Every CVE whose affected-product data names Zoneland O2oa, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2023-47418 — CVSS 9.8 (critical): Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service…
CVE-2022-22916 — CVSS 9.8 (critical): O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke.
CVE-2024-37777 — CVSS 8.8 (high): O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function.
CVE-2026-2074 — CVSS 6.3 (medium): A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of…
CVE-2024-35591 — CVSS 5.4 (medium): An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file.
CVE-2024-3689 — CVSS 3.7 (low): A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an…
CVE-2025-9655 — CVSS 3.5 (low): A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /x_organization_assemble_control/jaxrs/perso…
CVE-2025-9657 — CVSS 3.5 (low): A vulnerability was detected in O2OA up to 10.0-410. This issue affects some unknown processing of the file /x_program_center/jaxrs/script…
CVE-2025-9658 — CVSS 3.5 (low): A flaw has been found in O2OA up to 10.0-410. Impacted is an unknown function of the file /x_portal_assemble_designer/jaxrs/dict/ of the…
CVE-2025-9659 — CVSS 3.5 (low): A vulnerability has been found in O2OA up to 10.0-410. The affected element is an unknown function of the file /x_portal_assemble_designer/j…
CVE-2025-9680 — CVSS 3.5 (low): A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of…
CVE-2025-9681 — CVSS 3.5 (low): A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component…
CVE-2025-9682 — CVSS 3.5 (low): A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file…
CVE-2025-9683 — CVSS 3.5 (low): A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_cms_assemble_control/j…
CVE-2025-9715 — CVSS 3.5 (low): A vulnerability was found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_cms_assemble_control/jaxrs/script of the…
CVE-2025-9716 — CVSS 3.5 (low): A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file…
CVE-2025-9717 — CVSS 3.5 (low): A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file…
CVE-2025-9718 — CVSS 3.5 (low): A security flaw has been discovered in O2OA up to 10.0-410. This affects an unknown part of the file /x_processplatform_assemble_designer/ja…
CVE-2025-9719 — CVSS 3.5 (low): A weakness has been identified in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_processplatform_assemble_desig…
CVE-2025-9734 — CVSS 3.5 (low): A security flaw has been discovered in O2OA up to 10.0-410. The impacted element is an unknown function of the file /x_query_assemble_design…
CVE-2025-9735 — CVSS 3.5 (low): A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /x_query_assemble_designer/jaxrs/table…
CVE-2025-9736 — CVSS 3.5 (low): A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_query_assemble_designer/j…
CVE-2025-9737 — CVSS 3.5 (low): A vulnerability was detected in O2OA up to 10.0-410. Affected is an unknown function of the file /x_query_assemble_designer/jaxrs/importmode…
CVE-2025-9646 — CVSS 3.5 (low): A security flaw has been discovered in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_organization_assemble_per…