Lucene search
+L

7 matches found

Vulnrichment
Vulnrichment
added 2026/05/04 5:18 p.m.7 views

CVE-2026-42087 OpenC3 COSMOS: SQL Injection in QuestDB Time-Series Data Base

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...

9.6CVSS6AI score0.00323EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/04 5:11 p.m.11 views

EUVD-2026-27057

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...

8.1CVSS5.7AI score0.00305EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/22 10:13 p.m.11 views

OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence

Summary The OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid session token instead. In assumed breach scenarios, this behaviour can be exploited by an attacker who has already obtained a valid session token, to ga...

8.1CVSS5.8AI score0.00305EPSS
Exploits1References7Affected Software1
Circl
Circl
added 2026/04/20 3:10 a.m.11 views

CVE-2026-42085

creationtimestamp| type| source ---|---|--- 2026-04-20 03:10:27+00:00| published-proof-of-concept| https://github.com/OpenC3/cosmos/security/advisories/GHSA-4jvx-93h3-f45h...

4.3CVSS5.8AI score0.00313EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/14 7:25 p.m.10 views

CVE-2025-68271

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses the string form of...

10CVSS8.5AI score0.00536EPSS
Exploits0References1
OSV
OSV
added 2025/06/13 2:15 p.m.9 views

PYSEC-2025-149

A remote code execution RCE vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file...

9.8CVSS6.7AI score0.00914EPSS
Exploits1References2
OSV
OSV
added 2025/06/13 12:0 a.m.7 views

CVE-2025-28384

An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal...

9.1CVSS6.8AI score0.00856EPSS
Exploits1References7
Rows per page
Query Builder