Lucene search
+L

732 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in cosmos-gradio (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bf1266e0846a392e9aaa6805756d26dc427a04415e8a422d53ffce7a1a0c2e2 cosmos-gradio 9999.0.0 is a dependency-confusion squat published as an sdist-only release with an intentionally inflated version to win highest-versi...

6.3AI score
Exploits0References2
OSV
OSV
added 4 days ago4 views

MAL-2026-10617 Malicious code in cosmos-cuda (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a96e5776ec64356f639738134c95a2f33233a4275d2d0ddd6b174c297c64ee The sdist-only package cosmos-cuda 9999.0.0 executes a beacon function beacon'build' from setup.py during sdist build/install and beacon'import' from...

6.6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.8 views

openSUSE 15: azure-cli / azure-cli-core / azure-cli-telemetry / python311-anyio / etc (SUSE-SU-SUSE-RU-2026:2237-2)

"The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-SUSE-RU-2026:2237-2 advisory. Changes in azure-cli-core: - Drop CVE-2025-24049 patch, fixed upstream - New upstream release - Version 2.82.0 - For detailed information...

8.4CVSS6.7AI score0.00788EPSS
Exploits0References14
OSV
OSV
added 2026/06/08 1:2 p.m.11 views

SUSE-RU-2026:2237-2 Recommended update for aazure-cli, azure-cli-core, azure-cli-telemetry, python-argcomplete, python-azure-ai-agents, python-azure-ai-formrecognizer, python-azure-ai-metricsadvisor, python-azure-ai-projects, python-azure-ai-translation-document, python-azure-ai-translation-text, python-azure-appconfiguration, python-azure-appconfiguration-provider, python-azure-batch, python-azure-cognitiveservices-anomalydetector, python-azure-cognitiveservices-knowledge-qnamaker, python-azure-cognitiveservices-language-luis, python-azure-cognitiveservices-language-spellcheck, python-azure-cognitiveservices-language-textanalytics, python-azure-cognitiveservices-search-autosuggest, python-azure-cognitiveservices-search-customimagesearch, python-azure-cognitiveservices-search-customsearch, python-azure-cognitiveservices-search-entitysearch, python-azure-cognitiveservices-search-imagesearch, python-azure-cognitiveservices-search-videosearch, python-azure-cognitiveservices-search-websearch, python-azure-cognitiveservices-vision-computervision, python-azure-cognitiveservices-vision-contentmoderator, python-azure-cognitiveservices-vision-customvision, python-azure-cognitiveservices-vision-face python-azure-communication-callautomation, python-azure-communication-chat, python-azure-communication-email, python-azure-communication-messages, python-azure-communication-phonenumbers, python-azure-communication-rooms, python-azure-communication-sms, python-azure-core, python-azure-core-tracing-opencensus, python-azure-core-tracing-opentelemetry, python-azure-cosmos, python-azure-data-tables, python-azure-datalake-store, python-azure-developer-devcenter, python-azure-developer-loadtesting, python-azure-digitaltwins-core, python-azure-eventgrid, python-azure-eventhub, python-azure-eventhub-checkpointstoreblob, python-azure-eventhub-checkpointstoreblob-aio, python-azure-graphrbac, python-azure-health-deidentification, python-azure-healthinsights-radiologyinsights, python-azure-identity, python-azure-identity-broker, python-azure-keyvault-administration, python-azure-keyvault-certificates, python-azure-keyvault-keys, python-azure-keyvault-secrets, python-azure-keyvault-securitydomain, python-azure-maps-geolocation, python-azure-maps-route, python-azure-maps-timezone, python-azure-messaging-webpubsubclient, python-azure-messaging-webpubsubservice, python-azure-mgmt-apimanagement, python-azure-mgmt-appcomplianceautomation, python-azure-mgmt-appconfiguration, python-azure-mgmt-appcontainers, python-azure-mgmt-applicationinsights, python-azure-mgmt-appplatform, python-azure-mgmt-arizeaiobservabilityeval, python-azure-mgmt-astro, python-azure-mgmt-authorization, python-azure-mgmt-avs, python-azure-mgmt-azurestackhcivm, python-azure-mgmt-batch, python-azure-mgmt-batchai, python-azure-mgmt-billing, python-azure-mgmt-billingbenefits, python-azure-mgmt-carbonoptimization, python-azure-mgmt-cdn, python-azure-mgmt-chaos, python-azure-mgmt-cloudhealth, python-azure-mgmt-cognitiveservices, python-azure-mgmt-communication, python-azure-mgmt-compute, python-azure-mgmt-computefleet, python-azure-mgmt-computerecommender, python-azure-mgmt-computeschedule, python-azure-mgmt-confluent, python-azure-mgmt-connectedcache, python-azure-mgmt-containerinstance, python-azure-mgmt-containerorchestratorruntime, python-azure-mgmt-containerregistry, python-azure-mgmt-containerservice, python-azure-mgmt-containerservicefleet, python-azure-mgmt-containerservicesafeguards, python-azure-mgmt-core, python-azure-mgmt-cosmosdb, python-azure-mgmt-databasewatcher, python-azure-mgmt-databox, python-azure-mgmt-databoxedge, python-azure-mgmt-datafactory, python-azure-mgmt-datalake-store, python-azure-mgmt-datamigration, python-azure-mgmt-dataprotection, python-azure-mgmt-dellstorage, python-azure-mgmt-dependencymap, python-azure-mgmt-desktopvirtualization, python-azure-mgmt-devcenter, python-azure-mgmt-deviceregistry, python-azure-mgmt-devopsinfrastructure, python-azure-mgmt-devtestlabs, python-azure-mgmt-digitaltwins, python-azure-mgmt-dns, python-azure-mgmt-dnsresolver, python-azure-mgmt-durabletask, python-azure-mgmt-edgeorder, python-azure-mgmt-edgezones, python-azure-mgmt-elastic, python-azure-mgmt-elasticsan, python-azure-mgmt-eventgrid, python-azure-mgmt-eventhub, python-azure-mgmt-extendedlocation, python-azure-mgmt-fabric, python-azure-mgmt-frontdoor, python-azure-mgmt-hardwaresecuritymodules, python-azure-mgmt-hdinsight, python-azure-mgmt-hdinsightcontainers, python-azure-mgmt-healthcareapis, python-azure-mgmt-healthdataaiservices, python-azure-mgmt-hybridcompute, python-azure-mgmt-imagebuilder, python-azure-mgmt-impactreporting, python-azure-mgmt-informaticadatamanagement, python-azure-mgmt-iotfirmwaredefense, python-azure-mgmt-iothub, python-azure-mgmt-iotoperations, python-azure-mgmt-keyvault, python-azure-mgmt-kubernetesconfiguration-extensions, python-azure-mgmt-kubernetesconfiguration-extensiontypes, python-azure-mgmt-kubernetesconfiguration-fluxconfigurations, python-azure-mgmt-kusto, python-azure-mgmt-lambdatesthyperexecute, python-azure-mgmt-largeinstance, python-azure-mgmt-loganalytics, python-azure-mgmt-logz, python-azure-mgmt-media, python-azure-mgmt-migrationassessment, python-azure-mgmt-migrationdiscoverysap, python-azure-mgmt-mobilenetwork, python-azure-mgmt-mongocluster, python-azure-mgmt-mongodbatlas, python-azure-mgmt-monitor, python-azure-mgmt-msi, python-azure-mgmt-mysqlflexibleservers, python-azure-mgmt-neonpostgres, python-azure-mgmt-netapp, python-azure-mgmt-network, python-azure-mgmt-networkcloud, python-azure-mgmt-newrelicobservability, python-azure-mgmt-onlineexperimentation, python-azure-mgmt-oracledatabase, python-azure-mgmt-paloaltonetworksngfw, python-azure-mgmt-pineconevectordb, python-azure-mgmt-planetarycomputer, python-azure-mgmt-playwright, python-azure-mgmt-playwrighttesting, python-azure-mgmt-portalservicescopilot, python-azure-mgmt-postgresqlflexibleservers, python-azure-mgmt-powerbiembedded, python-azure-mgmt-privatedns, python-azure-mgmt-purestorageblock, python-azure-mgmt-quantum, python-azure-mgmt-qumulo, python-azure-mgmt-quota, python-azure-mgmt-rdbms, python-azure-mgmt-recoveryservices, python-azure-mgmt-recoveryservicesbackup, python-azure-mgmt-recoveryservicesdatareplication, python-dnspython, python-trio, python-websocket-client, python-anyio

This update for azure-cli, azure-cli-core, azure-cli-telemetry, python-argcomplete, python-azure-ai-agents, python-azure-ai-formrecognizer, python-azure-ai-metricsadvisor, python-azure-ai-projects, python-azure-ai-translation-document, python-azure-ai-translation-text,...

8.4CVSS5.5AI score0.00788EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.15 views

CVE-2026-42085

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations...

4.3CVSS5.5AI score0.00313EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.17 views

CVE-2026-42086

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

4.6CVSS5.8AI score0.002EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.15 views

CVE-2026-42087

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...

9.6CVSS5.9AI score0.00323EPSS
Exploits1References1
Veracode
Veracode
added 2026/05/05 5:43 a.m.15 views

SQL Injection

org.springframework.ai, spring-ai-azure-cosmos-db-store is vulnerable to SQL Injection. The vulnerability is due to improper handling of crafted document IDs in the CosmosDBVectorStore, which allows an attacker to execute arbitrary SQL queries...

8.8CVSS6.1AI score0.00338EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/04 6:16 p.m.23 views

CVE-2026-42088

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Python and Ruby scripts directly from the openc3-COSMOS-script-runner-api container. Because all the...

9.6CVSS0.00341EPSS
Exploits1References3
PyPA
PyPA
added 2026/05/04 6:16 p.m.30 views

PYSEC-2026-105

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

4.6CVSS6AI score0.002EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/05/04 6:16 p.m.10 views

CVE-2026-42084

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...

8.1CVSS0.00305EPSS
Exploits1References4
NVD
NVD
added 2026/05/04 6:16 p.m.15 views

CVE-2026-42085

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations...

4.3CVSS0.00313EPSS
Exploits1References5
NVD
NVD
added 2026/05/04 6:16 p.m.13 views

CVE-2026-42086

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

4.6CVSS0.002EPSS
Exploits1References1
NVD
NVD
added 2026/05/04 6:16 p.m.21 views

CVE-2026-42087

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...

9.6CVSS0.00323EPSS
Exploits1References3
OSV
OSV
added 2026/05/04 6:16 p.m.9 views

PYSEC-2026-105

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

4.6CVSS5.9AI score0.002EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/04 5:21 p.m.40 views

CVE-2026-42088 OpenC3 COSMOS: Administrative Actions via the Script Runner Tool

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Python and Ruby scripts directly from the openc3-COSMOS-script-runner-api container. Because all the...

9.6CVSS0.00341EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/04 5:21 p.m.8 views

CVE-2026-42088 OpenC3 COSMOS: Administrative Actions via the Script Runner Tool

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Python and Ruby scripts directly from the openc3-COSMOS-script-runner-api container. Because all the...

9.6CVSS5.8AI score0.00341EPSS
Exploits1References3
CVE
CVE
added 2026/05/04 5:21 p.m.18 views

CVE-2026-42088

Summary: CVE-2026-42088 affects OpenC3 COSMOS before 7.0.0-rc3. The Script Runner widget in the openc3-COSMOS-script-runner-api container allows any user with script permissions to bypass API checks and perform administrative actions across the docker network. This can enable reading/modifying da...

9.6CVSS5.8AI score0.00341EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/05/04 5:21 p.m.19 views

EUVD-2026-27065

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Python and Ruby scripts directly from the openc3-COSMOS-script-runner-api container. Because all the...

9.6CVSS5.8AI score0.00341EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/04 5:18 p.m.7 views

CVE-2026-42087 OpenC3 COSMOS: SQL Injection in QuestDB Time-Series Data Base

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...

9.6CVSS6AI score0.00323EPSS
Exploits1References3
Rows per page
Query Builder