Lucene search
K

187 matches found

RedhatCVE
RedhatCVE
added 2025/06/15 12:21 a.m.4 views

CVE-2025-28386

A remote code execution RCE vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file...

9.8CVSS9.8AI score0.00914EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/15 12:21 a.m.4 views

CVE-2025-28384

An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal...

9.1CVSS6.8AI score0.00856EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/15 12:21 a.m.4 views

CVE-2025-28381

A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers...

7.5CVSS6.6AI score0.00437EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/15 12:21 a.m.7 views

CVE-2025-28380

A cross-site scripting XSS vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter...

6.1CVSS5.7AI score0.00283EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/15 12:21 a.m.5 views

CVE-2025-28382

An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal...

7.5CVSS6.8AI score0.00856EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/15 12:21 a.m.4 views

CVE-2025-28389

Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack...

9.8CVSS9.6AI score0.00542EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/15 12:21 a.m.5 views

CVE-2025-28388

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...

9.8CVSS7.1AI score0.00507EPSS
Exploits1References1
OSV
OSV
added 2025/06/13 3:30 p.m.4 views

GHSA-CF8V-5MRC-JV7F OpenC3 COSMOS Vulnerable to Directory Traversal via openc3-api/tables endpoint

An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal...

7.5CVSS7.3AI score0.00856EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2025/06/13 3:30 p.m.9 views

OpenC3 COSMOS Vulnerable to Directory Traversal via openc3-api/tables endpoint

An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal...

7.5CVSS7.3AI score0.00856EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/06/13 3:30 p.m.8 views

OpenC3 COSMOS Vulnerable to Directory Traversal via /script-api/scripts/ endpoint

An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal...

9.1CVSS7.3AI score0.00856EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2025/06/13 3:30 p.m.4 views

GHSA-P67J-387G-75WC OpenC3 COSMOS Vulnerable to Directory Traversal via /script-api/scripts/ endpoint

An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal...

9.1CVSS7.3AI score0.00856EPSS
Exploits1References8
Snyk
Snyk
added 2025/06/13 2:41 p.m.2 views

Weak Password Requirements

Overview Affected versions of this package are vulnerable to Weak Password Requirements due to support of clear-text passwords. An attacker can brute-force a shorter password to get access to the system. Note: OpenC3 supports authentication using an authentication token, users are advised to use ...

9.8CVSS7.2AI score0.00542EPSS
Exploits1References2
Snyk
Snyk
added 2025/06/13 2:41 p.m.2 views

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials for the Service Account. An attacker could use the Service Account as a backdoor to the system using the leaked credentials. Remediation Upgrade openc3 to version 6.0.2 or higher. References - GitHub Commit...

9.8CVSS6.7AI score0.00507EPSS
Exploits1References2
Snyk
Snyk
added 2025/06/13 2:41 p.m.2 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via script pluginmodel.rb. An attacker can upload a crafted requirements.txt file with a malicious plugin. Remediation There is no fixed version for openc3. References - PoC - Vulnerable Code...

9.8CVSS7.4AI score0.00914EPSS
Exploits1References2
NVD
NVD
added 2025/06/13 2:15 p.m.11 views

CVE-2025-28389

Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack...

9.8CVSS0.00542EPSS
Exploits1References2
OSV
OSV
added 2025/06/13 2:15 p.m.8 views

PYSEC-2025-150

Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack...

9.8CVSS5.8AI score0.00542EPSS
Exploits1References2
NVD
NVD
added 2025/06/13 2:15 p.m.12 views

CVE-2025-28386

A remote code execution RCE vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file...

9.8CVSS0.00914EPSS
Exploits1References2
NVD
NVD
added 2025/06/13 2:15 p.m.11 views

CVE-2025-28380

A cross-site scripting XSS vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter...

6.1CVSS0.00283EPSS
Exploits1References5
NVD
NVD
added 2025/06/13 2:15 p.m.27 views

CVE-2025-28384

An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal...

9.1CVSS0.00856EPSS
Exploits1References5
NVD
NVD
added 2025/06/13 2:15 p.m.12 views

CVE-2025-28381

A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers...

7.5CVSS0.00437EPSS
Exploits1References5
Rows per page
Query Builder