| CVE-2026-42087 |
critical |
9.6 |
9.6 |
|
|
|
1mo ago |
OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database |
| CVE-2026-42084 |
high |
8.1 |
8.1 |
|
|
|
1mo ago |
OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence |
| CVE-2026-42086 |
medium |
4.6 |
4.6 |
|
|
|
1mo ago |
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval() function on… |
| CVE-2026-42085 |
medium |
4.3 |
4.3 |
|
|
|
1mo ago |
OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames |
| CVE-2025-68271 |
unknown |
— |
— |
|
|
|
5mo ago |
openc3-api Vulnerable to Unauthenticated Remote Code Execution |
| CVE-2024-47529 |
unknown |
— |
— |
|
|
|
2y ago |
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of … |
| CVE-2024-43795 |
unknown |
— |
— |
|
|
|
2y ago |
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting (XSS) vulnera… |
| CVE-2024-46977 |
unknown |
— |
— |
|
|
|
2y ago |
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's open_local_file method all… |