Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drone vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-46256
PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a he...
Dronecode Px4 Drone Autopilot 1.14.0
Dronecode Px4 Drone Autopilot
8.2
CVSSv3
CVE-2024-22520
An issue discovered in Dronetag Drone Scanner 1.5.2 allows malicious users to impersonate other drones via transmission of crafted data packets.
Dronetag Drone Scanner 1.5.2
1 Github repository
7.5
CVSSv3
CVE-2021-46896
Buffer Overflow vulnerability in PX4-Autopilot allows malicious users to cause a denial of service via handler function handling msgid 332.
Dronecode Px4 Drone Autopilot -
4.2
CVSSv3
CVE-2024-24254
PX4 Autopilot 1.14 and previous versions, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofences and mission ...
Dronecode Px4 Drone Autopilot
4.2
CVSSv3
CVE-2024-24255
A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.14 and previous versions allows malicious users to send drones on unintended missions.
Dronecode Px4 Drone Autopilot
4.3
CVSSv3
CVE-2023-47625
PX4 autopilot is a flight control solution for drones. In affected versions a global buffer overflow vulnerability exists in the CrsfParser_TryParseCrsfPacket function in /src/drivers/rc/crsf_rc/CrsfParser.cpp:298 due to the invalid size check. A malicious user may create an RC p...
Dronecode Px4 Drone Autopilot 1.14.0
7.5
CVSSv3
CVE-2021-34125
An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow malicious user to gain access to sensitive information via various nuttx commands.
Dronecode Px4 Drone Autopilot
Yuneec Mantis Q Firmware -
8.1
CVSSv3
CVE-2017-3209
The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. The DBPower U818A WIFI quadcopter drone runs an FTP server that by default allows anonymous access without a password, and provides...
Dbpower U818a Firmware -
7.5
CVSSv3
CVE-2022-29945
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.
Dji Mavic 3 Firmware -
Dji Rc Pro Firmware -
Dji Air 2s Firmware -
Dji Air 2 Firmware -
Dji Mini 2 Firmware -
Dji Mini Se Firmware -
Dji Fpv Firmware -
Dji Fhantom 4 Pro Firmware -
Dji Inspire 2 Firmware -
Dji Zenmuse X7 Firmware -
Dji Zenmuse X5s Firmware -
9.8
CVSSv3
CVE-2022-40918
Buffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 Discovery Wifi U818A HD+ FPV Drone allows malicious user to gain remote code execution as root user via a specially crafted UDP packet. Please update the Reference section to these links > http://thiscomput...
Force1rc Discovery Wifi U818a Hd\\+ Fpv Firmware 2.0.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »