Openc3

Cosmos

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2026-42088

Exploit
  • EPSS 0.34%
  • Veröffentlicht 04.05.2026 17:21:27
  • Zuletzt bearbeitet 13.05.2026 20:47:46

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Python and Ruby scripts directly from the openc3-COSM...

9.6

CVE-2026-42087

Exploit
  • EPSS 0.32%
  • Veröffentlicht 04.05.2026 17:18:02
  • Zuletzt bearbeitet 08.05.2026 19:53:16

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database (TSDB) component ...

4.6

CVE-2026-42086

Exploit
  • EPSS 0.2%
  • Veröffentlicht 04.05.2026 17:15:59
  • Zuletzt bearbeitet 08.05.2026 19:54:39

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval() function on array-like command parameters, which allows a user...

4.3

CVE-2026-42085

Exploit
  • EPSS 0.31%
  • Veröffentlicht 04.05.2026 17:13:39
  • Zuletzt bearbeitet 08.05.2026 19:54:30

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the save_tool_config() function that allows saving...

8.1

CVE-2026-42084

Exploit
  • EPSS 0.31%
  • Veröffentlicht 04.05.2026 17:11:31
  • Zuletzt bearbeitet 08.05.2026 19:54:14

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without pr...

10

CVE-2025-68271

  • EPSS 0.54%
  • Veröffentlicht 13.01.2026 18:32:21
  • Zuletzt bearbeitet 15.04.2026 00:35:42

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. Wh...

6.1

CVE-2025-28380

Exploit
  • EPSS 0.28%
  • Veröffentlicht 13.06.2025 00:00:00
  • Zuletzt bearbeitet 27.10.2025 15:15:37

A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.

7.5

CVE-2025-28381

Exploit
  • EPSS 0.44%
  • Veröffentlicht 13.06.2025 00:00:00
  • Zuletzt bearbeitet 27.10.2025 16:15:39

A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers.

7.5

CVE-2025-28382

Exploit
  • EPSS 0.86%
  • Veröffentlicht 13.06.2025 00:00:00
  • Zuletzt bearbeitet 27.10.2025 16:15:39

An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.

9.1

CVE-2025-28384

Exploit
  • EPSS 0.86%
  • Veröffentlicht 13.06.2025 00:00:00
  • Zuletzt bearbeitet 27.10.2025 16:15:39

An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.