cross-Site Scripting
- POC 2025-08-01CVE-2015-8399: Atlassian Confluence <5.8.17 - Information Disclosure
- POC 2025-08-01CVE-2016-1000132: WordPress enhanced-tooltipglossary 3.2.8 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-7552: Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass
- POC 2025-08-01CVE-2018-10201: Ncomputing vSPace Pro 10 and 11 - Directory Traversal
- POC 2025-08-01CVE-2018-11231: Opencart Divido - Sql Injection
- POC 2025-08-01CVE-2018-15745: Argus Surveillance DVR 4.0.0.0 - Local File Inclusion
- POC 2025-08-01CVE-2018-16716: NCBI ToolBox - Directory Traversal
- POC 2025-08-01CVE-2018-19207: WP GDPR Compliance < 1.4.3 - Unauthenticated Call Any Action or Update Any Option
- POC 2025-08-01CVE-2018-19386: SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
- POC 2025-08-01CVE-2018-5230: Atlassian Jira Confluence - Cross-Site Scripting
- POC 2025-08-01CVE-2018-7251: Anchor CMS 0.12.3 - Error Log Exposure
- POC 2025-08-01CVE-2019-16469: Adobe Experience Manager - Expression Language Injection
- POC 2025-08-01CVE-2019-17662: ThinVNC 1.0b1 - Authentication Bypass
- POC 2025-08-01CVE-2019-20504: Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Remote Code Execution
- POC 2025-08-01CVE-2019-2588: Oracle Business Intelligence - Path Traversal
- POC 2025-08-01CVE-2019-2616: Oracle Business Intelligence/XML Publisher - XML External Entity Injection
- POC 2025-08-01CVE-2019-2767: Oracle Business Intelligence Publisher - XML External Entity Injection
- POC 2025-08-01CVE-2019-3396: Atlassian Confluence Server - Path Traversal
- POC 2025-08-01CVE-2019-3398: Atlassian Confluence Download Attachments - Remote Code Execution
- POC 2025-08-01CVE-2019-5127: YouPHPTube Encoder 2.3 - Remote Command Injection
- POC 2025-08-01CVE-2019-5128: YouPHPTube Encoder - Arbitrary File Write
- POC 2025-08-01CVE-2019-5129: YouPHPTube Encoder 2.3 - Command Injection
- POC 2025-08-01CVE-2019-8086: Adobe Experience Manager - XML External Entity Injection
- POC 2025-08-01CVE-2020-16139: Cisco Unified IP Conference Station 7937G - Denial-of-Service
- POC 2025-08-01CVE-2020-29597: IncomCMS 2.0 - Arbitrary File Upload
- POC 2025-08-01CVE-2020-3187: Cisco Adaptive Security Appliance Software/Cisco Firepower Threat Defense - Directory Traversal
- POC 2025-08-01CVE-2020-3452: Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion
- POC 2025-08-01CVE-2020-35598: Advanced Comment System 1.0 - Local File Inclusion
- POC 2025-08-01CVE-2020-6308: SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery
- POC 2025-08-01CVE-2021-24169: WordPress Advanced Order Export For WooCommerce <3.1.8 - Authenticated Cross-Site Scripting
- POC 2025-08-01CVE-2021-24370: WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload
- POC 2025-08-01CVE-2021-26084: Confluence Server - Remote Code Execution
- POC 2025-08-01CVE-2021-26085: Atlassian Confluence Server - Local File Inclusion
- POC 2025-08-01CVE-2021-27748: IBM WebSphere HCL Digital Experience - Server-Side Request Forgery
- POC 2025-08-01CVE-2021-30497: Ivanti Avalanche 6.3.2 - Local File Inclusion
- POC 2025-08-01CVE-2021-31602: Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass
- POC 2025-08-01CVE-2021-3654: Nova noVNC - Open Redirect
- POC 2025-08-01CVE-2021-37589: Virtua Software Cobranca <12R - Blind SQL Injection
- POC 2025-08-01CVE-2021-42237: Sitecore Experience Platform Pre-Auth RCE
- POC 2025-08-01CVE-2021-44529: Ivanti EPM Cloud Services Appliance Code Injection
- POC 2025-08-01CVE-2021-46387: Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting
- POC 2025-08-01CVE-2022-1007: WordPress Advanced Booking Calendar <1.7.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-1392: WordPress Videos sync PDF <=1.7.4 - Local File Inclusion
- POC 2025-08-01CVE-2022-1952: WordPress eaSYNC Booking <1.1.16 - Arbitrary File Upload
- POC 2025-08-01CVE-2022-25226: ThinVNC - Authentication Bypass
- POC 2025-08-01CVE-2022-26134: Confluence - Remote Code Execution
- POC 2025-08-01CVE-2022-26138: Atlassian Questions For Confluence - Hardcoded Credentials
- POC 2025-08-01CVE-2022-27927: Microfinance Management System 1.0 - SQL Injection
- POC 2025-08-01CVE-2022-40022: Symmetricom SyncServer Unauthenticated - Remote Command Execution
- POC 2025-08-01CVE-2022-4059: Cryptocurrency Widgets Pack < 2.0 - SQL Injection
- POC 2025-08-01CVE-2022-43014: OpenCATS 0.9.6 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-43015: OpenCATS 0.9.6 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-43016: OpenCATS 0.9.6 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-43017: OpenCATS 0.9.6 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-43018: OpenCATS 0.9.6 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-48012: OpenCATS 0.9.7 - Cross-Site Scripting
- POC 2025-08-01CVE-2023-1263: Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access
- POC 2025-08-01CVE-2023-1671: Sophos Web Appliance - Remote Code Execution
- POC 2025-08-01CVE-2023-22515: Atlassian Confluence - Privilege Escalation
- POC 2025-08-01CVE-2023-22518: Atlassian Confluence Server - Improper Authorization
- POC 2025-08-01CVE-2023-22527: Atlassian Confluence - Remote Code Execution
- POC 2025-08-01CVE-2023-27032: PrestaShop AdvancedPopupCreator - SQL Injection
- POC 2025-08-01CVE-2023-27292: OpenCATS - Open Redirect
- POC 2025-08-01CVE-2023-30777: Advanced Custom Fields < 6.1.6 - Cross-Site Scripting
- POC 2025-08-01CVE-2023-3188: Owncast - Server Side Request Forgery
- POC 2025-08-01CVE-2023-32563: Ivanti Avalanche - Remote Code Execution
- POC 2025-08-01CVE-2023-34020: Uncanny Toolkit for LearnDash - Open Redirection
- POC 2025-08-01CVE-2023-42343: OpenCMS - Cross-Site Scripting
- POC 2025-08-01CVE-2023-42344: OpenCMS - XML external entity (XXE)
- POC 2025-08-01CVE-2023-49103: OwnCloud - Phpinfo Configuration
- POC 2025-08-01CVE-2023-49230: Peplink Balance Two before 8.4.0 - Unauthenticated Config Upload
- POC 2025-08-01CVE-2023-6379: OpenCMS 14 & 15 - Cross Site Scripting
- POC 2025-08-01CVE-2023-6380: OpenCms 14 & 15 - Open Redirect
- POC 2025-08-01CVE-2024-0305: Ncast busiFacade - Remote Command Execution
- POC 2025-08-01CVE-2024-10516: Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion
- POC 2025-08-01CVE-2024-1709: ConnectWise ScreenConnect 23.9.7 - Authentication Bypass
- POC 2025-08-01CVE-2024-21683: Atlassian Confluence Data Center and Server - Remote Code Execution
- POC 2025-08-01CVE-2024-25669: CaseAware a360inc - Cross-Site Scripting
- POC 2025-08-01CVE-2024-31851: CData Sync < 23.4.8843 - Path Traversal
- POC 2025-08-01CVE-2024-33605: Sharp Multifunction Printers - Directory Listing
- POC 2025-08-01CVE-2024-33610: Sharp Multifunction Printers - Cookie Exposure
- POC 2025-08-01CVE-2024-3822: Base64 Encoder/Decoder <= 0.9.2 - Cross-Site Scripting
- POC 2025-08-01CVE-2024-38472: Apache HTTPd Windows UNC - Server-Side Request Forgery
- POC 2025-08-01CVE-2024-38653: Ivanti Avalanche SmartDeviceServer - XML External Entity
- POC 2025-08-01CVE-2024-46938: Sitecore Experience Platform <= 10.4 - Arbitrary File Read
- POC 2025-08-01CVE-2024-6049: Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal
- POC 2025-08-01CVE-2024-7188: Bylancer Quicklancer 2.4 G - SQL Injection
- POC 2025-08-01CVE-2024-7591: Kemp LoadMaster Load Balancer - Unauthenticated Command Injection
- POC 2025-08-01CVE-2024-8963: Ivanti Cloud Services Appliance - Path Traversal
- POC 2025-08-01CVE-2024-9796: WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection
- POC 2025-08-01CVE-2025-2075: Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
- POC 2025-08-01CVE-2025-2709: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2025-2710: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2025-2711: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2025-2712: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2025-27218: Sitecore Experience Manager (XM)/Experience Platform (XP) 10.4 - Insecure Deserialization
- POC 2025-08-01CVE-2025-2748: Kentico Xperience CMS - Unauthenticated Stored XSS
- POC 2025-08-01CVE-2025-34026: Versa Concerto Actuator Endpoint - Authentication Bypass
- POC 2025-08-01CVE-2025-34027: Versa Concerto API Path Based - Authentication Bypass
- POC 2025-08-01CVE-2025-34141: ETQ Reliance - Reflected XSS via SQLConverterServlet
- POC 2025-08-01CVE-2025-34143: ETQ Reliance - Authentication Bypass via Trailing Space
- POC 2025-08-01CNVD-2020-23735: Xxunchi Local File read
- POC 2025-08-01CVE-2015-6477: Nordex NC2 - Cross-Site Scripting
- POC 2025-08-01CVE-2015-8399: Atlassian Confluence configuration files read
- POC 2025-08-01CVE-2019-5128: YouPHPTube Encoder base64Url getImageMP4.php命令注入漏洞
- POC 2025-08-01CVE-2019-5129: YouPHPTube Encoder getSpiritsFromVideo.php base64Url命令注入漏洞
- POC 2025-08-01CVE-2021-26084: Confluence Server OGNL injection - RCE
- POC 2025-08-01CVE-2021-26085: Confluence Pre-Authorization Arbitrary File Read
- POC 2025-08-01CVE-2021-3654: noVNC Open Redirect
- POC 2025-08-01unattached-disk-encryption-disabled: Encryption for Unattached Disks - Disabled
- POC 2025-08-01unattached-vminstance-encryption-disabled: Encryption for VM Instance Disks - Disabled
- POC 2025-08-01sse-smk-disabled: Server-Side Encryption with Service Managed Key - Disabled
- POC 2025-08-01password-policy-length-unconfigured: RAM Password Policy requires Minimum Length 14 or Greater
- POC 2025-08-01password-policy-symbol-unconfigured: RAM Password Policy requires atleast One Symbol - Unconfigured
- POC 2025-08-01password-policy-uppercase-unconfigured: RAM Password Policy requires atleast One Uppercase - Unconfigured
- POC 2025-08-01mysql-audit-disabled: MySQL Database Instances - SQL Auditing Disabled
- POC 2025-08-01CVE-2022-22963: Spring Cloud Function SPEL 远程命令执行漏洞
- POC 2025-08-01rds-audit-disabled: RDS Database Instances - SQL Auditing Disabled
- POC 2025-08-01transparent-encryption-disabled: Transparent Data Encryption - Disabled
- POC 2025-08-01CVE-2022-26134: Atlassian Confluence OGNL注入漏洞
- POC 2025-08-01ec2-imdsv2: Enforce IMDSv2 on EC2 Instances
- POC 2025-08-01CVE-2023-1671: Sophos Web Appliance - Remote Code Execution
- POC 2025-08-01CVE-2023-22515: Atlassian Confluence - Privilege Escalation
- POC 2025-08-01CVE-2023-22518: Atlassian Confluence Server - Improper Authorization
- POC 2025-08-01unencrypted-aws-ami: Unencrypted AWS AMI
- POC 2025-08-01CVE-2023-22527: Atlassian Confluence远程代码执行漏洞
- POC 2025-08-01eks-kubernetes-secrets-encryption: EKS Kubernetes Secrets not Encrypted
- POC 2025-08-01firehose-server-destination-encryption: Firehose Delivery Stream Destination Encryption - Disabled
- POC 2025-08-01firehose-server-side-encryption: Firehose Delivery Stream Server-Side Encryption - Disabled
- POC 2025-08-01CVE-2024-0305: Ncast盈可视高清智能录播系统存在RCE漏洞
- POC 2025-08-01azure-lb-create-update-missing: Azure Load Balancer Create or Update Alert Not Configured
- POC 2025-08-01CVE-2024-50623: Cleo Synchronization 任意文件读取
- POC 2025-08-01azure-openai-managed-identity-not-used: Azure OpenAI Service Instance Managed Identity Not Used
- POC 2025-08-01azure-openai-private-endpoints-unconfigured: Azure OpenAI Service Instances Not Using Private Endpoints
- POC 2025-08-01azure-functionapp-access-keys-missing: Azure Function Access Keys Configuration
- POC 2025-08-01azure-functionapp-admin-privileges: Azure Functions with Admin Privileges
- POC 2025-08-01azure-functionapp-appinsights-missing: Application Insights Integration for Azure Function Apps
- POC 2025-08-01azure-functionapp-public-exposure: Exposed Azure Functions
- POC 2025-08-01azure-functionapp-system-assigned-missing: System-Assigned Managed Identities for Azure Functions
- POC 2025-08-01azure-functionapp-user-assigned-id-missing: User-Assigned Managed Identities for Azure Functions