Approved changes feed: RSS · Atom

cpe:2.3:a:yonyou:u8_cloud:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorYonyou (a668f63b-2cb4-5f30-bc75-258237007bd5)
ProductU8 Cloud (c3e812b6-5c37-5ace-9f37-399197dc83bc)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-14185 vulnerable 2026-06-08 07:06:33.813691 Yonyou U8 Cloud AppServletService.class sql injection
MEDIUM (6.3)
A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-12-07T05:02:05.601Z
Updated: 2025-12-08T17:12:57.821Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-12344 vulnerable 2026-06-08 07:04:30.058719 Yonyou U8 Cloud Request Header NCloudGatewayServlet unrestricted upload
MEDIUM (6.3)
A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-10-28T01:32:05.689Z
Updated: 2025-10-28T14:07:12.828Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.