463 matches found
CVE-2026-32706
PX4 autopilot's crsf_rc parser contains a global 64-byte buffer overflow when processing an oversized variable-length known packet prior to 1.17.0-rc2. An adjacent/raw-serial attacker on a CRSF port could trigger memory corruption and crash PX4. Fixed in 1.17.0-rc2. CVSS v3.1 base score 7.1 (High...
EUVD-2026-12150
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsfrc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsfrc is enabled on a CRSF serial port, an...
CVE-2026-32706 PX4 autopilot has a global buffer overflow in crsf_rc via oversized variable-length known packet
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsfrc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsfrc is enabled on a CRSF serial port, an...
CVE-2026-32705 PX4 autopilot BST Device Name Length Can Overflow Driver Buffer
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...
EUVD-2026-12148
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...
CVE-2026-32705
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...
CVE-2026-32705 PX4 autopilot BST Device Name Length Can Overflow Driver Buffer
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...
PT-2026-25395
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic && instead of ||, allowing BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors...
PT-2026-25388
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized dev name len, causing a stack overflow in the driver and crashing the task o...
PT-2026-25390
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattu can contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattu can is enabled and running, a CAN-injection-capabl...
PT-2026-8018
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...
CVE-2026-24830 Integer Overflow or Wraparound in IronOS
Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2...
IronOS security vulnerabilities
IronOS is a firmware system developed by Ben V. Brown individually. Versions of IronOS prior to v2.23-rc2 contained security vulnerabilities, which were caused by integer overflows or circular errors...
PT-2026-4908
Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2...
MiracleLinux 3 : kvm-83-262.0.1.AXS3.3 (AXSA:2013-449:01)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-449:01 advisory. KVM for Kernel-based Virtual Machine is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines running...
SUSE CVE-2025-68471
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart...
CVE-2026-22252
LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vulnerability is fix...
CVE-2025-68468
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they...
UBUNTU-CVE-2025-68468
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they...
CVE-2025-68468
Summary: CVE-2025-68468 affects the Avahi package. Affected component: avahi-daemon; issue: a reachable assertion in lookup_multicast_callback can cause the daemon to crash when processing certain unsolicited CNAME records or during wide-area/broadcast traffic, leading to denial of service. Affec...