Lucene search
K

34184 matches found

CVE
CVE
added 2026/03/13 9:18 p.m.26 views

CVE-2026-32708

CVE-2026-32708 affects the PX4 Autopilot’s Zenoh uORB subscriber. Before 1.17.0-rc2, it allocates a stack VLQuestion from the incoming payload length without bounds, enabling a remote Zenoh publisher to send an oversized, fragmented message that triggers an unbounded stack allocation and a stack ...

8CVSS5.9AI score0.00241EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/03/13 9:18 p.m.9 views

EUVD-2026-12172

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message to force an unbounded stack allocation and copy,...

7.8CVSS5.9AI score0.00241EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/13 9:18 p.m.31 views

CVE-2026-32707 PX4 autopilot has a stack buffer overflow in tattu_can due to unbounded memcpy in frame assembly loop

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattucan contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattucan is enabled and running, a CAN-injection-capable...

5.2CVSS0.0027EPSS
Exploits2References1
OSV
OSV
added 2026/03/13 9:18 p.m.4 views

CVE-2026-32707 PX4 autopilot has a stack buffer overflow in tattu_can due to unbounded memcpy in frame assembly loop

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattucan contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattucan is enabled and running, a CAN-injection-capable...

5.2CVSS5.8AI score0.0027EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/03/13 9:18 p.m.4 views

CVE-2026-32707 PX4 autopilot has a stack buffer overflow in tattu_can due to unbounded memcpy in frame assembly loop

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattucan contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattucan is enabled and running, a CAN-injection-capable...

5.2CVSS5.8AI score0.0027EPSS
Exploits2References1
EUVD
EUVD
added 2026/03/13 9:15 p.m.4 views

EUVD-2026-12148

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...

6.8CVSS5.9AI score0.00267EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/13 9:15 p.m.2 views

CVE-2026-32705 PX4 autopilot BST Device Name Length Can Overflow Driver Buffer

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...

6.8CVSS5.9AI score0.00267EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 9:15 p.m.2 views

CVE-2026-32705

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...

6.8CVSS5.9AI score0.00267EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/13 9:15 p.m.7 views

CVE-2026-32705

Summary: The CVE affects the PX4 autopilot BST telemetry driver. Before version 1.17.0-rc2, the BST device can report an oversized dev_name_len, and the driver writes a string terminator without bounds, causing a stack overflow that can crash the task or enable code execution. Root cause: device-...

6.8CVSS5.9AI score0.00267EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/13 9:15 p.m.4 views

CVE-2026-32705 PX4 autopilot BST Device Name Length Can Overflow Driver Buffer

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...

6.8CVSS5.9AI score0.00267EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/13 8:57 p.m.288 views

AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion

Summary AutoMapper is vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an attacker to provide a specially crafted object graph that exhausts the thread's sta...

7.5CVSS5.9AI score0.00542EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/03/13 8:57 p.m.38 views

GHSA-RVV3-G6HJ-G44X AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion

Summary AutoMapper is vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an attacker to provide a specially crafted object graph that exhausts the thread's sta...

7.5CVSS5.9AI score0.00542EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2026/03/13 8:39 p.m.1 views

CVE-2026-3081

GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

7.8CVSS6.4AI score0.00425EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/13 8:39 p.m.20 views

CVE-2026-3081 GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability

GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

7.8CVSS0.00425EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/13 5:2 p.m.6 views

CVE-2026-32259

A flaw was found in ImageMagick. Processing a specially crafted file with the sixel encoder can cause a stack-based buffer overflow when a memory allocation fails, leading to a denial of service. Mitigation To mitigate this vulnerability, disable the vulnerable encoder by adding the following lin...

6.7CVSS6.1AI score0.00096EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/13 3:40 p.m.4 views

EUVD-2026-11653

flatted vulnerable to unbounded recursion DoS in parse revive phase...

7.5CVSS5.8AI score0.00777EPSS
Exploits1References4
OSV
OSV
added 2026/03/13 3:40 p.m.2 views

GHSA-25H7-PFQ9-P65F flatted vulnerable to unbounded recursion DoS in parse() revive phase

Summary flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process. Impact...

7.5CVSS5.9AI score0.00777EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/03/13 1:15 p.m.5 views

SUSE CVE-2026-32259

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. This vulnerability is fixed in 7.1.2-16 and...

6.7CVSS6AI score0.00096EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.6 views

PT-2026-25388

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized dev name len, causing a stack overflow in the driver and crashing the task o...

6.8CVSS5.9AI score0.00267EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.10 views

PT-2026-25393

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message to force an unbounded stack allocation and copy,...

7.8CVSS5.9AI score0.00241EPSS
Exploits1References6
Rows per page
Query Builder