threat
engine
.sh
Back
·
··:··
Home
/
Product
/
zoneland o2oa
Product
zoneland o2oa
25 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-2074
<= 9.0.0
A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/
6.3
MEDIUM
CVE-2025-9737
<= 10.0-410
A vulnerability was detected in O2OA up to 10.0-410. Affected is an unknown function of the file /x_query_assemble_designer/jaxrs/
3.5
LOW
CVE-2025-9736
<= 10.0-410
A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_query_assemble_
3.5
LOW
CVE-2025-9735
<= 10.0-410
A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /x_query_assemble_designer/jax
3.5
LOW
CVE-2025-9734
<= 10.0-410
A security flaw has been discovered in O2OA up to 10.0-410. The impacted element is an unknown function of the file /x_query_assem
3.5
LOW
CVE-2025-9719
<= 10.0-410
A weakness has been identified in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_processplatform_asse
3.5
LOW
CVE-2025-9718
<= 10.0-410
A security flaw has been discovered in O2OA up to 10.0-410. This affects an unknown part of the file /x_processplatform_assemble_d
3.5
LOW
CVE-2025-9717
<= 10.0-410
A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_organiz
3.5
LOW
CVE-2025-9716
<= 10.0-410
A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_p
3.5
LOW
CVE-2025-9715
<= 10.0-410
A vulnerability was found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_cms_assemble_control/jaxrs/script
3.5
LOW
CVE-2025-9683
<= 10.0-410
A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_cms_assemble
3.5
LOW
CVE-2025-9682
<= 10.0-410
A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_c
3.5
LOW
CVE-2025-9681
<= 10.0-410
A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the com
3.5
LOW
CVE-2025-9680
<= 10.0-410
A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_portal_assemble_designer/jaxr
3.5
LOW
CVE-2025-9659
<= 10.0-410
A vulnerability has been found in O2OA up to 10.0-410. The affected element is an unknown function of the file /x_portal_assemble_
3.5
LOW
CVE-2025-9658
<= 10.0-410
A flaw has been found in O2OA up to 10.0-410. Impacted is an unknown function of the file /x_portal_assemble_designer/jaxrs/dict/
3.5
LOW
CVE-2025-9657
<= 10.0-410
A vulnerability was detected in O2OA up to 10.0-410. This issue affects some unknown processing of the file /x_program_center/jaxr
3.5
LOW
CVE-2025-9655
<= 10.0-410
A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /x_organization_assemble_control/j
3.5
LOW
CVE-2025-9646
<= 10.0-410
A security flaw has been discovered in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_organization_as
3.5
LOW
CVE-2024-37777
all versions
O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function.
8.8
HIGH
CVE-2025-22994
all versions
O2OA 9.1.3 is vulnerable to Cross Site Scripting (XSS) in Meetings - Settings.
6.1
MEDIUM
CVE-2024-35591
all versions
An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file.
5.4
MEDIUM
CVE-2024-3689
<= 2024-04-03
A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affecte
3.7
LOW
CVE-2023-47418
<= 8.1.2
Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the serv
9.8
CRITICAL
CVE-2022-22916
all versions
O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke.
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin