Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-d26t-ex9d-x3ev
Vulnerability ID VCID-d26t-ex9d-x3ev
Aliases CVE-2024-45491
Summary Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45491.json
epss 0.00596 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00596 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00596 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00596 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00596 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00596 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00596 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00596 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
cvssv3.1 6.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.3 https://github.com/libexpat/libexpat/issues/888
ssvc Track https://github.com/libexpat/libexpat/issues/888
cvssv3.1 7.3 https://github.com/libexpat/libexpat/pull/891
ssvc Track https://github.com/libexpat/libexpat/pull/891
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45491.json
https://api.first.org/data/v1/epss?cve=CVE-2024-45491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45491
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1080150 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080150
2308616 https://bugzilla.redhat.com/show_bug.cgi?id=2308616
888 https://github.com/libexpat/libexpat/issues/888
891 https://github.com/libexpat/libexpat/pull/891
GLSA-202501-09 https://security.gentoo.org/glsa/202501-09
RHSA-2024:10135 https://access.redhat.com/errata/RHSA-2024:10135
RHSA-2024:11109 https://access.redhat.com/errata/RHSA-2024:11109
RHSA-2024:6754 https://access.redhat.com/errata/RHSA-2024:6754
RHSA-2024:6989 https://access.redhat.com/errata/RHSA-2024:6989
RHSA-2024:7213 https://access.redhat.com/errata/RHSA-2024:7213
RHSA-2024:7599 https://access.redhat.com/errata/RHSA-2024:7599
RHSA-2024:8859 https://access.redhat.com/errata/RHSA-2024:8859
RHSA-2024:9610 https://access.redhat.com/errata/RHSA-2024:9610
USN-7000-1 https://usn.ubuntu.com/7000-1/
USN-7000-2 https://usn.ubuntu.com/7000-2/
USN-7001-1 https://usn.ubuntu.com/7001-1/
USN-7001-2 https://usn.ubuntu.com/7001-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45491.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/libexpat/libexpat/issues/888
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-30T13:53:48Z/ Found at https://github.com/libexpat/libexpat/issues/888
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/libexpat/libexpat/pull/891
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-30T13:53:48Z/ Found at https://github.com/libexpat/libexpat/pull/891
Exploit Prediction Scoring System (EPSS)
Percentile 0.69293
EPSS Score 0.00596
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:02:53.358294+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202501-09 38.0.0