Every CVE whose affected-product data names Openc3 Cosmos, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2025-28386 — CVSS 9.8 (critical): A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute…
CVE-2025-28389 — CVSS 9.8 (critical): Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.
CVE-2026-42088 — CVSS 9.6 (critical): OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version…
CVE-2026-42087 — CVSS 9.6 (critical): OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0…
CVE-2025-28384 — CVSS 9.1 (critical): An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.
CVE-2026-42084 — CVSS 8.1 (high): OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions…
CVE-2025-28381 — CVSS 7.5 (high): A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all…
CVE-2025-28382 — CVSS 7.5 (high): An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.
CVE-2024-46977 — CVSS 6.5 (medium): OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal…
CVE-2024-47529 — CVSS 6.5 (medium): OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS…
CVE-2025-28380 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via…
CVE-2024-43795 — CVSS 6.1 (medium): OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login…
CVE-2026-42086 — CVSS 4.6 (medium): OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version…
CVE-2026-42085 — CVSS 4.3 (medium): OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions…