Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drone vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-50121
Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS).
Autelrobotics Evo Nano Drone Firmware 1.6.5
7.8
CVSSv2
CVE-2019-3944
Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing remote and unauthenticated malicious users to disconnect drone from controller during mid-flight.
Parrot Anafi Firmware
NA
CVE-2024-30800
PX4 Autopilot v.1.14 allows an malicious user to fly the drone into no-fly zones by breaching the geofence using flaws in the function.
NA
CVE-2023-47335
Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows malicious users to breach the geo-fence and fly into no-fly zones.
Autelrobotics Evo Nano Drone Firmware 1.6.5
NA
CVE-2024-29460
An issue in PX4 Autopilot v.1.14.0 allows an malicious user to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component.
NA
CVE-2023-6951
A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote malicious user to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the malicious user to...
NA
CVE-2024-33844
The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows malicious user to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.
1 Github repository
NA
CVE-2023-6949
A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an malicious user to enumerate and download videos and pictures saved on the drone internal or external memory without requiring...
NA
CVE-2023-29156
DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection. An attacker can exploit this vulnerability by injecting, at the right times, spoofed Open Drone ID (ODID) messages which force the DroneScout ...
Bluemark Dronescout Ds230 Firmware
NA
CVE-2023-40034
Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is configured for public usage and c...
Woodpecker-ci Woodpecker
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »