Lucene search
+L

92 matches found

Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55304

Name of the Vulnerable Software and Affected Versions ardupilot versions prior to Plane-4.6.4 Description An out-of-bounds read issue exists in the GCS MAVLINK::handle serial control function within the libraries/GCS MAVLink/GCS serial control.cpp file. An out-of-bounds read occurs when a program...

9.1CVSS6.1AI score0.00482EPSS
Exploits1References9
Cvelist
Cvelist
added 2026/07/02 12:0 a.m.40 views

CVE-2026-38971

ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCSMAVLink/GCSserialcontrol.cpp in GCSMAVLINK::handleserialcontrol...

0.00482EPSS
Exploits1References4
OSV
OSV
added 2026/07/02 12:0 a.m.4 views

CVE-2026-38971

ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCSMAVLink/GCSserialcontrol.cpp in GCSMAVLINK::handleserialcontrol...

9.1CVSS5.9AI score0.00482EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2026/05/08 5:8 p.m.207 views

Exploit for Stack-based Buffer Overflow in Dronecode Px4_Drone_Autopilot

CVE-2026-32743 - PX4 Autopilot MavlinkLogHandler Stack Buffer...

6.5CVSS6AI score0.00365EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.6 views

CVE-2026-1579

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...

9.8CVSS5.9AI score0.00926EPSS
Exploits0References1
NVD
NVD
added 2026/03/31 9:16 p.m.7 views

CVE-2026-1579

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...

9.8CVSS0.00926EPSS
Exploits0References4
CVE
CVE
added 2026/03/31 8:20 p.m.23 views

CVE-2026-1579

The CVE-2026-1579 issue affects PX4 Autopilot via the MAVLink protocol. Without MAVLink 2.0 message signing, unauthenticated entities with access to the MAVLink interface can send messages (including SERIAL_CONTROL, which can grant interactive shell access), potentially compromising devices that ...

9.8CVSS5.9AI score0.00926EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 8:20 p.m.2 views

CVE-2026-1579 PX4 Autopilot Missing authentication for critical function

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...

9.8CVSS5.9AI score0.00926EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/31 8:20 p.m.3 views

CVE-2026-1579

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...

9.8CVSS5.9AI score0.00926EPSS
Exploits0References5
ICS
ICS
added 2026/03/31 6:0 a.m.8 views

PX4 Autopilot

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with access to the MAVLink interface to execute arbitrary shell commands without cryptographic authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

9.8CVSS6.2AI score0.00926EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.10 views

PX4-Autopilot 访问控制错误漏洞

PX4-Autopilot is an open-source drone autopilot system developed by PX4. PX4-Autopilot has a security vulnerability related to access control. This vulnerability arises from the fact that encryption authentication is not required by default, and when MAVLink 2.0 message signing is not enabled, an...

9.8CVSS6AI score0.00926EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.4 views

PT-2026-29340

Name of the Vulnerable Software and Affected Versions PX4 Autopilot affected versions not specified Description The MAVLink communication protocol, as used by PX4 Autopilot, does not require cryptographic authentication by default. Without MAVLink 2.0 message signing enabled, unauthenticated...

9.8CVSS5.9AI score0.00926EPSS
Exploits0References17
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.10 views

CVE-2026-32709

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem withou...

6.8CVSS6AI score0.00476EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.4 views

CVE-2026-32743

PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to Stack-based Buffer Overflow through the MavlinkLogHandler, and are triggered via MAVLink log request. The LogEntry.filepath buffer is 60 bytes, but the sscanf function parses...

6.5CVSS6AI score0.00365EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.6 views

CVE-2026-32724

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...

5.3CVSS5.8AI score0.00251EPSS
Exploits1References1
NVD
NVD
added 2026/03/19 12:16 a.m.8 views

CVE-2026-32743

PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to Stack-based Buffer Overflow through the MavlinkLogHandler, and are triggered via MAVLink log request. The LogEntry.filepath buffer is 60 bytes, but the sscanf function parses...

6.5CVSS0.00365EPSS
Exploits3References2
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.13 views

PX4-Autopilot 安全漏洞

PX4-Autopilot is an open-source drone autopilot system developed by PX4. Versions of PX4-Autopilot prior to 1.17.0-rc2 contained security vulnerabilities. These vulnerabilities were caused by a stack-based buffer overflow issue in the MavlinkLogHandler, which could potentially allow attackers to...

6.5CVSS6.1AI score0.00365EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/03/18 11:26 p.m.5 views

CVE-2026-32743

PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to Stack-based Buffer Overflow through the MavlinkLogHandler, and are triggered via MAVLink log request. The LogEntry.filepath buffer is 60 bytes, but the sscanf function parses...

6.5CVSS5.9AI score0.00365EPSS
Exploits3References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/18 11:26 p.m.2 views

CVE-2026-32743 PX4 Autopilot: Stack-based Buffer Overflow via Oversized Path Input in MAVLink Log Request Handling

PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to Stack-based Buffer Overflow through the MavlinkLogHandler, and are triggered via MAVLink log request. The LogEntry.filepath buffer is 60 bytes, but the sscanf function parses...

6.5CVSS5.9AI score0.00365EPSS
Exploits3References2
CVE
CVE
added 2026/03/18 11:26 p.m.67 views

CVE-2026-32743

PX4 Autopilot versions 1.17.0-rc2 and earlier are affected by a Stack-based Buffer Overflow in the MAVLink log request handling via MavlogHandler. The LogEntry.filepath buffer is 60 bytes, and paths are parsed with sscanf without a width specifier, allowing overflow when a longer path is provided...

6.5CVSS5.9AI score0.00365EPSS
Exploits3References2Affected Software1
Rows per page
Query Builder