CVE Tools

dronecode

ICS / OT / IoToss-project

10

Cumulative CVEs

1

Monthly snapshots

#115

Peak rank

Top products

px4 drone autopilot10

Latest CVEs

The 15 most recently published vulnerabilities affecting dronecode.

CVE-2026-32743PX4 Autopilot: Stack-based Buffer Overflow via Oversized Path Input in MAVLink Log Request Handling6.5Mar 18, 2026
CVE-2026-32724PX4 autopilot has a heap Use-After-Free in MavlinkShell::available() via SERIAL_CONTROL Race Condition5.3Mar 13, 2026
CVE-2026-32713PX4 Autopilot MAVLink FTP Session Validation Logic Error Allows Operations on Invalid File Descriptors4.3Mar 13, 2026
CVE-2026-32709PX4 Autopilot MAVLink FTP Unauthenticated Path Traversal (Arbitrary File Read/Write/Delete)5.4Mar 13, 2026
CVE-2026-32708Zenoh uORB Subscriber Allows Arbitrary Stack Allocation (PX4/PX4-Autopilot)7.8Mar 13, 2026
CVE-2026-32707PX4 autopilot has a stack buffer overflow in tattu_can due to unbounded memcpy in frame assembly loop5.2Mar 13, 2026
CVE-2026-32706PX4 autopilot has a global buffer overflow in crsf_rc via oversized variable-length known packet7.1Mar 13, 2026
CVE-2026-32705PX4 autopilot BST Device Name Length Can Overflow Driver Buffer6.8Mar 13, 2026
CVE-2026-26742PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground sc...8.1Mar 10, 2026
CVE-2026-26741PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state (after landin...8.1Mar 10, 2026
CVE-2025-15150PX4 PX4-Autopilot mavlink_log_handler.cpp log_entry_from_id stack-based overflow5.3Dec 28, 2025
CVE-2024-40427Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers to execute commands to exploit this vulnerability and cause the program to refuse to execute7.9Jan 7, 2025
CVE-2024-38952PX4-Autopilot v1.14.3 was discovered to contain a buffer overflow via the topic_name parameter at /logger/logged_topics.cpp.7.5Jun 25, 2024
CVE-2024-38951A buffer overflow in PX4-Autopilot v1.12.3 allows attackers to cause a Denial of Service (DoS) via a crafted MavLink message.6.5Jun 25, 2024
CVE-2024-30800PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function.5.6Apr 23, 2024