Security Vulnerabilities
A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-06-13
A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to access service credentials as environment variables stored in all containers.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-06-13
An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.
CVSS Score
7.5
EPSS Score
0.006
Published
2025-06-13
An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.
CVSS Score
9.1
EPSS Score
0.006
Published
2025-06-13
OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded credentials for the Service Account.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-06-13
Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component
CVSS Score
9.8
EPSS Score
0.005
Published
2025-06-13
There is an insufficient input validation vulnerability in the warehouse
component of Absolute Secure Access prior to server version 13.55. Attackers
with system administrator permissions can impair the availability of the Secure
Access administrative UI by writing invalid data to the warehouse over the
network. The attack complexity is low, there are no attack requirements,
privileges required are high, and there is no user interaction required. There
is no impact on confidentiality or integrity; the impact on availability is
high.
CVSS Score
4.9
EPSS Score
0.001
Published
2025-06-12
Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint
CVSS Score
7.5
EPSS Score
0.0
Published
2025-06-12
A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ipAddPost.php. The manipulation of the argument bz/ipdz leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-06-12
A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php. The manipulation of the argument title/aboutimg/info1/info2/info3/btn1/btn2/infox1/infox2/infox3/infox4/infox5/infox6/btnx2/infof1/infof2/infof3/infof4/btnf3/infod1/infod2/infod3/infod4/infod5 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-06-12