Lucene search
K

323 matches found

Vulnrichment
Vulnrichment
added 2026/03/13 9:19 p.m.4 views

CVE-2026-32709 PX4 Autopilot MAVLink FTP Unauthenticated Path Traversal (Arbitrary File Read/Write/Delete)

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem withou...

5.4CVSS5.9AI score0.00476EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 9:18 p.m.3 views

CVE-2026-32708

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message to force an unbounded stack allocation and copy,...

7.8CVSS5.9AI score0.00241EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/13 9:18 p.m.4 views

CVE-2026-32708 Zenoh uORB Subscriber Allows Arbitrary Stack Allocation (PX4/PX4-Autopilot)

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message to force an unbounded stack allocation and copy,...

7.8CVSS5.9AI score0.00241EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/13 9:18 p.m.9 views

EUVD-2026-12172

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message to force an unbounded stack allocation and copy,...

7.8CVSS5.9AI score0.00241EPSS
Exploits1References1
CVE
CVE
added 2026/03/13 9:18 p.m.30 views

CVE-2026-32708

CVE-2026-32708 affects the PX4 Autopilot’s Zenoh uORB subscriber. Before 1.17.0-rc2, it allocates a stack VLQuestion from the incoming payload length without bounds, enabling a remote Zenoh publisher to send an oversized, fragmented message that triggers an unbounded stack allocation and a stack ...

8CVSS5.9AI score0.00241EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/13 9:18 p.m.3 views

CVE-2026-32707

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattucan contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattucan is enabled and running, a CAN-injection-capable...

5.2CVSS5.8AI score0.0027EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/13 9:18 p.m.4 views

CVE-2026-32707 PX4 autopilot has a stack buffer overflow in tattu_can due to unbounded memcpy in frame assembly loop

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattucan contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattucan is enabled and running, a CAN-injection-capable...

5.2CVSS5.8AI score0.0027EPSS
Exploits2References1
EUVD
EUVD
added 2026/03/13 9:18 p.m.4 views

EUVD-2026-12152

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattucan contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattucan is enabled and running, a CAN-injection-capable...

5.2CVSS5.8AI score0.0027EPSS
Exploits2References1
CVE
CVE
added 2026/03/13 9:18 p.m.27 views

CVE-2026-32707

CVE-2026-32707 affects PX4 Autopilot with the tattu_can module. A stack buffer overflow results from an unbounded memcpy in the multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In affected deployments where tattu_can is enabled, a CAN-injection cap...

6.1CVSS5.8AI score0.0027EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2026/03/13 9:18 p.m.33 views

CVE-2026-32707 PX4 autopilot has a stack buffer overflow in tattu_can due to unbounded memcpy in frame assembly loop

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattucan contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattucan is enabled and running, a CAN-injection-capable...

5.2CVSS0.0027EPSS
Exploits2References1
OSV
OSV
added 2026/03/13 9:18 p.m.4 views

CVE-2026-32707 PX4 autopilot has a stack buffer overflow in tattu_can due to unbounded memcpy in frame assembly loop

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattucan contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattucan is enabled and running, a CAN-injection-capable...

5.2CVSS5.8AI score0.0027EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/03/13 9:17 p.m.2 views

CVE-2026-32706

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsfrc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsfrc is enabled on a CRSF serial port, an...

7.1CVSS6AI score0.00309EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/13 9:17 p.m.35 views

CVE-2026-32706 PX4 autopilot has a global buffer overflow in crsf_rc via oversized variable-length known packet

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsfrc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsfrc is enabled on a CRSF serial port, an...

7.1CVSS0.00309EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/13 9:17 p.m.14 views

CVE-2026-32706 PX4 autopilot has a global buffer overflow in crsf_rc via oversized variable-length known packet

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsfrc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsfrc is enabled on a CRSF serial port, an...

7.1CVSS6AI score0.00309EPSS
Exploits1References1
OSV
OSV
added 2026/03/13 9:17 p.m.5 views

CVE-2026-32706 PX4 autopilot has a global buffer overflow in crsf_rc via oversized variable-length known packet

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsfrc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsfrc is enabled on a CRSF serial port, an...

7.1CVSS6AI score0.00309EPSS
Exploits1References3
CVE
CVE
added 2026/03/13 9:17 p.m.23 views

CVE-2026-32706

PX4 autopilot's crsf_rc parser contains a global 64-byte buffer overflow when processing an oversized variable-length known packet prior to 1.17.0-rc2. An adjacent/raw-serial attacker on a CRSF port could trigger memory corruption and crash PX4. Fixed in 1.17.0-rc2. CVSS v3.1 base score 7.1 (High...

8.1CVSS6AI score0.00309EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/03/13 9:15 p.m.4 views

EUVD-2026-12148

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...

6.8CVSS5.9AI score0.00267EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/13 9:15 p.m.31 views

CVE-2026-32705 PX4 autopilot BST Device Name Length Can Overflow Driver Buffer

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...

6.8CVSS0.00267EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 9:15 p.m.2 views

CVE-2026-32705

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...

6.8CVSS5.9AI score0.00267EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/13 9:15 p.m.4 views

CVE-2026-32705 PX4 autopilot BST Device Name Length Can Overflow Driver Buffer

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...

6.8CVSS5.9AI score0.00267EPSS
Exploits1References3
Rows per page
Query Builder