DIVD CSIRT

gantt title Cases currently open or recently closed dateFormat YYYY-MM-DD axisFormat %e %b %Y DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software (516 days) :2023-02-21, 2024-07-21 DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS (683 days) :2022-09-08, 2024-07-22 DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server (524 days) :2023-02-14, 2024-07-22 DIVD-2023-00028 - SQL Injection in MOVEit Transfer - CVE-2023-36934 (382 days) :2023-07-06, 2024-07-22 DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series (238 days) :2023-09-11, 2024-05-06 DIVD-2023-00039 - VMware vCenter Server RCE (271 days) :2023-10-25, 2024-07-22 DIVD-2024-00002 - Account takeover vulnerability in Gitlab CE/EE (141 days) :2024-01-12, 2024-06-01 DIVD-2024-00003 - Unauthenticaded Remote Code Execution in CrushFTP (126 days) :2023-12-13, 2024-04-17 DIVD-2024-00004 - 2024-00004 Global NGOs (open) :2023-10-04, 2025-05-14 DIVD-2024-00008 - Authentication Bypass and Remote Code Execution in ConnectWise ScreenConnect (101 days) :2024-02-21, 2024-06-01 DIVD-2024-00010 - Unauthenticated Command Injection In Progress Kemp LoadMaster (34 days) :2024-03-20, 2024-04-23 DIVD-2024-00011 - Six vulnerabilities in Enphase IQ Gateway devices (open) :2024-04-11, 2025-05-14 DIVD-2024-00013 - Palo Alto PAN-OS Command Injection Vulnerability in GlobalProtect (11 days) :2024-04-12, 2024-04-23 DIVD-2024-00014 - Qlik Sense Remote Code Execution (75 days) :2024-04-19, 2024-07-03 DIVD-2024-00015 - Remote Command Execution in CrushFTP (39 days) :2024-04-23, 2024-06-01 DIVD-2024-00016 - Command injection vulnerabilities in QNAP devices (174 days) :2024-04-30, 2024-10-21 DIVD-2024-00018 - Out-Of-Bounds memory read vulnerability in Citrix Netscaler and Gateway (66 days) :2024-05-08, 2024-07-13 DIVD-2024-00019 - Victim Notification Operation Endgame (open) :2024-05-30, 2025-05-14 DIVD-2024-00020 - Authentication Bypass in GitHub Enterprise Server (GHES) (24 days) :2024-05-27, 2024-06-20 DIVD-2024-00021 - Local File Inclusion in Check Point Security Gateway software (47 days) :2024-05-30, 2024-07-16 DIVD-2024-00022 - Millions of credentials scraped from Telegram (225 days) :2024-06-04, 2025-01-15 DIVD-2024-00023 - Authentication Bypass Vulnerability in Progress Telerik Report Server (39 days) :2024-06-04, 2024-07-13 DIVD-2024-00024 - Multiple vulnerabilities found in the SOPlanning tool (140 days) :2024-05-29, 2024-10-16 DIVD-2024-00025 - QNAP - OS command injection as Admin user possible via quick.cgi (118 days) :2024-06-07, 2024-10-03 DIVD-2024-00026 - Unauthenticated RCE in Rejetto HTTP File Server (33 days) :2024-06-10, 2024-07-13 DIVD-2024-00028 - Local File Inclusion in SolarWinds U-Serv (118 days) :2024-06-21, 2024-10-17 DIVD-2024-00029 - VMware vCenter Server multiple heap-overflow vulnerabilities (46 days) :2024-06-21, 2024-08-06 DIVD-2024-00030 - Zyxel NAS - unauthenticated OS command injection (101 days) :2024-06-24, 2024-10-03 DIVD-2024-00031 - Unauthenticated Local File Inclusion vulnerability in ComfortKey (205 days) :2024-08-05, 2025-02-26 DIVD-2024-00032 - Unauthenticated Remote Code Execution (RCE) vulnerability in Geoserver (73 days) :2024-07-03, 2024-09-14 DIVD-2024-00033 - ServiceNow - unauthenticated remote code execution (RCE) (67 days) :2024-07-13, 2024-09-18 DIVD-2024-00035 - 17 vulnerabilities in Iocharger devices (open) :2024-08-13, 2025-05-14 DIVD-2024-00038 - Remote Code Execution CUPS (98 days) :2024-10-17, 2025-01-23 DIVD-2024-00039 - Incorrect authorization vulnerability in Apache OFBiz resulting in RCE (64 days) :2024-09-29, 2024-12-02 DIVD-2024-00040 - Zimbra Collaboration (ZCS) vulnerable for RCE under specific conditions (62 days) :2024-09-25, 2024-11-26 DIVD-2024-00041 - Progress Software WhatsUp Gold SQL Injection Authentication Bypass (49 days) :2024-09-24, 2024-11-12 DIVD-2024-00042 - Multiple critical vulnerabilities in Solarwinds Web Help Desk (57 days) :2024-09-24, 2024-11-20 DIVD-2024-00043 - CyberAudit-Web - SSRF and Authentication bypass CVEs Registered (open) :2024-10-22, 2025-05-14 DIVD-2024-00044 - Missing authentication in Fortinet FortiManager fgfmsd (167 days) :2024-10-24, 2025-04-09 DIVD-2024-00045 - SysAid ITSM SQL Injection vulnerability (84 days) :2024-10-30, 2025-01-22 DIVD-2024-00046 - Multiple critical vulnerablilties in Ivanti Cloud Services Appliance (CSA) (104 days) :2024-09-24, 2025-01-06 DIVD-2024-00047 - Multiple critical vulnerablilties in Palo Alto Networks PAN-OS devices (56 days) :2024-11-11, 2025-01-06 DIVD-2024-00048 - VMware vCenter Server heap-overflow and remote code execution vulnerabilities (108 days) :2024-11-22, 2025-03-10 DIVD-2024-00049 - Vulnerabilities in D-Link NAS Backdoor and Command Injection Exploits (128 days) :2024-12-02, 2025-04-09 DIVD-2024-00050 - Path traversal vulnerabilty in Mitel MiCollab (60 days) :2024-12-05, 2025-02-03 DIVD-2024-00051 - Improper authorization vulnerabilty in ProjectSend, (open) :2024-12-09, 2025-05-14 DIVD-2024-00052 - Remote code execution in Cleo Harmony, VLCTrader and LexiCom (57 days) :2024-12-10, 2025-02-05 DIVD-2025-00001 - Multiple vulnerabilities in Sicomm BASEC Service (open) :2025-01-01, 2025-05-14 DIVD-2025-00002 - Authentication bypass in SonicWall SSL-VPN service (open) :2025-01-09, 2025-05-14 DIVD-2025-00003 - Multiple vulnerabilities in Mennekes Smart / Premium Charging stations (open) :2024-09-12, 2025-05-14 DIVD-2025-00004 - Authentication Bypass in PAN-OS Management Web Interface (open) :2025-02-20, 2025-05-14 DIVD-2025-00006 - Next.js Middleware Authorization Bypass (open) :2025-03-21, 2025-05-14 DIVD-2025-00007 - Authentication bypass in CrushFTP service (open) :2025-03-29, 2025-05-14 DIVD-2025-00010 - Stack-based buffer overflow in Ivanti Connect Secure (open) :2025-04-04, 2025-05-14