Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

131 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:50 p.m.4 views

CVE-2026-7291

A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

6.5CVSS6.2AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:50 p.m.6 views

CVE-2026-7292

A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The...

6.3CVSS5AI score0.00258EPSS
Exploits0References1
NVD
NVDadded 2026/04/28 7:37 p.m.4 views

CVE-2026-7292

A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The...

6.3CVSS0.00258EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/28 5:30 p.m.2 views

CVE-2026-7292

A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The...

6.3CVSS4.9AI score0.00258EPSS
Exploits0References5
CVE
CVEadded 2026/04/28 5:30 p.m.10 views

CVE-2026-7292

CVE-2026-7292 affects o2oa up to v10.0, in the NodeAgent.py syncFile function, causing improper authorization. The issue can be triggered remotely with high attack complexity; exploit maturity is PROOF-OF-CONCEPT and report confidence is REASONABLE. CVSS details: CVSSv3.1 base 5.6 (NETWORK, HIGH ...

6.3CVSS5AI score0.00258EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/04/28 5:30 p.m.27 views

CVE-2026-7292 o2oa NodeAgent NodeAgent.java syncFile improper authorization

A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The...

6.3CVSS0.00258EPSS
Exploits0References5
EUVD
EUVDadded 2026/04/28 5:30 p.m.2 views

EUVD-2026-26136

A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The...

6.3CVSS5AI score0.00258EPSS
Exploits0References5
CVE
CVEadded 2026/04/28 5:15 p.m.9 views

CVE-2026-7291

Technical details (affected products, versions, root cause, impact, and remediation) are not publicly available in the provided documents; monitor for updates.

6.5CVSS6.3AI score0.00206EPSS
Exploits0References5
EUVD
EUVDadded 2026/04/28 5:15 p.m.2 views

EUVD-2026-26074

A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

6.5CVSS6.2AI score0.00206EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/04/28 5:15 p.m.29 views

CVE-2026-7291 o2oa URL Fetching FileAction.java FileAction server-side request forgery

A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

6.5CVSS0.00206EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/04/28 12:0 a.m.8 views

O2OA 安全漏洞

O2OA is an open-source enterprise application development platform developed by O2OA. Versions of o2oa 10.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from a function called syncFile in the NodeAgent component, which allowed improper authorization, potentially...

6.3CVSS6.2AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/04/28 12:0 a.m.7 views

O2OA 代码问题漏洞

O2OA is an open-source enterprise application development platform developed by O2OA. Versions of O2OA 10.0 and earlier contained code vulnerabilities. These vulnerabilities were caused by an operation in the FileAction function during component URL fetching, which led to server-side request...

6.5CVSS6.7AI score0.00206EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/28 12:0 a.m.3 views

PT-2026-35752

A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

6.5CVSS6.2AI score0.00206EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/02/08 7:13 a.m.7 views

CVE-2026-2074

A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /xprogramcenter/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is...

6.5CVSS6.3AI score0.00266EPSS
Exploits1References1
OSV
OSVadded 2026/02/07 5:16 a.m.2 views

CVE-2026-2074

A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /xprogramcenter/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is...

6.3CVSS5.4AI score
Exploits0References5
NVD
NVDadded 2026/02/07 5:16 a.m.13 views

CVE-2026-2074

A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /xprogramcenter/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is...

6.5CVSS0.00266EPSS
Exploits1References5
CVE
CVEadded 2026/02/07 4:2 a.m.17 views

CVE-2026-2074

CVE-2026-2074 affects O2OA versions up to 9.0.0, impacting the HTTP POST Request Handler at the path /x_program_center/jaxrs/mpweixin/check. The issue is an XML External Entity (XXE) reference due to a manipulated input, enabling remote initiation of the attack. Public exploit is available and ha...

6.5CVSS6.3AI score0.00266EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/02/07 4:2 a.m.4 views

CVE-2026-2074

A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /xprogramcenter/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is...

6.5CVSS5.2AI score0.00266EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2026/02/07 4:2 a.m.5 views

CVE-2026-2074 O2OA HTTP POST Request check xml external entity reference

A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /xprogramcenter/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is...

6.5CVSS5.4AI score0.00266EPSS
Exploits1References5
EUVD
EUVDadded 2026/02/07 4:2 a.m.6 views

EUVD-2026-5749

A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /xprogramcenter/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is...

6.5CVSS5.2AI score0.00266EPSS
Exploits1References5
Rows per page
Query Builder