Exploit for Stack-based Buffer Overflow in Dronecode Px4_Drone_Autopilot

CVE-2026-32743 - PX4 Autopilot MavlinkLogHandler Stack Buffer...

CVE-2026-32743

PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to Stack-based Buffer Overflow through the MavlinkLogHandler, and are triggered via MAVLink log request. The LogEntry.filepath buffer is 60 bytes, but the sscanf function parses...

CVE-2026-32743 PX4 Autopilot: Stack-based Buffer Overflow via Oversized Path Input in MAVLink Log Request Handling

PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to Stack-based Buffer Overflow through the MavlinkLogHandler, and are triggered via MAVLink log request. The LogEntry.filepath buffer is 60 bytes, but the sscanf function parses...

CVE-2022-40365

Cross site scripting XSS vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue...

CVE-2025-0700

A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/sys/log/list. The manipulation of the argument logId leads to sql injection. The attack may be...

PT-2025-4009 · Joeybling · Bootplus

Name of the Vulnerable Software and Affected Versions: JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d Description: A critical issue affects some unknown functionality of the file /admin/sys/log/list. The manipulation of the logId argument leads to SQL injection. This issue can ...

bootplus 安全漏洞

bootplus is a permission management framework by JoeyBling Personal Developer. A security vulnerability exists in bootplus, which stems from the parameter logId in the file /admin/sys/log/list that can lead to SQL injection...

CVE-2023-46981

SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list...

CVE-2023-46981

SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list...

Sql injection

SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list...

Novel-Plus Security Vulnerability

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A security vulnerability exists in Novel-Plus version v.4.2.0. An attacker can exploit the vulnerability by executing arbitrary code via a specially crafted script on the sort parameter in /common/log/list...

PT-2023-30282 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus version 4.2.0 Description: A SQL injection issue allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in the "/common/log/list" API endpoint. Recommendations: For Novel-Plus version 4.2.0,...

CVE-2023-1595

A vulnerability has been found in novel-plus 3.6.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file common/log/list. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed ...

Sql injection

A vulnerability has been found in novel-plus 3.6.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file common/log/list. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed ...

CVE-2023-1595

CVE-2023-1595 affects novel-plus 3.6.2, specifically the file path common/log/list. The root cause is manipulation of the sort argument, enabling SQL injection. The vulnerability can be exploited remotely, and public disclosure exists. Connected sources describe it as a high-severity issue with S...

CVE-2023-1595 novel-plus list sql injection

A vulnerability has been found in novel-plus 3.6.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file common/log/list. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed ...

PT-2023-17104 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: novel-plus version 3.6.2 Description: A critical issue has been found in an unknown functionality of the file common/log/list. The manipulation of the sort argument leads to SQL injection. The attack can be launched remotely. Recommendations:...

CVE-2020-16165

The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters...

Wing FTP Server Admin /admin_loglist.html Cross-Site Request Forgery Vulnerability

WingFTPServer is a professional cross-platform FTP server , it has good speed , reliability and a friendly configuration interface . A cross-site request forgery vulnerability exists in WingFTPServer Admin /adminloglist.html, which allows remote attackers to construct malicious URIs, trick users...