Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-36694

Description: Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xrh7-2gfq-4rcq. This link is maintained to preserve external references. Original Description OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function. References https://nvd.nist.gov/vuln/detail/CVE-2024-36694 https://github.com/opencart/opencart/issues/13863 https://github.com/A3h1nt/CVEs/blob/main/OpenCart/Readme.md https://github.com/opencart/opencart/releases/tag/4.0.2.3 https://medium.com/@pawarit.sanguanpang/opencart-v4-0-2-3-server-side-template-injection-0b173a3bdcf9 https://github.com/advisories/GHSA-j2v2-3784-vr44

EPSS Score: 0.05%

Source: Github Advisory Database (Composer)
December 19th, 2024 (6 months ago)
Description: In December 2024, the video sharing Community BitView suffered a data breach that exposed 63k customer records. Attributed to a backup taken by a previous administrator earlier in the year, the breach exposed email and IP addresses, bcrypt password hashes, usernames, bios, private messages, video comments and for some records, gender, date of birth and country of location.
Source: HaveIBeenPwnedLatestBreaches
December 19th, 2024 (6 months ago)
Description: The draft of the long-awaited update to the NCIRP outlines the efforts, mechanisms, involved parties, and decisions the US government will use in response to a large-scale cyber incident.
Source: Dark Reading
December 19th, 2024 (6 months ago)
Description: The number of DDoS-related incidents targeting APIs have jumped by 30x compared with traditional Web assets, suggesting that attackers see the growing API landscape as the more attractive target.
Source: Dark Reading
December 19th, 2024 (6 months ago)

CVE-2024-56319

Description: In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before e3277eb, unlimited user label appends in a userlabel cluster can lead to a denial of service (resource exhaustion).

EPSS Score: 0.05%

Source: CVE
December 19th, 2024 (6 months ago)

CVE-2024-56175

Description: In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names.

EPSS Score: 0.04%

Source: CVE
December 19th, 2024 (6 months ago)

CVE-2024-56174

Description: In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history.

EPSS Score: 0.04%

Source: CVE
December 19th, 2024 (6 months ago)

CVE-2024-56173

Description: In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document.

EPSS Score: 0.04%

Source: CVE
December 19th, 2024 (6 months ago)

CVE-2024-56170

Description: A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, the most recent version of a manifest should be prioritized over other versions, to prevent replays, accidental or otherwise. Manifests contain the manifestNumber and thisUpdate fields, which can be used to gauge the relevance of a given manifest, when compared to other manifests. The former is a serial-like sequential number, and the latter is the date on which the manifest was created. However, the product does not compare the up-to-dateness of the most recently fetched manifest against the cached manifest. As such, it's prone to a rollback to a previous version if it's served a valid outdated manifest. This leads to outdated route origin validation.

EPSS Score: 0.04%

Source: CVE
December 19th, 2024 (6 months ago)

CVE-2024-56169

Description: A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties (such as Fort) are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields incorrect files. However, the product currently uses its cache merely as a bandwidth saving tool (because fetching is performed through deltas). If a fetch fails midway or yields incorrect files, there is no viable fallback. This leads to incomplete route origin validation data.

EPSS Score: 0.04%

Source: CVE
December 19th, 2024 (6 months ago)