CVE-2026-42087

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...

CVE-2026-42087 OpenC3 COSMOS: SQL Injection in QuestDB Time-Series Data Base

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...

CVE-2026-42087

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...

EUVD-2026-27063

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...

CVE-2026-42087

OpenC3 COSMOS TSDB is affected by a SQL injection in the tsdb_lookup function of cvt_model.rb, where user-supplied input is directly placed into a SQL query. Affected versions are 6.7.0 through 7.0.0-rc2 (before the patched 7.0.0-rc3). This allows an attacker to break out of the initial SQL state...

CVE-2026-42087 OpenC3 COSMOS: SQL Injection in QuestDB Time-Series Data Base

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...

OpenC3 COSMOS SQL注入漏洞

OpenC3 COSMOS is an open-source application developed by OpenC3. In versions 6.7.0 to 7.0.0-rc3 of OpenC3 COSMOS, there was a SQL injection vulnerability. This vulnerability stemmed from the tsdblookup function in the Time-Series Database component, which directly accepted user input without prop...

SQL Injection

Overview openc3 is a Python support for OpenC3 COSMOS Affected versions of this package are vulnerable to SQL Injection via the query construction in the TSDB access code. An attacker can execute arbitrary TSDB queries by supplying crafted starttime, endtime, or column/table-related values that a...

GHSA-V529-VHWC-WFC5 OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database

Vulnerability Type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Attack type: Authenticated remote Impact: Telemetry data disclosure and deletion Affected components: openc3-tsdb QuestDB A SQL injection vulnerability exists in the Time-Series Database...

CVE-2026-40179

Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of the Prometheus web UI where metric names and label values are injected into innerHTML without...

Apache IoTDB Improper Input Validation Vulnerability

Apache IoTDB is an open source time series database developed by Apache Software Foundation for large-scale time series data storage and analysis in IoT scenarios. Apache IoTDB suffers from an improper input validation vulnerability. The vulnerability arises because the system does not perform...

[SECURITY] Fedora 42 Update: prometheus-3.10.0-1.fc42

The Prometheus monitoring system and time series database...

[SECURITY] Fedora 43 Update: prometheus-3.10.0-1.fc43

The Prometheus monitoring system and time series database...

Apache IoTDB Resource Management Error Vulnerability

Apache IoTDB is a time-series database management system from the Apache Software Foundation, designed for storing and analyzing massive time-series data in IoT scenarios. Apache IoTDB suffers from a security vulnerability that originates from an unauthorized access flaw in a system component. An...

Apache IoTDB 安全漏洞

Apache IoTDB is an integrated data management engine designed for time-series data from the Apache USA Foundation that provides data collection, storage, and analysis services, among other things. A security vulnerability exists in Apache IoTDB version 1.0.0 up to and including version 2.0.5, whi...

Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 jscPED-11649: Security issues fixed: CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error handling bsc1232970 Highlights of other changes: Performance: Significant...

CVE-2024-51480

RedisTimeSeries is a time-series database TSDB module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially...

BIT-PROMETHEUS-2021-29622 Arbitrary redirects under /new endpoint

Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirec...

CVE-2023-49086

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for an...

CVE-2023-49086 Cacti is vulnerable to cross-Site scripting (XSS) DOM

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for an...