187 matches found
CVE-2025-28388
OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...
CVE-2025-28386
A remote code execution RCE vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file...
CVE-2025-28382
An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the openc3-api/tables endpoint. An attacker can execute a directory traversal and read/modify or delete files. Details A Directory Traversal attack also known as path traversal aims to access files and directorie...
OpenC3 COSMOS 安全漏洞
OpenC3 COSMOS is an OpenC3 open source application. A security vulnerability exists in OpenC3 COSMOS version v6.0.0, which stems from the fact that uploading a specially crafted .txt file may result in the execution of arbitrary code...
OpenC3 COSMOS 安全漏洞
OpenC3 COSMOS is an OpenC3 open source application. A security vulnerability exists in OpenC3 COSMOS version v6.0.0 that stems from a weak password requirement and could lead to a brute force attack...
PT-2025-25417 · Openc3 · Openc3 Cosmos
Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS version 6.0.0 Description: The issue is related to weak password requirements, allowing attackers to bypass authentication using a brute force attack. Recommendations: For OpenC3 COSMOS version 6.0.0, consider implementing...
CVE-2025-28386
A remote code execution RCE vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file...
CVE-2025-28389
Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack...
PT-2025-25414 · Openc3 · Openc3 Cosmos
Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS version 6.0.0 Description: The issue allows attackers to execute a directory traversal in the "/script-api/scripts/" endpoint. Recommendations: For OpenC3 COSMOS version 6.0.0, consider restricting access to the...
CVE-2025-28389
OpenC3 COSMOS v6.0.0 is affected by a weakness in password policy that allows brute-force authentication bypass. The CVE describes weak password requirements as the root cause. Impact is described as high for confidentiality, integrity, and availability, with network attack vector and no user int...
PT-2025-25413 · Unknown · Openc3 Cosmos
Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS version 6.0.0 Description: The issue allows attackers to execute a directory traversal in the "openc3-api/tables" endpoint. Recommendations: For OpenC3 COSMOS version 6.0.0, consider restricting access to the "openc3-api/tables"...
CVE-2025-28381
CVE-2025-28381 affects OpenC3 COSMOS prior to v6.0.2, where service credentials are exposed as environment variables stored in all containers. The vulnerability is due to credential leakage in containerized environment variables, enabling attackers to access credentials if they can reach the runt...
CVE-2025-28388
OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...
CVE-2025-28380
A cross-site scripting XSS vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter...
CVE-2025-28386
A remote code execution RCE vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file...
CVE-2025-28389
Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack...
CVE-2025-28380
A cross-site scripting XSS vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter...
CVE-2025-28381
A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers...
PT-2025-25412 · Openc3 · Openc3 Cosmos
Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS version 6.0.0 Description: A credential leak in OpenC3 COSMOS allows attackers to access service credentials as environment variables stored in all containers. This issue is related to the cleartext storage of sensitive...