187 matches found
CVE-2025-28386
A remote code execution RCE vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file...
CVE-2025-28384
An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal...
CVE-2025-28381
A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers...
CVE-2025-28380
A cross-site scripting XSS vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter...
CVE-2025-28382
An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal...
CVE-2025-28389
Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack...
CVE-2025-28388
OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...
GHSA-CF8V-5MRC-JV7F OpenC3 COSMOS Vulnerable to Directory Traversal via openc3-api/tables endpoint
An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal...
OpenC3 COSMOS Vulnerable to Directory Traversal via openc3-api/tables endpoint
An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal...
OpenC3 COSMOS Vulnerable to Directory Traversal via /script-api/scripts/ endpoint
An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal...
GHSA-P67J-387G-75WC OpenC3 COSMOS Vulnerable to Directory Traversal via /script-api/scripts/ endpoint
An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal...
Weak Password Requirements
Overview Affected versions of this package are vulnerable to Weak Password Requirements due to support of clear-text passwords. An attacker can brute-force a shorter password to get access to the system. Note: OpenC3 supports authentication using an authentication token, users are advised to use ...
Use of Hard-coded Credentials
Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials for the Service Account. An attacker could use the Service Account as a backdoor to the system using the leaked credentials. Remediation Upgrade openc3 to version 6.0.2 or higher. References - GitHub Commit...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via script pluginmodel.rb. An attacker can upload a crafted requirements.txt file with a malicious plugin. Remediation There is no fixed version for openc3. References - PoC - Vulnerable Code...
CVE-2025-28389
Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack...
PYSEC-2025-150
Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack...
CVE-2025-28386
A remote code execution RCE vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file...
CVE-2025-28380
A cross-site scripting XSS vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter...
CVE-2025-28384
An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal...
CVE-2025-28381
A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers...