| CVE-2026-42087 |
critical |
9.6 |
9.6 |
|
|
|
1mo ago |
OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database |
| CVE-2026-42084 |
high |
8.1 |
8.1 |
|
|
|
1mo ago |
OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence |
| CVE-2026-42086 |
medium |
4.6 |
4.6 |
|
|
|
1mo ago |
OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender |
| CVE-2026-42085 |
medium |
4.3 |
4.3 |
|
|
|
1mo ago |
OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames |
| CVE-2025-68271 |
unknown |
— |
— |
|
|
|
5mo ago |
openc3-api Vulnerable to Unauthenticated Remote Code Execution |
| CVE-2024-47529 |
unknown |
— |
— |
|
|
|
2y ago |
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of … |
| CVE-2024-43795 |
unknown |
— |
— |
|
|
|
2y ago |
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting (XSS) vulnera… |
| CVE-2024-46977 |
unknown |
— |
— |
|
|
|
2y ago |
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's open_local_file method all… |
