Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-36694	[opencart/opencart] Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability Description: Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xrh7-2gfq-4rcq. This link is maintained to preserve external references. Original Description OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function. References https://nvd.nist.gov/vuln/detail/CVE-2024-36694 https://github.com/opencart/opencart/issues/13863 https://github.com/A3h1nt/CVEs/blob/main/OpenCart/Readme.md https://github.com/opencart/opencart/releases/tag/4.0.2.3 https://medium.com/@pawarit.sanguanpang/opencart-v4-0-2-3-server-side-template-injection-0b173a3bdcf9 https://github.com/advisories/GHSA-j2v2-3784-vr44 EPSS Score: 0.05% Source: Github Advisory Database (Composer) December 19th, 2024 (6 months ago)
	BitView - 63,127 breached accounts Description: In December 2024, the video sharing Community BitView suffered a data breach that exposed 63k customer records. Attributed to a backup taken by a previous administrator earlier in the year, the breach exposed email and IP addresses, bcrypt password hashes, usernames, bios, private messages, video comments and for some records, gender, date of birth and country of location. Source: HaveIBeenPwnedLatestBreaches December 19th, 2024 (6 months ago)
	CISA Releases Draft of National Cyber Incident Response Plan Description: The draft of the long-awaited update to the NCIRP outlines the efforts, mechanisms, involved parties, and decisions the US government will use in response to a large-scale cyber incident. Source: Dark Reading December 19th, 2024 (6 months ago)
	India Sees Surge in API Attacks, Especially in Banking, Utilities Description: The number of DDoS-related incidents targeting APIs have jumped by 30x compared with traditional Web assets, suggesting that attackers see the growing API landscape as the more attractive target. Source: Dark Reading December 19th, 2024 (6 months ago)
CVE-2024-56319	In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before e3277eb, unlimited user label appends in a userlabel cluster can lead to a... Description: In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before e3277eb, unlimited user label appends in a userlabel cluster can lead to a denial of service (resource exhaustion). EPSS Score: 0.05% Source: CVE December 19th, 2024 (6 months ago)
CVE-2024-56175	In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific... Description: In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names. EPSS Score: 0.04% Source: CVE December 19th, 2024 (6 months ago)
CVE-2024-56174	In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific... Description: In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history. EPSS Score: 0.04% Source: CVE December 19th, 2024 (6 months ago)
CVE-2024-56173	In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific... Description: In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document. EPSS Score: 0.04% Source: CVE December 19th, 2024 (6 months ago)
CVE-2024-56170	A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are... Description: A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, the most recent version of a manifest should be prioritized over other versions, to prevent replays, accidental or otherwise. Manifests contain the manifestNumber and thisUpdate fields, which can be used to gauge the relevance of a given manifest, when compared to other manifests. The former is a serial-like sequential number, and the latter is the date on which the manifest was created. However, the product does not compare the up-to-dateness of the most recently fetched manifest against the cached manifest. As such, it's prone to a rollback to a previous version if it's served a valid outdated manifest. This leads to outdated route origin validation. EPSS Score: 0.04% Source: CVE December 19th, 2024 (6 months ago)
CVE-2024-56169	A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties (such as Fort) are supposed to maintain a... Description: A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties (such as Fort) are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields incorrect files. However, the product currently uses its cache merely as a bandwidth saving tool (because fetching is performed through deltas). If a fetch fails midway or yields incorrect files, there is no viable fallback. This leads to incomplete route origin validation data. EPSS Score: 0.04% Source: CVE December 19th, 2024 (6 months ago)