The DIVD CSIRT…
… supports the Dutch Institute for Vulnerability Disclosure, in its mission “…to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them. We have a global reach, but do it Dutch style: open, honest, collaborative, and for free.”
The CSIRT handles the scanning for and disclosing of vulnerabilities, either discovered by DIVD researchers or third parties and warning people for leaked credentials and operates our CVE Numbering Authoristy (CNA) capability.
Our blog
Last 10 posts …
- 07-05-2025 - Full disclosure DIVD-2021-00020.
- 14-04-2025 - SicommNet BASEC product warning.
- 09-01-2025 - Wilco van Beijnum and Harm van den Brink found 17 vulnerabilities in Iocharger EV chargers. 16 fixed, 1 unfixed..
- 12-08-2024 - Research of Wietse Boonstra and Hidde Smit featured in Follow the Money and at EenVandaag.
- 30-05-2024 - DIVD CSIRT performs victim notification for Operation Endgame.
- 25-04-2024 - DIVD CSIRT Congratulates Project Melissa.
- 10-07-2023 - Limited disclosure of 6 vulnerabilities in OSNexus Quantastor.
- 24-02-2023 - DIVD’s response regard the involvement of a DIVD volunteer in a major data theft case.
- 18-01-2023 - Fox-IT and DIVD cooperate to warn owners of vulnerable Citrix servers.
- 14-12-2022 - Fortinet sslvpnd vulnerability - update.
gantt
title Cases currently open or recently closed
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software (516 days) :2023-02-21, 2024-07-21
DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS (683 days) :2022-09-08, 2024-07-22
DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server (524 days) :2023-02-14, 2024-07-22
DIVD-2023-00028 - SQL Injection in MOVEit Transfer - CVE-2023-36934 (382 days) :2023-07-06, 2024-07-22
DIVD-2023-00039 - VMware vCenter Server RCE (271 days) :2023-10-25, 2024-07-22
DIVD-2024-00004 - 2024-00004 Global NGOs (544 days) :2023-10-04, 2025-03-31
DIVD-2024-00011 - Six vulnerabilities in Enphase IQ Gateway devices (open) :2024-04-11, 2025-07-05
DIVD-2024-00014 - Qlik Sense Remote Code Execution (75 days) :2024-04-19, 2024-07-03
DIVD-2024-00016 - Command injection vulnerabilities in QNAP devices (174 days) :2024-04-30, 2024-10-21
DIVD-2024-00018 - Out-Of-Bounds memory read vulnerability in Citrix Netscaler and Gateway (66 days) :2024-05-08, 2024-07-13
DIVD-2024-00019 - Victim Notification Operation Endgame (open) :2024-05-30, 2025-07-05
DIVD-2024-00020 - Authentication Bypass in GitHub Enterprise Server (GHES) (24 days) :2024-05-27, 2024-06-20
DIVD-2024-00021 - Local File Inclusion in Check Point Security Gateway software (47 days) :2024-05-30, 2024-07-16
DIVD-2024-00022 - Millions of credentials scraped from Telegram (225 days) :2024-06-04, 2025-01-15
DIVD-2024-00023 - Authentication Bypass Vulnerability in Progress Telerik Report Server (39 days) :2024-06-04, 2024-07-13
DIVD-2024-00024 - Multiple vulnerabilities found in the SOPlanning tool (140 days) :2024-05-29, 2024-10-16
DIVD-2024-00025 - QNAP - OS command injection as Admin user possible via quick.cgi (118 days) :2024-06-07, 2024-10-03
DIVD-2024-00026 - Unauthenticated RCE in Rejetto HTTP File Server (33 days) :2024-06-10, 2024-07-13
DIVD-2024-00028 - Local File Inclusion in SolarWinds U-Serv (118 days) :2024-06-21, 2024-10-17
DIVD-2024-00029 - VMware vCenter Server multiple heap-overflow vulnerabilities (46 days) :2024-06-21, 2024-08-06
DIVD-2024-00030 - Zyxel NAS - unauthenticated OS command injection (101 days) :2024-06-24, 2024-10-03
DIVD-2024-00031 - Unauthenticated Local File Inclusion vulnerability in ComfortKey (205 days) :2024-08-05, 2025-02-26
DIVD-2024-00032 - Unauthenticated Remote Code Execution (RCE) vulnerability in Geoserver (73 days) :2024-07-03, 2024-09-14
DIVD-2024-00033 - ServiceNow - unauthenticated remote code execution (RCE) (67 days) :2024-07-13, 2024-09-18
DIVD-2024-00035 - 17 vulnerabilities in Iocharger devices (open) :2024-08-13, 2025-07-05
DIVD-2024-00038 - Remote Code Execution CUPS (98 days) :2024-10-17, 2025-01-23
DIVD-2024-00039 - Incorrect authorization vulnerability in Apache OFBiz resulting in RCE (64 days) :2024-09-29, 2024-12-02
DIVD-2024-00040 - Zimbra Collaboration (ZCS) vulnerable for RCE under specific conditions (62 days) :2024-09-25, 2024-11-26
DIVD-2024-00041 - Progress Software WhatsUp Gold SQL Injection Authentication Bypass (49 days) :2024-09-24, 2024-11-12
DIVD-2024-00042 - Multiple critical vulnerabilities in Solarwinds Web Help Desk (57 days) :2024-09-24, 2024-11-20
DIVD-2024-00043 - CyberAudit-Web - SSRF and Authentication bypass CVEs Registered (214 days) :2024-10-22, 2025-05-24
DIVD-2024-00044 - Missing authentication in Fortinet FortiManager fgfmsd (167 days) :2024-10-24, 2025-04-09
DIVD-2024-00045 - SysAid ITSM SQL Injection vulnerability (84 days) :2024-10-30, 2025-01-22
DIVD-2024-00046 - Multiple critical vulnerablilties in Ivanti Cloud Services Appliance (CSA) (104 days) :2024-09-24, 2025-01-06
DIVD-2024-00047 - Multiple critical vulnerablilties in Palo Alto Networks PAN-OS devices (56 days) :2024-11-11, 2025-01-06
DIVD-2024-00048 - VMware vCenter Server heap-overflow and remote code execution vulnerabilities (108 days) :2024-11-22, 2025-03-10
DIVD-2024-00049 - Vulnerabilities in D-Link NAS Backdoor and Command Injection Exploits (128 days) :2024-12-02, 2025-04-09
DIVD-2024-00050 - Path traversal vulnerabilty in Mitel MiCollab (60 days) :2024-12-05, 2025-02-03
DIVD-2024-00051 - Improper authorization vulnerabilty in ProjectSend, (open) :2024-12-09, 2025-07-05
DIVD-2024-00052 - Remote code execution in Cleo Harmony, VLCTrader and LexiCom (57 days) :2024-12-10, 2025-02-05
DIVD-2025-00001 - Multiple vulnerabilities in Sicomm BASEC Service (open) :2025-01-01, 2025-07-05
DIVD-2025-00002 - Authentication bypass in SonicWall SSL-VPN service (121 days) :2025-01-09, 2025-05-10
DIVD-2025-00003 - Multiple vulnerabilities in Mennekes Smart / Premium Charging stations (open) :2024-09-12, 2025-07-05
DIVD-2025-00004 - Authentication Bypass in PAN-OS Management Web Interface (73 days) :2025-02-20, 2025-05-04
DIVD-2025-00005 - Exposed Automated Tank Gauge Systems (open) :2024-12-15, 2025-07-05
DIVD-2025-00006 - Next.js Middleware Authorization Bypass (open) :2025-03-21, 2025-07-05
DIVD-2025-00007 - Authentication bypass in CrushFTP service (40 days) :2025-03-29, 2025-05-08
DIVD-2025-00010 - Stack-based buffer overflow in Ivanti Connect Secure (61 days) :2025-04-04, 2025-06-04
DIVD-2025-00016 - Unauthenticated Remote Code Execution in Ingress-Nginx. (open) :2025-05-06, 2025-07-05
DIVD-2025-00017 - Authentication Bypass and Remote Code Execution in Ivanti EPMM (20 days) :2025-05-14, 2025-06-03
DIVD-2025-00018 - Victim Notification Operation Endgame 2.0 (open) :2025-05-22, 2025-07-05
DIVD-2025-00019 - Unauthenticated file upload in Visual Composer (VCFRAMEWORK) (open) :2025-05-20, 2025-07-05
Open cases
- DIVD-2025-00019 - Unauthenticated file upload in Visual Composer (VCFRAMEWORK)
- DIVD-2025-00018 - Victim Notification Operation Endgame 2.0
- DIVD-2025-00016 - Unauthenticated Remote Code Execution in Ingress-Nginx.
- DIVD-2025-00006 - Next.js Middleware Authorization Bypass
- DIVD-2025-00005 - Exposed Automated Tank Gauge Systems
- DIVD-2025-00003 - Multiple vulnerabilities in Mennekes Smart / Premium Charging stations
- DIVD-2025-00001 - Multiple vulnerabilities in Sicomm BASEC Service
- DIVD-2024-00051 - Improper authorization vulnerabilty in ProjectSend,
- DIVD-2024-00035 - 17 vulnerabilities in Iocharger devices
- DIVD-2024-00019 - Victim Notification Operation Endgame
- DIVD-2024-00011 - Six vulnerabilities in Enphase IQ Gateway devices
Some statistics
Year | # of cases | # of vulnerable IPs notified | # of leaked credentials notified | # of cves assigned/requested |
---|---|---|---|---|
2020 | 14 | 58,358 | 386 | 0 |
2021 | 25 | 99,006 | 5,000,100 | 24 |
2022 | 42 | 297,472 | 0 | 19 |
2023 | 37 | 375,531 | 0 | 15 |
2024 | 45 | 508,939 | 1,218,000,000 | 28 |
2025 | 12 | 12,320 | 12,617 | 10 |