# [HIGH] Using the Snyk Vulnerability Database to find projects for The Big Fix

**Source:** Snyk
**Published:** 2022-03-30
**Article:** https://snyk.io/blog/the-big-fix-snyk-vulnerability-database/

## Threat Profile

Snyk Blog In this article
Written by DeveloperSteve Coochin 
March 30, 2022
0 mins read As developers, we all have our morning startup routine: make coffee, check Slack/Discord/email, read the latest news. One thing I do as part of my daily startup routine is check the Snyk Vulnerability Database for the latest open source vulnerabilities.
It's been especially interesting to see the types of exploits and vulnerabilities that appear in different ecosystems. I’ve been watching the emergence of vul…

## Indicators of Compromise (high-fidelity only)

- **CVE:** `CVE-2014-2570`

## MITRE ATT&CK Techniques

- **T1190** — Exploit Public-Facing Application

## Kill chain phases observed

_(none detected from narrative keywords)_

## Recommended hunts

### IOC-driven hunts (use shared templates)

These are standard IOC-substitution hunts — the canonical SPL and KQL live once in [`_TEMPLATES.md`](../_TEMPLATES.md), so we don't repeat the same boilerplate on every CVE / hash / network-IOC briefing.

- **Asset exposure — vulnerability matches article CVE(s)** ([template](../_TEMPLATES.md#asset-exposure)) — phase: **recon**, confidence: **High**
  - CVE(s): `CVE-2014-2570`


## Why this matters

Severity classified as **HIGH** based on: CVE present, 1 use case(s) fired, 1 technique(s) inferred. Read the full article for actor attribution, tooling details, and any defanged IOCs in the body that aren't visible in the RSS summary.