Lucene search
K

6 matches found

nvd
nvd
added 2026/05/04 6:16 p.m.19 views

CVE-2026-42087

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...

9.6CVSS0.00323EPSS
Exploits1References3
euvd
euvd
added 2026/05/04 5:18 p.m.15 views

EUVD-2026-27063

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...

9.6CVSS6AI score0.00323EPSS
Exploits1References3
cve
cve
added 2026/05/04 5:18 p.m.22 views

CVE-2026-42087

OpenC3 COSMOS TSDB is affected by a SQL injection in the tsdb_lookup function of cvt_model.rb, where user-supplied input is directly placed into a SQL query. Affected versions are 6.7.0 through 7.0.0-rc2 (before the patched 7.0.0-rc3). This allows an attacker to break out of the initial SQL state...

9.6CVSS6AI score0.00323EPSS
Exploits1References3Affected Software1
attackerkb
attackerkb
added 2026/05/04 5:18 p.m.8 views

CVE-2026-42087

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...

9.6CVSS6AI score0.00323EPSS
Exploits1References4Affected Software1
osv
osv
added 2026/04/23 2:12 p.m.6 views

GHSA-V529-VHWC-WFC5 OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database

Vulnerability Type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Attack type: Authenticated remote Impact: Telemetry data disclosure and deletion Affected components: openc3-tsdb QuestDB A SQL injection vulnerability exists in the Time-Series Database...

9.6CVSS6.2AI score0.00323EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2026/04/23 12:0 a.m.12 views

PT-2026-36881

Name of the Vulnerable Software and Affected Versions OpenC3 COSMOS versions 6.7.0 through 7.0.0-rc3 Description The Time-Series Database TSDB component contains a SQL injection flaw. The tsdb lookup function within the cvt model.rb file incorporates user-supplied input into a SQL query without...

9.6CVSS6AI score0.00323EPSS
Exploits1References18
Rows per page
Query Builder