Lucene search
+L

27 matches found

NVD
NVD
added 2026/07/02 9:16 p.m.19 views

CVE-2026-38971

ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCSMAVLink/GCSserialcontrol.cpp in GCSMAVLINK::handleserialcontrol...

9.1CVSS0.00482EPSS
Exploits1References4
OSV
OSV
added 2026/07/02 12:0 a.m.3 views

CVE-2026-38971

ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCSMAVLink/GCSserialcontrol.cpp in GCSMAVLINK::handleserialcontrol...

9.1CVSS5.9AI score0.00482EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/07/02 12:0 a.m.6 views

CVE-2026-38971

ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCSMAVLink/GCSserialcontrol.cpp in GCSMAVLINK::handleserialcontrol...

5.9AI score0.00482EPSS
Exploits1References4
CVE
CVE
added 2026/07/02 12:0 a.m.16 views

CVE-2026-38971

CVE-2026-38971 affects ArduPilot through Plane-4.6.3. It is a real vulnerability: an out-of-bounds read in libraries/GCS_MAVLink/GCS_serial_control.cpp, within GCS_MAVLINK::handle_serial_control(). The CVSS 3.1 vector indicates no authentication, network attack surface, low attack complexity, and...

9.1CVSS5.7AI score0.00482EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 12:0 a.m.7 views

CVE-2026-38971

ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCSMAVLink/GCSserialcontrol.cpp in GCSMAVLINK::handleserialcontrol...

5.7AI score0.00482EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/07/02 12:0 a.m.40 views

CVE-2026-38971

ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCSMAVLink/GCSserialcontrol.cpp in GCSMAVLINK::handleserialcontrol...

0.00482EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55304

Name of the Vulnerable Software and Affected Versions ardupilot versions prior to Plane-4.6.4 Description An out-of-bounds read issue exists in the GCS MAVLINK::handle serial control function within the libraries/GCS MAVLink/GCS serial control.cpp file. An out-of-bounds read occurs when a program...

9.1CVSS6.1AI score0.00482EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.6 views

CVE-2026-1579

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...

9.8CVSS5.9AI score0.00926EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/31 9:31 p.m.11 views

EUVD-2026-17614

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...

9.8CVSS5.9AI score0.00926EPSS
Exploits0References5
NVD
NVD
added 2026/03/31 9:16 p.m.7 views

CVE-2026-1579

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...

9.8CVSS0.00926EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/31 8:20 p.m.2 views

CVE-2026-1579 PX4 Autopilot Missing authentication for critical function

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...

9.8CVSS5.9AI score0.00926EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/31 8:20 p.m.28 views

CVE-2026-1579 PX4 Autopilot Missing authentication for critical function

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...

9.8CVSS0.00926EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.6 views

CVE-2026-32724

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...

5.3CVSS5.8AI score0.00251EPSS
Exploits1References1
NVD
NVD
added 2026/03/16 2:19 p.m.10 views

CVE-2026-32724

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...

5.3CVSS0.00251EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

PX4-Autopilot 资源管理错误漏洞

PX4-Autopilot is an open-source drone autopilot system developed by PX4. Versions prior to PX4-Autopilot 1.17.0-rc1 contained a resource management vulnerability. This vulnerability stemmed from the use of reusing objects after their release in the MavlinkShell::available function, which could...

5.3CVSS5.8AI score0.00251EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 9:39 p.m.5 views

CVE-2026-32724

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...

5.3CVSS5.8AI score0.00251EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/13 9:39 p.m.33 views

CVE-2026-32724 PX4 autopilot has a heap Use-After-Free in MavlinkShell::available() via SERIAL_CONTROL Race Condition

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...

5.3CVSS0.00251EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/13 9:39 p.m.2 views

CVE-2026-32724 PX4 autopilot has a heap Use-After-Free in MavlinkShell::available() via SERIAL_CONTROL Race Condition

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...

5.3CVSS5.8AI score0.00251EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/13 9:39 p.m.5 views

EUVD-2026-12179

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...

5.3CVSS5.8AI score0.00251EPSS
Exploits1References1
OSV
OSV
added 2026/03/13 9:39 p.m.5 views

CVE-2026-32724 PX4 autopilot has a heap Use-After-Free in MavlinkShell::available() via SERIAL_CONTROL Race Condition

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...

5.3CVSS5.8AI score0.00251EPSS
Exploits1References3
Rows per page
Query Builder