Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

NVD
NVDadded 2026/04/28 7:37 p.m.3 views

CVE-2026-7292

A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The...

6.3CVSS0.00058EPSS
Exploits0References5
CNNVD
CNNVDadded 2025/08/31 12:0 a.m.2 views

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which stems from cross-site scripting due to incorrect manipulation of the parameter name/alias/description/applicationName in the file...

5.4CVSS4.3AI score0.00071EPSS
Exploits1References7
NVD
NVDadded 2025/08/30 10:15 a.m.1 views

CVE-2025-9683

A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /xcmsassemblecontrol/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit has been ma...

5.4CVSS0.00081EPSS
Exploits1References6
Vulnrichment
Vulnrichmentadded 2025/08/29 3:2 p.m.2 views

CVE-2025-9655 O2OA Personal Profile person cross site scripting

A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /xorganizationassemblecontrol/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be launched...

5.1CVSS5.4AI score0.0005EPSS
Exploits1References5
CVE
CVEadded 2025/08/27 12:0 a.m.15 views

CVE-2024-37777

Summary: CVE-2024-37777 affects O2OA v9.0.3, with a remote code execution (RCE) vulnerability disclosed in the mainOutput() function. Multiple sources (including Red Hat and PT-Security entries) describe an RCE issue in O2OA 9.0.3 tied to mishandling in mainOutput(), enabling code execution. CVSS...

8.8CVSS8AI score0.00534EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologiesadded 2025/08/27 12:0 a.m.3 views

PT-2025-34929 · O2Oa · O2Oa

Name of the Vulnerable Software and Affected Versions: O2OA version 9.0.3 Description: O2OA version 9.0.3 contains a remote code execution RCE issue via the mainOutput function. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerabilit...

8.8CVSS7.3AI score0.00534EPSS
Exploits1References5
Cvelist
Cvelistadded 2025/01/31 12:0 a.m.10 views

CVE-2025-22994

O2OA 9.1.3 is vulnerable to Cross Site Scripting XSS in Meetings - Settings...

0.00713EPSS
Exploits1References1
Cvelist
Cvelistadded 2024/05/24 1:50 p.m.11 views

CVE-2024-35591

An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file...

7.4AI score0.01212EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2024/05/24 12:0 a.m.3 views

PT-2024-26563 · O2Oa · O2Oa

Name of the Vulnerable Software and Affected Versions: O2OA version 8.3.8 Description: The issue allows attackers to execute arbitrary code by uploading a crafted PDF file, exploiting an arbitrary file upload vulnerability. Recommendations: For O2OA version 8.3.8, consider restricting file upload...

5.4CVSS8.2AI score0.01212EPSS
Exploits1References4
Rows per page
Query Builder