Lucene search
+L

187 matches found

NVD
NVD
added 2025/06/13 2:15 p.m.13 views

CVE-2025-28388

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...

9.8CVSS0.00507EPSS
Exploits1References5
NVD
NVD
added 2025/06/13 2:15 p.m.13 views

CVE-2025-28386

A remote code execution RCE vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file...

9.8CVSS0.00914EPSS
Exploits1References2
NVD
NVD
added 2025/06/13 2:15 p.m.25 views

CVE-2025-28382

An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal...

7.5CVSS0.00856EPSS
Exploits1References5
Snyk
Snyk
added 2025/06/13 1:48 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the openc3-api/tables endpoint. An attacker can execute a directory traversal and read/modify or delete files. Details A Directory Traversal attack also known as path traversal aims to access files and directorie...

8.6CVSS7.8AI score0.00856EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/06/13 12:0 a.m.3 views

OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS is an OpenC3 open source application. A security vulnerability exists in OpenC3 COSMOS version v6.0.0, which stems from the fact that uploading a specially crafted .txt file may result in the execution of arbitrary code...

9.8CVSS6.8AI score0.00914EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/06/13 12:0 a.m.5 views

OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS is an OpenC3 open source application. A security vulnerability exists in OpenC3 COSMOS version v6.0.0 that stems from a weak password requirement and could lead to a brute force attack...

9.8CVSS6.5AI score0.00542EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/06/13 12:0 a.m.4 views

PT-2025-25417 · Openc3 · Openc3 Cosmos

Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS version 6.0.0 Description: The issue is related to weak password requirements, allowing attackers to bypass authentication using a brute force attack. Recommendations: For OpenC3 COSMOS version 6.0.0, consider implementing...

9.8CVSS6.7AI score0.00542EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/06/13 12:0 a.m.4 views

CVE-2025-28386

A remote code execution RCE vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file...

9.8AI score0.00914EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/06/13 12:0 a.m.4 views

CVE-2025-28389

Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack...

7.5AI score0.00542EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/06/13 12:0 a.m.7 views

PT-2025-25414 · Openc3 · Openc3 Cosmos

Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS version 6.0.0 Description: The issue allows attackers to execute a directory traversal in the "/script-api/scripts/" endpoint. Recommendations: For OpenC3 COSMOS version 6.0.0, consider restricting access to the...

9.1CVSS6.6AI score0.00856EPSS
Exploits1References11
CVE
CVE
added 2025/06/13 12:0 a.m.55 views

CVE-2025-28389

OpenC3 COSMOS v6.0.0 is affected by a weakness in password policy that allows brute-force authentication bypass. The CVE describes weak password requirements as the root cause. Impact is described as high for confidentiality, integrity, and availability, with network attack vector and no user int...

9.8CVSS7.5AI score0.00542EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/13 12:0 a.m.6 views

PT-2025-25413 · Unknown · Openc3 Cosmos

Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS version 6.0.0 Description: The issue allows attackers to execute a directory traversal in the "openc3-api/tables" endpoint. Recommendations: For OpenC3 COSMOS version 6.0.0, consider restricting access to the "openc3-api/tables"...

7.5CVSS6.6AI score0.00856EPSS
Exploits1References9
CVE
CVE
added 2025/06/13 12:0 a.m.44 views

CVE-2025-28381

CVE-2025-28381 affects OpenC3 COSMOS prior to v6.0.2, where service credentials are exposed as environment variables stored in all containers. The vulnerability is due to credential leakage in containerized environment variables, enabling attackers to access credentials if they can reach the runt...

7.5CVSS6.2AI score0.00437EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/06/13 12:0 a.m.12 views

CVE-2025-28388

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...

0.00507EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/06/13 12:0 a.m.15 views

CVE-2025-28380

A cross-site scripting XSS vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter...

0.00283EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/06/13 12:0 a.m.15 views

CVE-2025-28386

A remote code execution RCE vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file...

0.00914EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/06/13 12:0 a.m.12 views

CVE-2025-28389

Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack...

0.00542EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/06/13 12:0 a.m.5 views

CVE-2025-28380

A cross-site scripting XSS vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter...

5.3AI score0.00283EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/06/13 12:0 a.m.4 views

CVE-2025-28381

A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers...

6.2AI score0.00437EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/06/13 12:0 a.m.4 views

PT-2025-25412 · Openc3 · Openc3 Cosmos

Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS version 6.0.0 Description: A credential leak in OpenC3 COSMOS allows attackers to access service credentials as environment variables stored in all containers. This issue is related to the cleartext storage of sensitive...

7.5CVSS5.8AI score0.00437EPSS
Exploits1References8
Rows per page
Query Builder