154 matches found
CVE-2025-28389
Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack...
PYSEC-2025-150
Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack...
PYSEC-2025-149
A remote code execution RCE vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file...
CVE-2025-28380
A cross-site scripting XSS vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter...
CVE-2025-28384
An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal...
CVE-2025-28381
A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers...
CVE-2025-28388
OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...
CVE-2025-28386
A remote code execution RCE vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file...
CVE-2025-28382
An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal...
OpenC3 COSMOS 安全漏洞
OpenC3 COSMOS is an OpenC3 open source application. A security vulnerability exists in OpenC3 COSMOS version v6.0.0, which stems from the fact that uploading a specially crafted .txt file may result in the execution of arbitrary code...
OpenC3 COSMOS 安全漏洞
OpenC3 COSMOS is an OpenC3 open source application. A security vulnerability exists in OpenC3 COSMOS version v6.0.0 that stems from a weak password requirement and could lead to a brute force attack...
PT-2025-25417 · Openc3 · Openc3 Cosmos
Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS version 6.0.0 Description: The issue is related to weak password requirements, allowing attackers to bypass authentication using a brute force attack. Recommendations: For OpenC3 COSMOS version 6.0.0, consider implementing...
CVE-2025-28386
A remote code execution RCE vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file...
CVE-2025-28389
Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack...
PT-2025-25414 · Openc3 · Openc3 Cosmos
Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS version 6.0.0 Description: The issue allows attackers to execute a directory traversal in the "/script-api/scripts/" endpoint. Recommendations: For OpenC3 COSMOS version 6.0.0, consider restricting access to the...
CVE-2025-28381
CVE-2025-28381 affects OpenC3 COSMOS prior to v6.0.2, where service credentials are exposed as environment variables stored in all containers. The vulnerability is due to credential leakage in containerized environment variables, enabling attackers to access credentials if they can reach the runt...
CVE-2025-28388
OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...
CVE-2025-28380
A cross-site scripting XSS vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter...
CVE-2025-28384
An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal...
CVE-2025-28382
An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal...