Lucene search
+L

154 matches found

NVD
NVD
added 2025/06/13 2:15 p.m.12 views

CVE-2025-28389

Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack...

9.8CVSS0.00542EPSS
Exploits1References2
OSV
OSV
added 2025/06/13 2:15 p.m.8 views

PYSEC-2025-150

Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack...

9.8CVSS5.8AI score0.00542EPSS
Exploits1References2
PyPA
PyPA
added 2025/06/13 2:15 p.m.12 views

PYSEC-2025-149

A remote code execution RCE vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file...

9.8CVSS6.7AI score0.00914EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/06/13 2:15 p.m.11 views

CVE-2025-28380

A cross-site scripting XSS vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter...

6.1CVSS0.00283EPSS
Exploits1References5
NVD
NVD
added 2025/06/13 2:15 p.m.27 views

CVE-2025-28384

An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal...

9.1CVSS0.00856EPSS
Exploits1References5
NVD
NVD
added 2025/06/13 2:15 p.m.12 views

CVE-2025-28381

A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers...

7.5CVSS0.00437EPSS
Exploits1References5
NVD
NVD
added 2025/06/13 2:15 p.m.13 views

CVE-2025-28388

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...

9.8CVSS0.00507EPSS
Exploits1References5
NVD
NVD
added 2025/06/13 2:15 p.m.13 views

CVE-2025-28386

A remote code execution RCE vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file...

9.8CVSS0.00914EPSS
Exploits1References2
NVD
NVD
added 2025/06/13 2:15 p.m.25 views

CVE-2025-28382

An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal...

7.5CVSS0.00856EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/06/13 12:0 a.m.3 views

OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS is an OpenC3 open source application. A security vulnerability exists in OpenC3 COSMOS version v6.0.0, which stems from the fact that uploading a specially crafted .txt file may result in the execution of arbitrary code...

9.8CVSS6.8AI score0.00914EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/06/13 12:0 a.m.5 views

OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS is an OpenC3 open source application. A security vulnerability exists in OpenC3 COSMOS version v6.0.0 that stems from a weak password requirement and could lead to a brute force attack...

9.8CVSS6.5AI score0.00542EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/06/13 12:0 a.m.4 views

PT-2025-25417 · Openc3 · Openc3 Cosmos

Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS version 6.0.0 Description: The issue is related to weak password requirements, allowing attackers to bypass authentication using a brute force attack. Recommendations: For OpenC3 COSMOS version 6.0.0, consider implementing...

9.8CVSS6.7AI score0.00542EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/06/13 12:0 a.m.4 views

CVE-2025-28386

A remote code execution RCE vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file...

9.8AI score0.00914EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/06/13 12:0 a.m.4 views

CVE-2025-28389

Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack...

7.5AI score0.00542EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/06/13 12:0 a.m.7 views

PT-2025-25414 · Openc3 · Openc3 Cosmos

Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS version 6.0.0 Description: The issue allows attackers to execute a directory traversal in the "/script-api/scripts/" endpoint. Recommendations: For OpenC3 COSMOS version 6.0.0, consider restricting access to the...

9.1CVSS6.6AI score0.00856EPSS
Exploits1References11
CVE
CVE
added 2025/06/13 12:0 a.m.44 views

CVE-2025-28381

CVE-2025-28381 affects OpenC3 COSMOS prior to v6.0.2, where service credentials are exposed as environment variables stored in all containers. The vulnerability is due to credential leakage in containerized environment variables, enabling attackers to access credentials if they can reach the runt...

7.5CVSS6.2AI score0.00437EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/06/13 12:0 a.m.12 views

CVE-2025-28388

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...

0.00507EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/06/13 12:0 a.m.15 views

CVE-2025-28380

A cross-site scripting XSS vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter...

0.00283EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/06/13 12:0 a.m.21 views

CVE-2025-28384

An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal...

0.00856EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/06/13 12:0 a.m.23 views

CVE-2025-28382

An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal...

0.00856EPSS
Exploits1References5
Rows per page
Query Builder