CVE-2025-28386
- EPSS 0.91%
- Veröffentlicht 13.06.2025 00:00:00
- Zuletzt bearbeitet 23.06.2025 14:06:04
A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file.
CVE-2025-28388
- EPSS 0.51%
- Veröffentlicht 13.06.2025 00:00:00
- Zuletzt bearbeitet 27.10.2025 16:15:39
OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account.
CVE-2025-28389
- EPSS 0.54%
- Veröffentlicht 13.06.2025 00:00:00
- Zuletzt bearbeitet 17.06.2025 19:42:06
Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.
CVE-2024-46977
- EPSS 0.93%
- Veröffentlicht 02.10.2024 20:15:11
- Zuletzt bearbeitet 31.10.2024 14:15:05
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's open_local_file method allows an authenticated user with adequate permissions...
CVE-2024-47529
- EPSS 0.34%
- Veröffentlicht 02.10.2024 20:15:11
- Zuletzt bearbeitet 13.11.2024 17:15:46
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password suscept...
CVE-2024-43795
- EPSS 0.44%
- Veröffentlicht 02.10.2024 20:15:10
- Zuletzt bearbeitet 31.10.2024 14:15:05
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 5.19.0. Note...