Skip to main content
CVE-2024-47544 HIGH PATCH This Week

A null pointer dereference vulnerability exists in the GStreamer multimedia framework's qtdemux_parse_sbgp function, allowing remote attackers to cause denial of service through crafted media files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered without authentication when processing malicious QuickTime/MP4 files. With an EPSS score of 0.10% and no known KEV listing, this represents a moderate stability risk primarily relevant for applications processing untrusted media content.

Denial Of Service Null Pointer Dereference Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47778 HIGH PATCH This Week

An out-of-bounds read vulnerability exists in GStreamer's WAV parser that allows remote attackers to read up to 4GB of process memory or cause a denial of service through crashes. The vulnerability affects GStreamer versions prior to 1.24.10 and requires no authentication to exploit over the network. With an EPSS score of only 0.08%, real-world exploitation appears limited, and no known proof-of-concept or active exploitation has been reported.

Information Disclosure Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47543 HIGH PATCH This Week

An out-of-bounds read vulnerability exists in GStreamer's QuickTime demuxer (qtdemux.c) that allows attackers to read up to 4GB of process memory or trigger a denial of service via crafted media files. GStreamer versions prior to 1.24.10 are affected. With an EPSS score of only 0.08% (24th percentile), active exploitation appears unlikely despite the network-accessible attack vector and lack of required privileges.

Buffer Overflow Information Disclosure Denial Of Service Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47835 HIGH PATCH This Week

A null pointer dereference vulnerability in GStreamer's subtitle parsing functionality allows remote attackers to crash applications processing malformed LRC (lyric) files. The vulnerability affects GStreamer versions prior to 1.24.10 and can be triggered when parsing subtitle files missing expected ']' characters, resulting in denial of service. With a relatively low EPSS score of 0.08% and no known active exploitation, this represents a moderate risk primarily to media applications using GStreamer for subtitle processing.

Denial Of Service Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47602 HIGH PATCH This Week

A null pointer dereference vulnerability in GStreamer's Matroska demuxer can cause application crashes when processing specially crafted media files. The vulnerability affects GStreamer versions prior to 1.24.10 and allows remote attackers to trigger denial of service without authentication. With an EPSS score of only 0.08% and no known active exploitation or public proof-of-concept, this represents a moderate-priority denial of service issue rather than a critical security emergency.

Denial Of Service Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47596 HIGH PATCH This Week

An out-of-bounds read vulnerability in GStreamer's QuickTime demuxer allows remote attackers to read up to 4GB of process memory or crash the application when processing malformed media files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered without authentication by supplying specially crafted QuickTime files. While not currently in CISA's Known Exploited Vulnerabilities catalog, the low EPSS score of 0.08% suggests limited exploitation in the wild despite the availability of detailed technical advisories.

Information Disclosure Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47599 HIGH PATCH This Week

A null pointer dereference vulnerability in GStreamer's JPEG decoder component allows remote attackers to cause a denial of service by triggering a segmentation fault when processing specially crafted media content. The vulnerability affects GStreamer versions prior to 1.24.10 and has a low exploitation probability (EPSS 0.07%) with no known active exploitation in the wild. While the CVSS score is high (7.5), the impact is limited to availability only, making this a medium-priority issue for most organizations.

Denial Of Service Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-54119 HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54117 HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-54116 HIGH This Week

Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54115 HIGH This Week

Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54114 HIGH This Week

Out-of-bounds access vulnerability in playback in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54113 HIGH This Week

Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect power consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-54112 HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54111 HIGH This Week

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-54110 HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-54109 HIGH This Week

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-54108 HIGH This Week

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54107 HIGH This Week

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54106 HIGH This Week

Null pointer dereference vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-54105 HIGH This Week

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54104 HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54103 HIGH This Week

Vulnerability of improper access control in the album module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54100 HIGH This Week

Vulnerability of improper access control in the secure input module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54098 HIGH This Week

Service logic error vulnerability in the system service module Impact: Successful exploitation of this vulnerability may affect service integrity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54097 HIGH This Week

Security vulnerability in the HiView module Impact: Successful exploitation of this vulnerability may affect feature implementation and integrity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-12172 HIGH This Week

The WP Courses LMS - Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-49129 HIGH This Week

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-49121 HIGH This Week

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2024-49113 HIGH This Week

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
7.5
EPSS
83.6%
CVE-2024-49096 HIGH This Week

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2024-49075 HIGH This Week

Windows Remote Desktop Services Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +7
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2024-37401 HIGH This Week

An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Denial Of Service Connect Secure +1
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2024-37377 HIGH This Week

A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ivanti Denial Of Service Memory Corruption Connect Secure +1
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2024-12397 HIGH PATCH This Week

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Request Smuggling
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2024-49070 HIGH This Week

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Deserialization RCE Microsoft Sharepoint Server
NVD
CVSS 3.1
7.4
EPSS
2.2%
CVE-2024-10910 HIGH This Week

The The Grid Plus - Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via grid_plus_load_by_category AJAX action in all versions up to, and including, 1.3.5. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection WordPress RCE
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2024-49107 HIGH This Week

WmsRepair Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.3
EPSS
1.8%
CVE-2024-43594 HIGH This Week

Microsoft System Center Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft System Center 2019 System Center 2022 System Center 2025
NVD
CVSS 3.1
7.3
EPSS
1.7%
CVE-2024-49091 HIGH This Week

Windows Domain Name Service Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +3
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-49089 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +14
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2024-54528 HIGH This Week

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-44245 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Ipados Iphone Os +2
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-55888 HIGH This Week

Hush Line is an open-source whistleblower management system. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-55633 HIGH PATCH This Week

Improper Authorization vulnerability in Apache Superset. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache PostgreSQL Superset
NVD
CVSS 4.0
7.1
EPSS
2.6%
CVE-2024-54099 HIGH This Week

File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-10043 LOW POC Monitor

An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab Information Disclosure
NVD
CVSS 3.1
3.1
EPSS
0.4%
CVE-2024-49097 HIGH This Week

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Use After Free Information Disclosure Microsoft Memory Corruption Windows 10 1809 +9
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2024-49095 HIGH This Week

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +7
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2024-49084 HIGH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.0
EPSS
0.4%
Prev Page 4 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy