openc3
Unclassifiedoss-project
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting openc3.
- CVE-2026-42088OpenC3 COSMOS: Administrative Actions via the Script Runner Tool9.6
- CVE-2026-42087OpenC3 COSMOS: SQL Injection in QuestDB Time-Series Data Base9.6
- CVE-2026-42086OpenC3 COSMOS: Self-XSS in the Command Sender4.6
- CVE-2026-42085OpenC3 COSMOS: Arbitrary write to plugins directory via path-traversed config filenames4.3
- CVE-2026-42084OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence8.1
- CVE-2025-68271Unauthenticated Remote Code Execution in openc3-api10.0
- CVE-2025-28380A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.6.1
- CVE-2025-28384An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.9.1
- CVE-2025-28388OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account.9.8
- CVE-2025-28389Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.9.8
- CVE-2025-28386A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file.9.8
- CVE-2025-28382An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.7.5
- CVE-2025-28381A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers.7.5
- CVE-2024-47529OpenC3 COSMOS uses clear text storage of password/token (`GHSL-2024-129`)6.5
- CVE-2024-46977OpenC3 COSMOS allows a path traversal via screen controller (`GHSL-2024-127`)6.5