Lucene search
+L

154 matches found

CVE
CVE
added 2026/05/04 5:15 p.m.18 views

CVE-2026-42086

OpenC3 COSMOS is affected by a Self-XSS in the Command Sender UI prior to version 7.0.0, caused by an unsafe eval() on array-like command parameters. A user-supplied payload could execute in the victim’s browser when sending a command, potentially allowing an attacker to read or modify data in th...

4.6CVSS6AI score0.002EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/04 5:15 p.m.7 views

CVE-2026-42086 OpenC3 COSMOS: Self-XSS in the Command Sender

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

4.6CVSS6AI score0.002EPSS
Exploits1References1
OSV
OSV
added 2026/05/04 5:15 p.m.4 views

CVE-2026-42086 OpenC3 COSMOS: Self-XSS in the Command Sender

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

4.6CVSS6.1AI score0.002EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/04 5:15 p.m.33 views

CVE-2026-42086 OpenC3 COSMOS: Self-XSS in the Command Sender

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

4.6CVSS0.002EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 5:13 p.m.5 views

CVE-2026-42085

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations...

4.3CVSS5.9AI score0.00313EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/05/04 5:13 p.m.40 views

CVE-2026-42085 OpenC3 COSMOS: Arbitrary write to plugins directory via path-traversed config filenames

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations...

4.3CVSS0.00313EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/04 5:13 p.m.15 views

EUVD-2026-27059

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations...

4.3CVSS5.9AI score0.00313EPSS
Exploits1References5
CVE
CVE
added 2026/05/04 5:13 p.m.18 views

CVE-2026-42085

OpenC3 COSMOS has a path-traversal weakness in save_tool_config() that enables arbitrary file writes into the shared /plugins directory prior to versions 6.10.5 and 7.0.0-rc3. By canonicalizing filenames to absolute paths, a crafted config filename can overwrite existing configuration files acros...

4.3CVSS5.9AI score0.00313EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/05/04 5:13 p.m.4 views

CVE-2026-42085 OpenC3 COSMOS: Arbitrary write to plugins directory via path-traversed config filenames

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations...

4.3CVSS6AI score0.00313EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/05/04 5:11 p.m.5 views

CVE-2026-42084 OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...

8.1CVSS5.7AI score0.00305EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/04 5:11 p.m.7 views

CVE-2026-42084

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...

8.1CVSS5.7AI score0.00305EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/05/04 5:11 p.m.34 views

CVE-2026-42084 OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...

8.1CVSS0.00305EPSS
Exploits1References4
CVE
CVE
added 2026/05/04 5:11 p.m.23 views

CVE-2026-42084

OpenC3 COSMOS is affected by a credential change vulnerability where the password change feature accepts a valid session token in lieu of the old password. This flaw, present prior to versions 6.10.5 and 7.0.0-rc3, allows an attacker who already holds a valid session token to change the password ...

8.1CVSS5.7AI score0.00305EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/04 5:11 p.m.4 views

CVE-2026-42084 OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...

8.1CVSS5.9AI score0.00305EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.13 views

PT-2026-36882

Name of the Vulnerable Software and Affected Versions OpenC3 COSMOS versions prior to 7.0.0-rc3 Description The Script Runner widget allows users to execute Python and Ruby scripts directly from the 'openc3-COSMOS-script-runner-api' container. Since all Docker containers share a network, users ca...

9.6CVSS5.9AI score0.00341EPSS
Exploits1References14
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS is an open-source application developed by OpenC3. Vulnerabilities exist in versions of OpenC3 COSMOS prior to 6.10.5 and 7.0.0-rc3. These vulnerabilities stem from the password change feature, which allows users to change their passwords using valid session tokens without providing...

8.1CVSS5.8AI score0.00305EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.12 views

OpenC3 COSMOS SQL注入漏洞

OpenC3 COSMOS is an open-source application developed by OpenC3. In versions 6.7.0 to 7.0.0-rc3 of OpenC3 COSMOS, there was a SQL injection vulnerability. This vulnerability stemmed from the tsdblookup function in the Time-Series Database component, which directly accepted user input without prop...

9.6CVSS5.8AI score0.00323EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.11 views

OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS is an open-source application developed by OpenC3. Versions of OpenC3 COSMOS prior to 7.0.0-rc3 contained security vulnerabilities. These vulnerabilities stemmed from the Script Runner component, which allowed users to execute Python and Ruby scripts. This could lead users to bypass...

9.6CVSS5.9AI score0.00341EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.11 views

OpenC3 COSMOS 跨站脚本漏洞

OpenC3 COSMOS is an open-source application developed by OpenC3. Versions of OpenC3 COSMOS prior to version 7.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the unsafe eval function by the Command Sender UI when handling array-type command parameter...

4.6CVSS5.6AI score0.002EPSS
Exploits1References1
OSV
OSV
added 2026/04/23 2:17 p.m.6 views

GHSA-2WVH-87G2-89HR OpenC3 COSMOS: Permissions Bypass Provides User Access to Unassigned Administrative Actions via Script Runner Tool

Vulnerability Type: Execution with Unnecessary Privileges Attack type: Authenticated remote Impact: Data disclosure/manipulation, privilege escalation Affected components: The following docker images: • Openc3inc/openc3-COSMOS-script-runner-api The Script Runner widget allows users to execute...

9.6CVSS5.9AI score0.00341EPSS
Exploits1References2
Rows per page
Query Builder