EUVD-2026-12179

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...

Silent Subversion: Sensor Spoofing Attacks Via Supply Chain Implants in Satellite Systems

Spoofing attacks are among the most destructive cyber threats to terrestrial systems, and they become even more dangerous in space, where satellites cannot be easily serviced, and operators depend on accurate telemetry to ensure mission success. When telemetry is compromised, entire spaceborne...

CVE-2026-21898

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the CryptoAOSProcessSecurity function reads...

CVE-2026-21897

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the CryptoConfigAddGvcidManagedParameters...

CVE-2026-22697

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is...

CVE-2026-22025

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, when the KMC server returns a non-200 HTTP...

CVE-2026-22023

CryptoLib (software-only SDLS-EP) for cFS-ground station uses cryptography_aead_encrypt(). Prior to 1.4.3, there is an out-of-bounds heap read vulnerability in that function due to a flawed strtok pattern during KMC AEAD encrypt metadata parsing. The issue affects CryptoLib versions before 1.4.3 ...

CVE-2025-64096

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to 1.4.2, there is a missing bounds check in CryptoKeyupdate...

EUVD-2025-37044

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prier to 1.4.2, there is a missing bounds check in CryptoKeyupdate...

EUVD-2024-34390

Malicious code in bioql PyPI...

CVE-2024-11166

For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control SLC to the lowest setting and disable the Resolution Advisory RA, leading to a...

CVE-2025-29913

CVE-2025-29913 affects CryptoLib (versions ≤ 1.3.3). The vulnerability is in the function Crypto_TC_Prep_AAD, where an incorrect calculation of the MAC start index can underflow an unsigned integer, causing an out-of-bounds access in the ingest buffer and leading to a heap-based buffer overflow. ...

CVE-2024-11166

For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control SLC to the lowest setting and disable the Resolution Advisory RA, leading to a...

CVE-2024-11166

The CVE-2024-11166 entry concerns TCAS II systems whose transponders are compliant with MOPS prior to RTCA DO-181F. The vulnerability enables an attacker to impersonate a ground station and issue a Comm-A Identity Request, which can set the Sensitivity Level Control (SLC) to the lowest setting an...

CVE-2024-11166 Traffic Alert and Collision Avoidance System (TCAS) II has an External Control of System or Configuration Setting vulnerability

For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control SLC to the lowest setting and disable the Resolution Advisory RA, leading to a...

Federal Aviation Administration TCAS 安全漏洞

Federal Aviation Administration TCAS is a traffic alert and collision avoidance system organized by the Federal Aviation Administration FAA in the United States. A security vulnerability exists in Federal Aviation Administration TCAS that originates from an attacker being able to impersonate a...

Securing Space 4.0 – One Small Step or a Giant Leap? - Part 1

ARCHIVED STORY Securing Space 4.0 – One Small Step or a Giant Leap? - Part 1 By Eoin Carroll · September 30, 2020 McAfee Advanced Threat Research ATR is collaborating with Cork Institute of Technology CIT and its Blackrock Castle Observatory BCO and the National Space Center NSC in Cork, Ireland...

Securing Space 4.0 – One Small Step or a Giant Leap? - Part 1

ARCHIVED STORY Securing Space 4.0 – One Small Step or a Giant Leap? - Part 1 By Eoin Carroll · September 30, 2020 McAfee Advanced Threat Research ATR is collaborating with Cork Institute of Technology CIT and its Blackrock Castle Observatory BCO and the National Space Center NSC in Cork, Ireland...

Hackers Are Building an Army of Cheap Satellite Trackers

NyanSat is an open source ground station that lets you listen in on low-orbit transmissions for about $100 worth of gear...