CVE-2026-32706

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsfrc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsfrc is enabled on a CRSF serial port, an...

PX4-Autopilot 缓冲区错误漏洞

PX4-Autopilot is an open-source drone autopilot system developed by PX4. Versions of PX4-Autopilot prior to 1.17.0-rc2 contained a buffer error vulnerability. This vulnerability stems from the crsfrc parser accepting excessively long, variable-length known packets and copying them into a fixed...

CVE-2026-32706 PX4 autopilot has a global buffer overflow in crsf_rc via oversized variable-length known packet

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsfrc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsfrc is enabled on a CRSF serial port, an...

CVE-2026-32706

PX4 autopilot's crsf_rc parser contains a global 64-byte buffer overflow when processing an oversized variable-length known packet prior to 1.17.0-rc2. An adjacent/raw-serial attacker on a CRSF port could trigger memory corruption and crash PX4. Fixed in 1.17.0-rc2. CVSS v3.1 base score 7.1 (High...

CVE-2026-32706 PX4 autopilot has a global buffer overflow in crsf_rc via oversized variable-length known packet

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsfrc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsfrc is enabled on a CRSF serial port, an...

CVE-2026-32706

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsfrc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsfrc is enabled on a CRSF serial port, an...

PT-2026-25389

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf rc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsf rc is enabled on a CRSF serial port, an...

CVE-2024-1084

Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This vulnerability affected all...

PT-2023-30521 · Px4 · Px4

Name of the Vulnerable Software and Affected Versions: PX4 autopilot versions prior to 1.14.0 Description: A global buffer overflow vulnerability exists in the CrsfParser TryParseCrsfPacket function due to an invalid size check. This allows a malicious user to create an RC packet remotely, which...

Cross site Request Forgery in running schedule by using GET method.

Description There is a CRSF in autolab source code in running scheduler due to usage of GET method. Proof of Concept 1. Install a local instance of autolab 2. Go to /courses//schedulers and create a schedule 3. Access the link courses//schedulers//run and see that the schedulers is running...

Design/Logic Flaw

The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsctickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the setdeletepermanentlybulkticket settingaction...

Woocommerce Customers Manager < 26.6 - Arbitrary Account Creation/Update via CSRF

The fixes for https://wpscan.com/vulnerability/126143e0-b0cc-4517-862e-3ac557db744f still allowed the issue to be performed via a CSRF attack. The uploadcsv AJAX action, available to authenticated users, did not have proper CRSF check, allowing attacker to make a logged in user with the...

Multiple Plugins - CSRF Nonce Bypasses

Multiple plugins did not properly check for CRSF nonces, allowing attackers to make logged in users do unwanted actions with crafted requests not containing the related nonce parameter. Other plugins reported in the original advisory which are not here have been added individually in the last wee...

CVE-2020-7304

Cross site request forgery vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label...

WebP Express <= 0.14.10 - Multiple Issues

- Arbitrary File Viewing - CRSF - XSS including https://wpvulndb.com/vulnerabilities/9389 - Unauthorised Access...

Open Real Estate CMS 1.5.1 CSRF / Path Disclosure / SQL Injection

Exploit Title: Open Real Estate CMS - Multiple vilnerabilities Date: 2013 9 August Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: http://monoray.net/products/6-open-real-estate Tested on: Linux & Windows, PHP...

Kusaba X 0.9.1 Cross Site Request Forgery / Cross Site Scripting

KusabaX XSS and CSRF Vulnerabilites Product: KusabaX and various Futaba channels clone Vendor site: http://kusabax.cultnet.net/ Affected versions: KusabaX " ----------------------------------------------------- Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a...

kusaba x 0.9.1 - Multiple Vulnerabilities

KusabaX XSS and CSRF Vulnerabilites Product: KusabaX and various Futaba channels clone Vendor site: http://kusabax.cultnet.net/ Affected versions: KusabaX " ----------------------------------------------------- Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a...

Ruby on Rails: Multiple vulnerabilities

Background Ruby on Rails is a web-application and persistence framework. Description The following vulnerabilities were discovered: sameer reported that lib/actioncontroller/cgiprocess.rb removes the :cookieonly attribute from the default session options CVE-2007-6077, due to an incomplete fix fo...

ZenPhoto Gallery 1.2.5 Password Reset

?php Zen Photo Adminstrator Password Steal/Reset Exploit +================================================================+ Discovered and coded by petros at dusecurity.com +----------------------------------------------------------------+ Affects: ZenPhoto Gallery 1.2.5...