EUVD-2026-5749

A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /xprogramcenter/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is...

O2OA 代码问题漏洞

O2OA is an open-source enterprise application development platform developed by O2OA. Versions of O2OA 9.0.0 and earlier contained code vulnerabilities due to XML external entity references in the HTTP POST request handler...

PT-2026-6875

Name of the Vulnerable Software and Affected Versions O2OA versions prior to 9.0.0 Description A flaw exists in O2OA up to version 9.0.0 related to XML external entity reference. The issue is located within the HTTP POST Request Handler component, specifically in the file /x program...

EUVD-2025-3066

Malicious code in bioql PyPI...

EUVD-2023-51532

Malicious code in bioql PyPI...

EUVD-2024-35383

Malicious code in bioql PyPI...

EUVD-2025-26217

Malicious code in bioql PyPI...

EUVD-2025-26263

Malicious code in bioql PyPI...

EUVD-2025-26286

Malicious code in bioql PyPI...

EUVD-2024-32264

Malicious code in bioql PyPI...

EUVD-2025-26225

Malicious code in bioql PyPI...

CVE-2025-9736

A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /xqueryassembledesigner/jaxrs/statement of the component Personal Profile Page. Such manipulation of the argument description/queryName leads to cross site scripting. The attack may be...

CVE-2025-9734

A security flaw has been discovered in O2OA up to 10.0-410. The impacted element is an unknown function of the file /xqueryassembledesigner/jaxrs/stat of the component Personal Profile Page. The manipulation of the argument name/alias/description/applicationName results in cross site scripting. T...

CVE-2025-9735

A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /xqueryassembledesigner/jaxrs/table of the component Personal Profile Page. This manipulation of the argument description/applicationName/queryName causes cross site scripting. The attack may be...

CVE-2025-9680

A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /xportalassembledesigner/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can be initiated remotely. The exploit is now public an...

CVE-2025-9737 O2OA Personal Profile importmodel cross site scripting

A vulnerability was detected in O2OA up to 10.0-410. Affected is an unknown function of the file /xqueryassembledesigner/jaxrs/importmodel of the component Personal Profile Page. Performing manipulation of the argument description/applicationName/queryName results in cross site scripting. Remote...

CVE-2025-9659

A vulnerability has been found in O2OA up to 10.0-410. The affected element is an unknown function of the file /xportalassembledesigner/jaxrs/widget of the component Personal Profile Page. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been...

CVE-2025-9736

A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /xqueryassembledesigner/jaxrs/statement of the component Personal Profile Page. Such manipulation of the argument description/queryName leads to cross site scripting. The attack may be...

CVE-2025-9736

A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /xqueryassembledesigner/jaxrs/statement of the component Personal Profile Page. Such manipulation of the argument description/queryName leads to cross site scripting. The attack may be...

CVE-2025-9736 O2OA Personal Profile statement cross site scripting

A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /xqueryassembledesigner/jaxrs/statement of the component Personal Profile Page. Such manipulation of the argument description/queryName leads to cross site scripting. The attack may be...