THREAT ALERT

ACT NOW CVE-2024-20353 8.6 Cisco ASA and FTD management and VPN web servers contain a vulnerability causing device reload through incomplete error checking, exploited alongside CVE-2024-20359 by state-sponsored actors in the 'ArcaneDoor' campaign. | EMERGENCY CVE-2024-3400 10.0 Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection via arbitrary file creation (CVSS 10.0) allowing unauthenticated root-level RCE, triggering an emergency patching directive from CISA in April 2024. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — May 03, 2024

12 CVEs tracked today. 0 Critical, 11 High, 1 Medium, 0 Low.

CVE-2023-50186 HIGH CVSS 8.8
A stack-based buffer overflow vulnerability exists in GStreamer's AV1 video parsing functionality that allows remote attackers to execute arbitrary code when processing specially crafted AV1 video files. The vulnerability affects all versions of GStreamer prior to the patched release and requires user interaction to exploit, though attack vectors may vary depending on implementation. With an EPSS score of 9.18% (93rd percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild, though it is not currently listed in CISA's KEV catalog.

RCE Buffer Overflow Gstreamer
CVE-2023-44446 HIGH CVSS 8.8
A use-after-free vulnerability in GStreamer's MXF (Material Exchange Format) video file parser allows remote attackers to execute arbitrary code when processing specially crafted MXF files. The vulnerability affects all GStreamer installations and requires user interaction such as opening a malicious video file, with an EPSS score of 4.17% indicating moderate real-world exploitation likelihood. While not currently in CISA's KEV catalog, the vulnerability has a patch available and was discovered through responsible disclosure by the Zero Day Initiative.

RCE Gstreamer
CVE-2023-44429 HIGH CVSS 8.8
A heap-based buffer overflow vulnerability exists in GStreamer's AV1 codec parsing functionality that allows remote attackers to execute arbitrary code. The vulnerability affects all versions of GStreamer prior to the patched release and requires user interaction to exploit, such as opening a malicious AV1 video file. With a CVSS score of 8.8 and patches available since the disclosure, this represents a high-risk vulnerability for applications using GStreamer for media processing.

RCE Buffer Overflow Gstreamer
CVE-2023-40476 HIGH CVSS 8.8
A stack-based buffer overflow vulnerability in GStreamer's H265 video parsing functionality allows remote attackers to execute arbitrary code when processing maliciously crafted H265 encoded video files. The vulnerability affects all GStreamer installations and requires user interaction (such as opening a malicious video file) but can lead to full system compromise in the context of the running application. With an EPSS score of 6.22% (91st percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild, and patches are available from the vendor.

RCE Buffer Overflow Gstreamer
CVE-2023-40475 HIGH CVSS 8.8
A critical integer overflow vulnerability in GStreamer's MXF (Material Exchange Format) video file parser allows remote attackers to execute arbitrary code on affected systems. The vulnerability affects all versions of GStreamer prior to the patched releases and requires user interaction (opening a malicious MXF file) to exploit, with an EPSS score of 4.28% indicating moderate real-world exploitation likelihood. While not currently listed in CISA's Known Exploited Vulnerabilities catalog, the vulnerability has a high CVSS score of 8.8 and patches are available from the vendor.

RCE Gstreamer
CVE-2023-40474 HIGH CVSS 8.8
A critical integer overflow vulnerability in GStreamer's MXF (Material eXchange Format) video file parser allows remote attackers to execute arbitrary code when processing specially crafted media files. The vulnerability affects all versions of GStreamer prior to the patched releases and requires user interaction (such as opening a malicious video file) to exploit, with an EPSS score of 6.53% indicating moderate real-world exploitation likelihood. While not currently listed in CISA's KEV catalog, the vulnerability has a high CVSS score of 8.8 and patches are available from the vendor.

RCE Gstreamer
CVE-2023-38104 HIGH CVSS 8.8
An integer overflow vulnerability in GStreamer's RealMedia file parsing functionality allows remote attackers to execute arbitrary code when processing malicious MDPR chunks. The vulnerability affects GStreamer version 1.22.3 and potentially earlier versions, requiring user interaction to trigger but potentially exploitable through various attack vectors depending on implementation. With an EPSS score of 4.97% (90th percentile), this vulnerability poses a significant exploitation risk and has patches available from the vendor.

RCE Gstreamer
CVE-2023-38103 HIGH CVSS 8.8
A critical integer overflow vulnerability exists in GStreamer's RealMedia file parser that allows remote code execution when processing specially crafted MDPR chunks. The vulnerability affects GStreamer version 1.22.3 and potentially earlier versions, enabling attackers to execute arbitrary code in the context of the current process through maliciously crafted RealMedia files. With an EPSS score of 4.54% (89th percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild, though it requires user interaction to trigger.

RCE Gstreamer
CVE-2023-37329 HIGH CVSS 8.8
A heap-based buffer overflow vulnerability in GStreamer's SRT subtitle file parsing functionality allows remote attackers to execute arbitrary code when processing maliciously crafted SRT files. The vulnerability affects all versions of GStreamer and requires user interaction (such as opening a malicious subtitle file), making it particularly dangerous for media players and applications that use GStreamer for subtitle processing. With an EPSS score of 4.74% (89th percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild.

RCE Buffer Overflow Gstreamer
CVE-2023-37328 HIGH CVSS 8.8
A heap-based buffer overflow vulnerability in GStreamer's PGS (Presentation Graphic Stream) subtitle file parser allows remote attackers to execute arbitrary code when processing malicious subtitle files. The vulnerability affects all GStreamer installations and requires user interaction to exploit, typically by opening a media file with crafted PGS subtitles. With an EPSS score of 7.71% (92nd percentile), this vulnerability represents a significant exploitation risk in the wild.

RCE Buffer Overflow Gstreamer
CVE-2023-37327 HIGH CVSS 8.8
A critical integer overflow vulnerability in GStreamer's FLAC file parsing functionality allows remote attackers to execute arbitrary code when processing malicious FLAC audio files. The vulnerability affects all versions of GStreamer prior to the patched release and requires user interaction (opening/processing a malicious file) to exploit. With an EPSS score of 5.34% (90th percentile), this vulnerability poses a significant real-world risk, though no active exploitation has been reported in KEV.

RCE Gstreamer
CVE-2023-50224 MEDIUM CVSS 6.5
TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability.

Today's Vulnerabilities Vulnerabilities