Security Vulnerabilities
A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-06-13
A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to access service credentials as environment variables stored in all containers.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-06-13
An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.
CVSS Score
7.5
EPSS Score
0.006
Published
2025-06-13
An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.
CVSS Score
9.1
EPSS Score
0.006
Published
2025-06-13
A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-06-13
OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded credentials for the Service Account.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-06-13
Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component
CVSS Score
9.8
EPSS Score
0.005
Published
2025-06-13
Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component
CVSS Score
6.1
EPSS Score
0.001
Published
2025-06-13
An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtectâ„¢ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel.
An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-06-13
An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtectâ„¢ app on macOS allows a non administrative user to escalate their privileges to root.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-06-13