Open cases
DIVD-2024-00047 - Multiple critical vulnerablilties in Palo Alto Networks PAN-OS devicesAlwin Warringa
An authentication bypass in Palo Alto Networks PAN-OS software (CVE-2024-0012) enables an unauthenticated attacker with network access to the management interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474
More
DIVD-2024-00046 - Multiple critical vulnerablilties in Ivanti Cloud Services Appliance (CSA)Alwin Warringa
Ivanti CSA is affected by two critical vulnerabilities, allowing a remote unauthenticated attacker bypass admin authentication and execute arbitrary commands on the appliance.
More
DIVD-2024-00045 - SysAid ITSM SQL Injection vulnerabilityMax van der Horst
In May 2024, a SQL Injection vulnerability has been discovered in SysAid ITSM that has been reported to be actively exploited as recent as October 2024. Exploitation can result in unauthorized access to your ITSM system.
More
DIVD-2024-00044 - Missing authentication in Fortinet FortiManager fgfmsdOscar Vlugt
A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
More
DIVD-2024-00041 - Progress Software WhatsUp Gold SQL Injection Authentication BypassFinn van der Knaap
A SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password
More
DIVD-2024-00040 - Zimbra Collaboration (ZCS) vulnerable for RCE under specific conditionsOscar Vlugt
The postjournal in Zimbra Collaboration (ZCS) sometimes allows unauthenticated users to execute commands
More
DIVD-2024-00039 - Incorrect authorization vulnerability in Apache OFBiz resulting in RCEWessel Baltus
In Apache OFBiz, version 18.12.14 and below, an Incorrect Authorization vulnerability exists that allows pre-authentication remote code execution (RCE) resulting in an attacker being able to execute arbitrary commands on the affected system by sending a specially crafted HTTP request.
More
DIVD-2024-00038 - Remote Code Execution CUPSDennis Kussendrager
A remote attacker can replace or install printers with malicious IPP URLs, leading to arbitrary command execution when a print job is started.
More
DIVD-2024-00031 - Unauthenticated Local File Inclusion vulnerability in ComfortKeyVictor Pasman
A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system.
More
DIVD-2024-00029 - VMware vCenter Server multiple heap-overflow vulnerabilitiesOscar Vlugt
The vCenter Server contains multiple heap-overflow vulnerabilities in the implementation of the DCERPC protocol
More
DIVD-2024-00022 - Millions of credentials scraped from TelegramFrank Breedijk
DIVD was contacted by a source, who scraped millions of credentials from Telegram. DIVD is offering fellow CSIRTs, CERTs, and security teams the opportunity to, after verification, get an extract of the data pertaining to their domains.
More
DIVD-2024-00019 - Victim Notification Operation EndgameDIVD CSIRT
The DIVD is notifying victims of several botnets, based on information obtained from the Dutch National Police's Operation Endgame
More
DIVD-2024-00016 - Command injection vulnerabilities in QNAP devicesKoen Schagen
Several (OS) command injection vulnerabilities are found in QNAP QTS, QuTS hero and QuTScloud software/firmware versions
More
DIVD-2024-00011 - Six vulnerabilities in Enphase IQ Gateway devicesFrank Breedijk,Max van der Horst
Six critical vulnerabilities have been discovered in Enphase Envoy solar inverters. DIVD is assisting Enphase with locating vulnerable devices.
More
DIVD-2024-00004 - 2024-00004 Global NGOsVictor Gevers
This initiative focuses on identifying and addressing vulnerabilities in the publicly accessible assets of NGOs.
More
Closed cases
DIVD-2024-00042 - Multiple critical vulnerabilities in Solarwinds Web Help DeskAlwin Warringa
The SolarWinds Web Help Desk software is affected by three critical vulnerabilities, allowing remote unauthenticated user to access internal functionality and run commands on the host machine.
More
DIVD-2024-00033 - ServiceNow - unauthenticated remote code execution (RCE)Alwin Warringa
Multiple vulnerabilities have been found in ServiceNow. Combining these vulnerabilities could enable an unauthenticated user to remotely execute code within the context of the Now Platform
More
DIVD-2024-00032 - Unauthenticated Remote Code Execution (RCE) vulnerability in GeoserverKoen Schagen
Geoserver has a Remote Code Execution (RCE) vulnerability in evaluating property name expressions
More
DIVD-2024-00030 - Zyxel NAS - unauthenticated OS command injectionKoen Schagen
Multiple vulnerabilities have been found in the firmware of the Zyxel NAS devices NAS326 and NAS542. Those vulnerabilities allow an unauthenticated attacker to get full root access to the device.
More
DIVD-2024-00028 - Local File Inclusion in SolarWinds U-ServMax van der Horst
SolarWinds U-Serv was susceptible to a Path Traversal vulnerability, resulting in a Local File Inclusion vulnerability that allows an attack to read sensitive information on the server.
More
DIVD-2024-00026 - Unauthenticated RCE in Rejetto HTTP File ServerBoaz Braaksma
In Rejetto HTTP File Server, version 2.3x up to 2.4 RC07, a vulnerability exists that allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. This vulnerability affects both the Windows and Wine versions.
More
DIVD-2024-00025 - QNAP - OS command injection as Admin user possible via quick.cgiKoen Schagen
Two OS command injection vulnerabilities via quick.cgi file are found in QNAP QTS, QuTS hero and QuTScloud software/firmware versions
More
DIVD-2024-00024 - Multiple vulnerabilities found in the SOPlanning toolVictor Pasman
In the SOPlanning Online Planning tool, multiple critical vulnerabilities were found, including an unauthenticated SQL injection. When the non-default public view setting is enabled, it results in several Remote Code Execution (RCE) vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to execute code on the underlying system and access the database.
More
DIVD-2024-00023 - Authentication Bypass Vulnerability in Progress Telerik Report ServerStan Plasmeijer
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier on IIS, an unauthenticated attacker can exploit an authentication bypass vulnerability to access restricted functionality. Report Servers with a version 2024 Q1 (10.0.24.130) or earlier are vulnerable for an insecure deserialization attack to achieve full unauthenticated Remote Code Execution (RCE).
More
DIVD-2024-00021 - Local File Inclusion in Check Point Security Gateway softwareAlwin Warringa
An unauthenticated local file inclusion vulnerability was present in Check Point Security Gateway software
More
DIVD-2024-00020 - Authentication Bypass in GitHub Enterprise Server (GHES)Max van der Horst
An authentication bypass vulnerability was present in GitHub Enterprise Server (GHES) when utilizing SAML Single Sign-On authentication with the optional encrypted assertions feature.
More
DIVD-2024-00018 - Out-Of-Bounds memory read vulnerability in Citrix Netscaler and GatewayStan Plasmeijer
In Citrix Netscaler and Gateway products (VPN virtual server, ICA Proxy, CVPN, RDP Proxy), an Out-Of-Bounds Memory Read vulnerability has been found by BishopFox. This vulnerability lets unauthenticated attackers obtain information from memory. However, it does not allow attackers to retrieve controlled information from memory.
More
DIVD-2024-00015 - Remote Command Execution in CrushFTPStan Plasmeijer
CrushFTP has a RCE vulnerability that can be exploited without authentication if anonymous web access is enabled
More
DIVD-2024-00014 - Qlik Sense Remote Code ExecutionRalph Horn
Multiple unauthenticated remote code execution vulnerabilities in Qlik Sense
More
DIVD-2024-00013 - Palo Alto PAN-OS Command Injection Vulnerability in GlobalProtectStan Plasmeijer
A command injection vulnerability has been discovered in the GlobalProtect feature of Palo Alto Networks PAN-OS software
More
DIVD-2024-00010 - Unauthenticated Command Injection In Progress Kemp LoadMasterAlwin Warringa
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
More
DIVD-2024-00009 - Authentication Bypass in JetBrains TeamCityAlwin Warringa
Successful exploitation of CVE-2024-27198 and CVE-2024-27199 allows an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server.
More
DIVD-2024-00008 - Authentication Bypass and Remote Code Execution in ConnectWise ScreenConnectStan Plasmeijer
Successful exploitation of CVE-2024-1708 and CVE-2024-1709 allows an unauthenticated attacker to bypass the authentication and execute remote code or directly impact confidential data or critical systems.
More
DIVD-2024-00006 - Authentication Bypass in JetBrains TeamCityAlwin Warringa
Successful exploitation of CVE-2024-23917 allows an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server.
More
DIVD-2024-00005 - Remote code execution in FortiOSMax van der Horst
A new RCE vulnerability in FortiOS SSL VPN could lead to full compromise of your system.
More
DIVD-2024-00003 - Unauthenticaded Remote Code Execution in CrushFTPAlwin Warringa
CrushFTP versions prior to 10.5.1 are vulnerable for an unauthenticated remote code execution vulnerability
More
DIVD-2024-00002 - Account takeover vulnerability in Gitlab CE/EERalph Horn
Gitlab CE/EE critical account takeover vulnerability
More
DIVD-2024-00001 - Auth. Bypass and Command Injection in Ivanti VPN applianceMax van der Horst
Ivanti warns of an authentication bypass and command injection exploited by threat actors in its Connect Secure and Policy Secure products.
More
Open cases
Closed cases
DIVD-2023-00045 - Confluence RCE Vulnerability In Confluence Data Center and Confluence ServerWessel Baltus
Confluence Data Center and Server RCE vulnerability allow an authorized user, including one with anonymous access, to inject unsafe user input into a Confluence page
More
DIVD-2023-00042 - Confluence improper authorization vulnerabilityWessel Baltus
Confluence Data Center and Server allow unauthorized users to set Confluence in setup mode leading to the possibility to create administrator accounts that have the capabilities for RCE
More
DIVD-2023-00040 - Critical F5 BIG-IP unauthenticated RCE VulnerabilityBoaz Braaksma
This vulnerability (CVE-2023-46747) may allow an unauthenticated adversary with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands."
More
DIVD-2023-00039 - VMware vCenter Server RCEMax van der Horst
VMware has released security updates for vCenter Server that could result in Remote Command Execution.
More
DIVD-2023-00038 - Global Cisco IOS-XE (CVE-2023-20198) ImplantsMax van der Horst
An unknown threat actor is using a recent authentication bypass vulnerability (CVE-2023-20198) on Cisco IOS-XE to backdoor Cisco appliances worldwide.
More
DIVD-2023-00037 - Security Feature Bypass in MinIOMax van der Horst
An attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket, resulting in compromise of the server.
More
DIVD-2023-00036 - Authentication Bypass in JetBrains TeamCityMax van der Horst
Successful exploitation of CVE-2023-42793 allows an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform a remote code execution attack and gain administrative control of the server.
More
DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-SeriesMax van der Horst
By chaining multiple vulnerabilities an attacker is able to execute arbitrary code or commands via specifically crafted requests.
More
DIVD-2023-00034 - API Authentication Bypass Vulnerability in Ivanti SentryMax van der Horst
Ivanti Sentry has an API authentication bypass vulnerability with CVSS 9.8. System owners are advised to limit access to port 8443.
More
DIVD-2023-00033 - Citrix systems exploited with CVE-2023-3519Max van der Horst
DIVD is notifying owners of exploited Citrix ADC and Gateway systems, based on scanning data obtained from Fox-IT.
More
DIVD-2023-00032 - Access Control Bypass - CVE-2023-29298 & CVE-2023-38205Finn van der Knaap
Both vulnerabilities allow an attacker to bypass the product feature that restricts external access to the ColdFusion Administrator.
More
DIVD-2023-00031 - Ivanti MobileIron vulnerable for CVE-2023-35078Lennaert Oudshoorn
DIVD is notifying owners of vulnerable Ivanti MobileIron
More
DIVD-2023-00030 - Citrix systems vulnerable for CVE-2023-3519Lennaert Oudshoorn
DIVD is notifying owners of vulnerable Citrix ADC and Gateway systems, based on scanning data obtained from Fox-IT.
More
DIVD-2023-00029 - Critical Fortinet SSL-VPN RCE VulnerabilityBoaz Braaksma
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
More
DIVD-2023-00028 - SQL Injection in MOVEit Transfer - CVE-2023-36934Célistine Oosting
A new SQL Injection vulnerability has been found in MOVEit Transfer.
More
DIVD-2023-00027 - Ignite Realtime Openfire auth bypass - CVE-2023-32315Hans Meuris
Ignite Realtime Openfire version 3.10.0 through 4.6.8 (excluded) and 4.7.0 to 4.7.5 (excluded) are vulnerable to a Path traversal vulnerability
More
DIVD-2023-00026 - Apache Superset authentication bypass leads to RCE - CVE-2023-27524Finn van der Knaap
Apache Superset, up to and including 2.0.1 vulnerable to bypass that can lead to an RCE.
More
DIVD-2023-00025 - Multiple vulnerabilities in Danfoss AK-SM800AMax van der Horst
Danfoss AK-SM800A has multiple web-related vulnerabilities. It is advised to install the provided patch.
More
DIVD-2023-00024 - SQL injection in GeoServer - CVE-2023-25157Jeroen van de Weerd
GeoServer has a critical SQL injection vulnerability.
More
DIVD-2023-00023 - SQL injection in MOVEit Transfer - CVE-2023-34362Max van der Horst
MOVEit Transfer has a critical SQL injection vulnerability that is actively exploited for data theft.
More
DIVD-2023-00022 - OS command injection vulnerability of Zyxel firewallsStan Plasmeijer
Zyxel has released patches for an OS command injection vulnerability found by TRAPA Security and urges uses to install them for optimal protection.
More
DIVD-2023-00021 - Multiple vulnerabilities in Danfoss AK-EM 100Max van der Horst
Danfoss AK-EM 100 has multiple web-related vulnerabilities. It is advised to phase out this product, as this product is End of Life.
More
DIVD-2023-00020 - PaperCut MF/NG Authentication BypassMax van der Horst
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut MF/NG 22.0.5 (Build 63914).
More
DIVD-2023-00017 - Cisco Small Business Router Authentication BypassMax van der Horst
Cisco RV016, RV042, RV042G and RV082 contain an authentication bypass vulnerability.
More
DIVD-2023-00016 - GLPI Remote Code ExecutionFinn van der Knaap en Josha Beekman
GLPI version below 9.5.9 & 10.0.3 are vulnerable to Remote Code Execution
More
DIVD-2023-00015 - Yeastar Configuration Panel TakeoverRutger Hermens
Yeastar N412 and N824 Configuration Panels are vulnerable to unauthenticated account takeover.
More
DIVD-2023-00014 - Critical Broken Authentication Flaw in Jira Service Management ProductsRutger Hermens
Vulnerable Jira Service Management Server and Data Center versions allow an attacker to impersonate another user and gain access under certain circumstances.
More
DIVD-2023-00012 - Unauthenticated Remote Command Execution in IBM Aspera FaspexAxel Boesenach
IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system.
More
DIVD-2023-00011 - FortiNAC and FortiWeb RCE VulnerabilityMax van der Horst
Fortinet has released security updates for its FortiNAC and FortiWeb products to fix two critical vulnerabilities.
More
DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange ServerCélistine Oosting
Remote Code Execution vulnerability was found and fixed in Microsoft Exchange Server, the DIVD is scanning for vulnerable systems and notifying owners of vulnerable systems
More
DIVD-2023-00009 - Cisco RV Series Remote Command ExecutionMax van der Horst
Cisco RV340, RV340W, RV345 and RV345P contain a Remote Command Execution vulnerability.
More
DIVD-2023-00007 - Global VMware ESXi Ransomware AttackMax van der Horst
Criminals are attacking VMware ESXi servers vulnerable to CVE-2021-21974 worldwide to deploy ransomware.
More
DIVD-2023-00006 - Unauthenticated code injection in QNAP QTS and QuTS heroStan Plasmeijer
QNAP has released an advisory for devices running QTS 5.0.1 and QuTS hero h5.0.1. Those devices might be vulnerable for code injection.
More
DIVD-2023-00004 - Unauthenticated Remote Command Execution using SAML in Zoho ManageEngineMax van der Horst
Use of outdated Apache Santuario library in Zoho ManageEngine causes an unauthenticated RCE vulnerability by sending a malicious SAML response.
More
DIVD-2023-00003 - OS command injection in CentOS CWPMax van der Horst
The login/index.php endpoint in CentOS Control Web Panel 7 before 0.9.8.1147 allows unauthenticated attackers to execute OS commands.
More
DIVD-2023-00002 - Publicly Reachable Malicious WebshellsMax van der Horst
DIVD is searching the Internet for publicly reachable malicious webshells.
More
DIVD-2023-00001 - Citrix systems vulnerable for CVE-2022-27510 and/or CVE-2022-27518Frank Breedijk
Based on scanning data obtained from Fox-IT, DIVD is notifying owners of vulnerable Citrix ADC and Gateway systems
More
Open cases
Closed cases
DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERNVictor Pasman
Multiple vulnerabilities have been identified in White Rabbit Switch from CERN. Leveraging these vulnerabilities could allow an attacker to compromise the system.
More
DIVD-2022-00065 - Multiple Critical Vulnerabilities in multiple Zyxel EOL devicesRutger Hermens
Based on disclosure by Sec Consult, DIVD performed scans of end of life device impacted by multiple vulnerabilities.
More
DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMSMax van der Horst
Multiple injection vulnerabilities have been identified within Axiell Iguana CMS, each of which can lead to compromise of the system.
More
DIVD-2022-00063 - Memory overflow vulnerability in FortiOS SSL VPNRalph Horn
DIVD is scanning for parties vulnerable to CVE-2022-42475
More
DIVD-2022-00061 - KNXNet/IP gateways often left open to the internetPepijn van der Stap
DIVD is scanning for and notifying parties about KNXNet/IP gateways that are accessible from the internet.
More
DIVD-2022-00060 - Command Injection vulnerability in Bitbucket Server and Data CenterMax van der Horst
DIVD is scanning for parties vulnerable to CVE-2022-43781
More
DIVD-2022-00058 - ZK Framework - ZK AuUploader Servlet Upload VulnerabilityAxel Boesenach
DIVD is scanning for parties vulnerable to CVE-2022-36537.
More
DIVD-2022-00056 - Critical authentication bypass affecting Fortigate productsTom Wolters
DIVD is scanning for parties vulnerable to CVE-2022-40684
More
DIVD-2022-00055 - Server Management Interfaces security issuesPepijn van der Stap
DIVD is researching vulnerabilities in (hardware) server management interfaces globally and notifying the owners of misconfigured services.
More
DIVD-2022-00054 - ProxyNotShell - Microsoft Exchange SSRF and RCEMax van der Horst
DIVD is scanning for parties vulnerable to CVE-2022-41040 and CVE-2022-41082 (nicknamed ProxyNotShell).
More
DIVD-2022-00053 - Atlassian Bitbucket Server - CVE-2022-36804Pepijn van der Stap
DIVD is researching Bitbucket instances that are vulnerable to CVE-2022-36804.
More
DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow softwareVictor Pasman
DIVD is scanning for parties vulnerable to CVE-2022-41216 and CVE-2022-41217
More
DIVD-2022-00051 - H2 Web Console - CVE-2021-42392, CVE-2022-23221Martin van Wingerden
DIVD is researching vulnerable, accessible H2 Web Console instances
More
DIVD-2022-00048 - Dossier Energy TransitionFrank Breedijk
In this dossier we are tracking cases and other findings related to the global energy transition
More
DIVD-2022-00045 - Injection vulnerability found within Socket.ioVictor Pasman
A injection vulnerability was identified in Socket.io which can result in Remote Code Execution (RCE)
More
DIVD-2022-00042 - Canon print portals facing the internetSimon Kort
Easily accessible Canon print portals facing towards the internet can lead to full access to the administration interface of the printer.
More
DIVD-2022-00038 - Vulnerable Oracle WebLogic ServerTom Wolters
Patch vulnerable Oracle WebLogic servers immediately as some versions are vulnerable for an Local File Inclusion Attack, which causes secrets and sourcecode to be readable by malicious attackers. DIVD is actively notifying owners of vulnerable systems
More
DIVD-2022-00033 - Atlassian Confluence 0-day unauthenticated RCEFrank Breedijk
CVE-2022-26134 is a 0-day RCE in Confluence. We are scanning the internet for exposed servers and warning owners. If you have Confluence the advice is to apply the patch and if that is not possible to take it offline
More
DIVD-2022-00032 - Exchange backdoorVictor Pasman
Sneaky backdoor installed on earlier hit Exchange Servers.
More
DIVD-2022-00030 - Exposed QNAPRalph Horn
QNAP urges users to immediately patch NAS devices after several were recently compromised and infected with malicious software. DIVD is actively notifying owners of vulnerable systems
More
DIVD-2022-00029 - Remote Code Execution on Sophos FirewallVictor Pasman
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
More
DIVD-2022-00027 - F5 BIG-IP iControl REST API remote code executionPepijn van der Stap
F5 BIG-IP is vulnerable to remote code execution due to a vulnerability that allows attackers to execute commands by leveraging a authentication bypass in the REST API. DIVD is actively notifying owners of vulnerable systems
More
DIVD-2022-00026 - WSO2 Remote Code Executions - CVE-2022-29464Pepijn van der Stap
WSO2 servers are vulnerable to remote code execution due to a vulnerability that allows attackers to perform unauthenticated unrestricted arbitrary file uploads. DIVD is actively notifying owners of vulnerable systems
More
DIVD-2022-00025 - VMware - CVE-2022-22954Victor Pasman
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
More
DIVD-2022-00024 - Spring Cloud RCE - CVE-2022-22963Pepijn van der Stap
Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. DIVD is actively notifying owners of vulnerable systems
More
DIVD-2022-00022 - WatchGuard Firebox and XTM appliance ACE vulnerabilityMax van der Horst
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code. DIVD is actively scanning to notify owners of vulnerable systems.
More
DIVD-2022-00021 - Ivanti EPM CSA remote code executionPepijn van der Stap
DIVD is searching for vulnerable instances of the Ivanti EPM Cloud Services Appliance (CSA).
More
DIVD-2022-00020 - Inproper input validation vulnerabilities identified within Feathers.jsVictor Pasman
Inproper input validation vulnerabilities are identified in Feathers.js, these can result in SQL-injection on the system.
More
DIVD-2022-00019 - Insecure Mendix ApplicationsJohn Cornegge
DIVD is researching misconfigured Entity access rules in applications built with the Mendix Platform.
More
DIVD-2022-00017 - Global Healthcare VulnerabilitiesVictor Gevers
DIVD is researching vulnerabilities in healthcare services globally and notifying these services.
More
DIVD-2022-00015 - Unauthenticated user enumeration on GraphQL APIMick Beer
CVE-2021-4191: GitLab GraphQL API User Enumeration
More
DIVD-2022-00014 - GreyNoise's Ukraine only listFrank Breedijk
GreyNoise has created a public list of IP addresses that have exclusively been observed in their honeypots in Ukraine, and not anywhere else. We decided to take it upon ourselves to make network administrators aware of the fact that these hosts are on this list.
More
DIVD-2022-00013 - The curious case of the odd update.microsoft.com certificatesFrank Breedijk
An exploration into a curious case where 13k+ servers are offering the same tls certificate
More
DIVD-2022-00012 - Global Charity VulnerabilitiesMax van der Horst
DIVD is researching vulnerabilities in charities globally and notifying these charities.
More
DIVD-2022-00010 - Auth bypass in SAPPatrick Hulshof
Unauthenticated user impersonation (auth bypass) in SAP Posted on February 8 2022
More
DIVD-2022-00009 - SolarMan backend administrator account/passwordFrank Breedijk
DIVD researcher Jelle Ursem found the password of the super user of the web backend for all SolarMan / Solis / Omnik / Ginlong inverters, loggers, and batteries. The password has been changed now, and the repository containing the password has been deleted.
More
DIVD-2022-00008 - XSS Zeroday in ZimbraBoaz Braaksma
A new Zero-day XSS Vulnerability in Zimbra was published on the internet on the third of February 2022.
More
DIVD-2022-00007 - Subdomain TakeoversMartin van Wingerden
Subdomain Takeovers via CNAMES or A records pointing to Azure, AWS, GitHub or unregistered domains
More
DIVD-2022-00006 - SAProuterJoris van de Vis
DIVD scanned for internet connected SAProuters that respond to information-requests, meaning they are not properly secured.
More
DIVD-2022-00004 - Post-Log4J Open Database C2 and Monero Miner InfectionsMax van der Horst
Post-Log4J Open Database Instances used for C2 and Monero Miner Infections.
More
DIVD-2022-00002 - GrafanaTom Wolters
Unauthenticated Directory Traversal vulnerability in Grafana - CVE-2021-43798
More
Open cases
Closed cases
DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solutionVictor Pasman,Frank Breedijk
ITarian an online platform and on-premise solution for Managed Services Providers, contains 3 critical vulnerabilities. Vulnerabilities have been patched in the SaaS version only!
More
DIVD-2021-00036 - VMware vCenter Server arbitrary file read vulnerabilityLennaert Oudshoorn
We will be scanning for CVE-2021-21980
More
DIVD-2021-00033 - Sites with Potential SQL-InjectionCélistine Oosting
We obtained a list with sites potentially vulnerable to SQL-Injection
More
DIVD-2021-00030 - GitLab Unauthenticated RCE FlawJeroen van de Weerd
We will be scanning for CVE-2021-22205
More
DIVD-2021-00029 - SmartertrackFinn van der Knaap
Several vulnerabilities have been found in the helpdesk software called SmarterTrack made by SmarterTools.
More
DIVD-2021-00027 - Apache HTTP 2.4.49 Path Traversal and File DisclosureDiego Klinkhamer
We will be scanning for CVE-2021-41773
More
DIVD-2021-00026 - Omigod: Microsoft Open Management Interface RCECélistine Oosting
Omigod vulnerabilities make it possible to execute remote code via Microsoft Open Management Interface (OMI) this service is installed automatically on machines running certain Azure services (either on premise or in the cloud)
More
DIVD-2021-00023 - Atlassian Confluence OGNL injection (RCE)Pepijn van der Stap
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
More
DIVD-2021-00022 - Exchange ProxyShell and ProxyOracleFrank Breedijk
We will be scanning for the vulnerabilities related to the ProxyShell and ProxyOracle attacks against Microsoft Exchange.
More
DIVD-2021-00021 - Qlik Sense Enterprise domain user enumerationHidde Smit
Domain user enumeration via response timing
More
DIVD-2021-00020 - OSNexsus QuantaStor limited disclosure and product warningMax van der Horst and Frank Breedijk
Several serious vulnerabilities were discovered in OSNEXUS QuantaStor. We had difficulties working with the vendor and are now disclosing vulnerabilities and issuing a product warning.
More
DIVD-2021-00017 - SolarWinds N-able N-central agent vulnerabilitiesHidde Smit
Vulnerabilities discovered affect multi-tenant environments.
More
DIVD-2021-00015 - Telegram ODVictor Gevers
One of our researchers has discovered a Telegram group that shares millions of usernames and passwords that criminals have stolen from their victims.
More
DIVD-2021-00014 - Kaseya UnitrendsVictor Gevers and Frank Breedijk
Users of on-premise Kaseya Unitrends are advised to not expose this service directly to the internet
More
DIVD-2021-00012 - Warehouse BotnetFrank Breedijk
One of our researchers has discovered a database full of usernames and passwords that criminals have stolen from their victims'.
More
DIVD-2021-00011 - Kaseya VSA DisclosureLennaert Oudshoorn
Wietse Boonstra found multiple vulnerabilities in Kaseya VSA, this casefile details the disclosure process.
More
DIVD-2021-00010 - vCenter Server PreAuth RCEHidde Smit
A critical vulnerability has been found in VMware vCenter Server versions 3.x, 4.x, 6.5, 6.7 and 7.0.
More
DIVD-2021-00007 - EA Origin XSS and RCE 1-clickHidde Smit
Origin users are advised to update Origin client to the latest version
More
DIVD-2021-00006 - SmarterMailVictor Pasman
Multiple vulnerabilities discovered in all versions of 16.x of Smartertools SmarterMail and all versions before 100.0.7803 (May 13, 2021)
More
DIVD-2021-00005 - Pulse Secure PreAuth RCEMatthijs Koot
Er zijn kritieke kwetsbaarheden gevonden in Pulse Secure Connect versies >=9.0R3 en =9.0R3 and <9.1R11.4.
More
DIVD-2021-00004 - Gelekte phishing gegevens / Leaked phishing credentialsLennaert Oudshoorn,Célistine Oosting
DIVD heeft een lijst van bij phishing buitgemaakte en daarna gelekte emailadressen en wachtwoorden van een security researcher ontvangen. / DIVD has received a list of credentials obtained through phishing from a security researcher.
More
DIVD-2021-00002 - Kaseya VSAVictor Gevers,Lennaert Oudshoorn
Users of on-premise Kaseya VSA are advised to disable their Kaseya VSA servers.
More
DIVD-2021-00001 - Microsoft on-prem Exchange ServersLennaert Oudshoorn
Microsoft heeft meerdere 0-day exploits ontdekt die actief gebruikt worden om on-premises versies van Microsoft Exchange Server aan te vallen. / Microsoft has detected multiple 0-day exploits that are actively being used in attacks against on-premises versions of Microsoft Exchange Server.
More
Open cases
Closed cases
DIVD-2020-00014 - SolarWinds OrionLennaert Oudshoorn
Een authenticatie bypass kan aanvallers de mogelijkeheid geven om API commando's uit te voeren, hierdoor kan het systeem gecompromiteerd worden. / An authentication bypass could allow attackers to execute API commands which may result in a compromise of the system.
More
DIVD-2020-00013 - Gelekte phishing wachtwoorden / Leaked phishing credentialsFrank Breedijk
DIVD heeft een lijst van bij phishing buitgemaakte en daarna gelekte email en wachtwoorden van een partner ontvangen / DIVD has received a list of credentials obtained through phishing from a partner.
More
DIVD-2020-00012 - 49 000 vulnerable Fortinet VPN devicesLennaert Oudshoorn
Er is een lijst online aangetroffen met 49 577 kwetsbare Fortinet VPN devices waarvan login credentials gestolen kunnen worden / A list was found online, with 49 577 vulnerable Fortinet VPN devices, potentially login credentials could be exposed
More
DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDRFrank Breedijk
DIVD Onderzoeker Wietse Boonstra heeft vier critieke kwetsbaarheden gevonden in Vembu BDR, patches zijn beschikbaar / DIVD researcher Wietse Boonstra hasdiscovered four critical vulnerabilities in Vembu BDR, patches are available.
More
DIVD-2020-00010 - wpDiscuz plugin Remote Code ExcutionFrank Breedijk
In de WordPress Plugin wpDiscuz zit een kritieke kwetsbaarheid die aanvalles in staat stelt een systemen over te nemen / Wordpress plugin wpDiscuz has a critical vulnerability that allows an attacker to take over the system.
More
DIVD-2020-00009 - Pulse Secure VPN enterprise LeakLennaert Oudshoorn
Een datadump met informatie over meer dan 900 gecompromitteerde Pulse Secure VPN enterprise servers is publiek gemaakt. / A data dump with information of over 900 compromised Pulse Secure VPN enterprise servers has been released.
More
DIVD-2020-00008 - 313 000 Wordpress sites scannedLennaert Oudshoorn
Onderzoekers van het DIVD hebben 313 000 Wordpress sites met .NL domein gescanned, meldingen voor kwetsbare sites worden gedaan naarmate de resultaten verwerkt worden. / DIVD researchers scanned 313 000 Wordpress websites with .NL domains, vulnerability notifications are being sent as results are processed.
More
DIVD-2020-00007 - Citrix ShareFileLennaert Oudshoorn
Er is een kwetsbaarheid gevonden in Citrix ShareFile deze kwetsbaarheid kan gebruikt worden door een aanvaller om toegang te verkrijgen tot gevoelige data. / A vulnerabilty in Citrix ShareFile has been discovered, this vulnerability can be used by an attacker to potentially gain access to sensitive data.
More
DIVD-2020-00006 - SMBv3 Server Compression Transform Header Memory CorruptionSander Spierenburg
Security Meldpunt vraagt uw aandacht voor een SMBv3 kwetsbaarheid en gaat netwerkbeheerders met publiek beschikbare SMBv3 servers met compressie waarschuwen / The Security hotline is asking your attention for a vulnerabilty in SMBv3 and is going to warn network operators of Dutch IPs that respond to SMBv3 handshakes and have encryption enabled
More
DIVD-2020-00005 - Apache Tomcat AJP File Read/Inclusion VulnerabilityJeroen van de Weerd
773 Nederlandse IP adressen kwetsbaar voor Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability / 773 Dutch IP addresses vulnerable to Ghostcat - Apache Tomcat AJP File Read / Inclusion Vulnerability
More
DIVD-2020-00004 - List of Mirai botnet victims published with credentialsSander Spierenburg
Een lijst met ruim 500k+ botnet slachtoffers is gepubliceerd / A list of Mirai botnet victims has been published exposing a total of 500K+ systems
More
DIVD-2020-00003 - Microsoft RDP Gateway vulnerable for Bluegate RCEBarry van Kampen
16.000 kwetsbare Microsoft RDP Gateway systemen online / 16.000 vulnerable Microsoft RDP Gateway systemen online
More
DIVD-2020-00002 - Wildcard certificaten Citrix ADCFrank Breedijk
Op ruim 450 kwetsbare Citrix ADC systemen hebben wij wildcard certificaten aangetroffen / We have found over 450 vulnerable Citrix ADC that used wildcard certificates
More
DIVD-2020-00001 - Citrix ADCFrank Breedijk
Onze status omtrend CVE-2019-19781 / Our current status around CVE-2019-19781
More
gantt
title Cases in 2024
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
DIVD-2022-00048 - Dossier Energy Transition, 7 Sep 2022 - 1 Apr 2024 (573 days) :2024-01-01, 2024-04-01
DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software, 21 Feb 2023 - 21 Jul 2024 (517 days) :2024-01-01, 2024-07-21
DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS, 8 Sep 2022 - 22 Jul 2024 (684 days) :2024-01-01, 2024-07-22
DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server, 14 Feb 2023 - 22 Jul 2024 (525 days) :2024-01-01, 2024-07-22
DIVD-2023-00028 - SQL Injection in MOVEit Transfer - CVE-2023-36934, 6 Jul 2023 - 22 Jul 2024 (383 days) :2024-01-01, 2024-07-22
DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series, 11 Sep 2023 - 6 May 2024 (239 days) :2024-01-01, 2024-05-06
DIVD-2023-00039 - VMware vCenter Server RCE, 25 Oct 2023 - 22 Jul 2024 (272 days) :2024-01-01, 2024-07-22
DIVD-2023-00042 - Confluence improper authorization vulnerability, 11 Nov 2023 - 14 Apr 2024 (156 days) :2024-01-01, 2024-04-14
DIVD-2023-00045 - Confluence RCE Vulnerability In Confluence Data Center and Confluence Server, 5 Dec 2023 - 14 Apr 2024 (132 days) :2024-01-01, 2024-04-14
DIVD-2024-00001 - Auth. Bypass and Command Injection in Ivanti VPN appliance, 10 Jan 2024 - 12 Feb 2024 (34 days) :2024-01-10, 2024-02-12
DIVD-2024-00002 - Account takeover vulnerability in Gitlab CE/EE, 12 Jan 2024 - 1 Jun 2024 (142 days) :2024-01-12, 2024-06-01
DIVD-2024-00003 - Unauthenticaded Remote Code Execution in CrushFTP, 13 Dec 2023 - 17 Apr 2024 (127 days) :2024-01-01, 2024-04-17
DIVD-2024-00004 - 2024-00004 Global NGOs, 4 Oct 2023 -> ? (open) :2024-01-01, 2024-12-21
DIVD-2024-00005 - Remote code execution in FortiOS, 8 Feb 2024 - 15 Feb 2024 (8 days) :2024-02-08, 2024-02-15
DIVD-2024-00006 - Authentication Bypass in JetBrains TeamCity, 8 Feb 2024 - 28 Mar 2024 (50 days) :2024-02-08, 2024-03-28
DIVD-2024-00008 - Authentication Bypass and Remote Code Execution in ConnectWise ScreenConnect, 21 Feb 2024 - 1 Jun 2024 (102 days) :2024-02-21, 2024-06-01
DIVD-2024-00009 - Authentication Bypass in JetBrains TeamCity, 6 Mar 2024 - 28 Mar 2024 (23 days) :2024-03-06, 2024-03-28
DIVD-2024-00010 - Unauthenticated Command Injection In Progress Kemp LoadMaster, 20 Mar 2024 - 23 Apr 2024 (35 days) :2024-03-20, 2024-04-23
DIVD-2024-00011 - Six vulnerabilities in Enphase IQ Gateway devices, 11 Apr 2024 -> ? (open) :2024-04-11, 2024-12-21
DIVD-2024-00013 - Palo Alto PAN-OS Command Injection Vulnerability in GlobalProtect, 12 Apr 2024 - 23 Apr 2024 (12 days) :2024-04-12, 2024-04-23
DIVD-2024-00014 - Qlik Sense Remote Code Execution, 19 Apr 2024 - 3 Jul 2024 (76 days) :2024-04-19, 2024-07-03
DIVD-2024-00015 - Remote Command Execution in CrushFTP, 23 Apr 2024 - 1 Jun 2024 (40 days) :2024-04-23, 2024-06-01
DIVD-2024-00016 - Command injection vulnerabilities in QNAP devices, 30 Apr 2024 -> ? (open) :2024-04-30, 2024-12-21
DIVD-2024-00018 - Out-Of-Bounds memory read vulnerability in Citrix Netscaler and Gateway, 8 May 2024 - 13 Jul 2024 (67 days) :2024-05-08, 2024-07-13
DIVD-2024-00019 - Victim Notification Operation Endgame, 30 May 2024 -> ? (open) :2024-05-30, 2024-12-21
DIVD-2024-00020 - Authentication Bypass in GitHub Enterprise Server (GHES), 27 May 2024 - 20 Jun 2024 (25 days) :2024-05-27, 2024-06-20
DIVD-2024-00021 - Local File Inclusion in Check Point Security Gateway software, 30 May 2024 - 16 Jul 2024 (48 days) :2024-05-30, 2024-07-16
DIVD-2024-00022 - Millions of credentials scraped from Telegram, 4 Jun 2024 -> ? (open) :2024-06-04, 2024-12-21
DIVD-2024-00023 - Authentication Bypass Vulnerability in Progress Telerik Report Server, 4 Jun 2024 - 13 Jul 2024 (40 days) :2024-06-04, 2024-07-13
DIVD-2024-00024 - Multiple vulnerabilities found in the SOPlanning tool, 29 May 2024 - 16 Oct 2024 (141 days) :2024-05-29, 2024-10-16
DIVD-2024-00025 - QNAP - OS command injection as Admin user possible via quick.cgi, 7 Jun 2024 - 3 Oct 2024 (119 days) :2024-06-07, 2024-10-03
DIVD-2024-00026 - Unauthenticated RCE in Rejetto HTTP File Server, 10 Jun 2024 - 13 Jul 2024 (34 days) :2024-06-10, 2024-07-13
DIVD-2024-00028 - Local File Inclusion in SolarWinds U-Serv, 21 Jun 2024 - 17 Oct 2024 (119 days) :2024-06-21, 2024-10-17
DIVD-2024-00029 - VMware vCenter Server multiple heap-overflow vulnerabilities, 21 Jun 2024 -> ? (open) :2024-06-21, 2024-12-21
DIVD-2024-00030 - Zyxel NAS - unauthenticated OS command injection, 24 Jun 2024 - 3 Oct 2024 (102 days) :2024-06-24, 2024-10-03
DIVD-2024-00031 - Unauthenticated Local File Inclusion vulnerability in ComfortKey, 5 Aug 2024 -> ? (open) :2024-08-05, 2024-12-21
DIVD-2024-00032 - Unauthenticated Remote Code Execution (RCE) vulnerability in Geoserver, 3 Jul 2024 - 14 Sep 2024 (74 days) :2024-07-03, 2024-09-14
DIVD-2024-00033 - ServiceNow - unauthenticated remote code execution (RCE), 13 Jul 2024 - 18 Sep 2024 (68 days) :2024-07-13, 2024-09-18
DIVD-2024-00038 - Remote Code Execution CUPS, 17 Oct 2024 -> ? (open) :2024-10-17, 2024-12-21
DIVD-2024-00039 - Incorrect authorization vulnerability in Apache OFBiz resulting in RCE, 29 Sep 2024 -> ? (open) :2024-09-29, 2024-12-21
DIVD-2024-00040 - Zimbra Collaboration (ZCS) vulnerable for RCE under specific conditions, 25 Sep 2024 -> ? (open) :2024-09-25, 2024-12-21
DIVD-2024-00041 - Progress Software WhatsUp Gold SQL Injection Authentication Bypass, 24 Sep 2024 -> ? (open) :2024-09-24, 2024-12-21
DIVD-2024-00042 - Multiple critical vulnerabilities in Solarwinds Web Help Desk, 24 Sep 2024 - 20 Nov 2024 (58 days) :2024-09-24, 2024-11-20
DIVD-2024-00044 - Missing authentication in Fortinet FortiManager fgfmsd, 24 Oct 2024 -> ? (open) :2024-10-24, 2024-12-21
DIVD-2024-00045 - SysAid ITSM SQL Injection vulnerability, 30 Oct 2024 -> ? (open) :2024-10-30, 2024-12-21
DIVD-2024-00046 - Multiple critical vulnerablilties in Ivanti Cloud Services Appliance (CSA), 24 Sep 2024 -> ? (open) :2024-09-24, 2024-12-21
DIVD-2024-00047 - Multiple critical vulnerablilties in Palo Alto Networks PAN-OS devices, 11 Nov 2024 -> ? (open) :2024-11-11, 2024-12-21
gantt
title Cases in 2023
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
DIVD-2021-00014 - Kaseya Unitrends, 2 Jul 2021 - 5 Jul 2023 (734 days) :2023-01-01, 2023-07-05
DIVD-2021-00020 - OSNexsus QuantaStor limited disclosure and product warning, 10 Aug 2021 - 16 Oct 2023 (798 days) :2023-01-01, 2023-10-16
DIVD-2022-00012 - Global Charity Vulnerabilities, 22 Feb 2022 - 12 Jan 2023 (325 days) :2023-01-01, 2023-01-12
DIVD-2022-00017 - Global Healthcare Vulnerabilities, 10 Mar 2022 - 1 Mar 2023 (357 days) :2023-01-01, 2023-03-01
DIVD-2022-00020 - Inproper input validation vulnerabilities identified within Feathers.js, 23 Feb 2022 - 27 May 2023 (459 days) :2023-01-01, 2023-05-27
DIVD-2022-00029 - Remote Code Execution on Sophos Firewall, 10 May 2022 - 22 Feb 2023 (289 days) :2023-01-01, 2023-02-22
DIVD-2022-00038 - Vulnerable Oracle WebLogic Server, 3 Jul 2022 - 7 Mar 2023 (248 days) :2023-01-01, 2023-03-07
DIVD-2022-00042 - Canon print portals facing the internet, 18 Aug 2022 - 5 Apr 2023 (231 days) :2023-01-01, 2023-04-05
DIVD-2022-00045 - Injection vulnerability found within Socket.io, 29 Apr 2022 - 22 Feb 2023 (300 days) :2023-01-01, 2023-02-22
DIVD-2022-00048 - Dossier Energy Transition, 7 Sep 2022 - 1 Apr 2024 (573 days) :2023-01-01, 2024-01-01
DIVD-2022-00051 - H2 Web Console - CVE-2021-42392, CVE-2022-23221, 9 Sep 2022 - 11 Jan 2023 (125 days) :2023-01-01, 2023-01-11
DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software, 21 Feb 2023 - 21 Jul 2024 (517 days) :2023-02-21, 2024-01-01
DIVD-2022-00053 - Atlassian Bitbucket Server - CVE-2022-36804, 21 Sep 2022 - 22 Feb 2023 (155 days) :2023-01-01, 2023-02-22
DIVD-2022-00054 - ProxyNotShell - Microsoft Exchange SSRF and RCE, 30 Sep 2022 - 10 Apr 2023 (193 days) :2023-01-01, 2023-04-10
DIVD-2022-00055 - Server Management Interfaces security issues, 8 Oct 2022 - 8 Jan 2023 (93 days) :2023-01-01, 2023-01-08
DIVD-2022-00056 - Critical authentication bypass affecting Fortigate products, 7 Oct 2022 - 5 Apr 2023 (181 days) :2023-01-01, 2023-04-05
DIVD-2022-00058 - ZK Framework - ZK AuUploader Servlet Upload Vulnerability, 30 Oct 2022 - 21 May 2023 (204 days) :2023-01-01, 2023-05-21
DIVD-2022-00060 - Command Injection vulnerability in Bitbucket Server and Data Center, 17 Nov 2022 - 13 Mar 2023 (117 days) :2023-01-01, 2023-03-13
DIVD-2022-00061 - KNXNet/IP gateways often left open to the internet, 8 Feb 2022 - 31 May 2023 (478 days) :2023-01-01, 2023-05-31
DIVD-2022-00063 - Memory overflow vulnerability in FortiOS SSL VPN, 12 Dec 2022 - 31 May 2023 (171 days) :2023-01-01, 2023-05-31
DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS, 8 Sep 2022 - 22 Jul 2024 (684 days) :2023-01-01, 2024-01-01
DIVD-2022-00065 - Multiple Critical Vulnerabilities in multiple Zyxel EOL devices, 19 Dec 2022 - 20 Jul 2023 (214 days) :2023-01-01, 2023-07-20
DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN, 16 Nov 2022 - 31 May 2023 (197 days) :2023-01-01, 2023-05-31
DIVD-2023-00001 - Citrix systems vulnerable for CVE-2022-27510 and/or CVE-2022-27518, 18 Jan 2023 - 24 May 2023 (127 days) :2023-01-18, 2023-05-24
DIVD-2023-00002 - Publicly Reachable Malicious Webshells, 6 Jan 2023 - 15 Feb 2023 (41 days) :2023-01-06, 2023-02-15
DIVD-2023-00003 - OS command injection in CentOS CWP, 11 Jan 2023 - 22 Feb 2023 (43 days) :2023-01-11, 2023-02-22
DIVD-2023-00004 - Unauthenticated Remote Command Execution using SAML in Zoho ManageEngine, 20 Jan 2023 - 17 Apr 2023 (88 days) :2023-01-20, 2023-04-17
DIVD-2023-00006 - Unauthenticated code injection in QNAP QTS and QuTS hero, 2 Feb 2023 - 22 Mar 2023 (49 days) :2023-02-02, 2023-03-22
DIVD-2023-00007 - Global VMware ESXi Ransomware Attack, 3 Feb 2023 - 18 Apr 2023 (75 days) :2023-02-03, 2023-04-18
DIVD-2023-00009 - Cisco RV Series Remote Command Execution, 7 Feb 2023 - 4 Aug 2023 (179 days) :2023-02-07, 2023-08-04
DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server, 14 Feb 2023 - 22 Jul 2024 (525 days) :2023-02-14, 2024-01-01
DIVD-2023-00011 - FortiNAC and FortiWeb RCE Vulnerability, 3 Feb 2023 - 20 Dec 2023 (321 days) :2023-02-03, 2023-12-20
DIVD-2023-00012 - Unauthenticated Remote Command Execution in IBM Aspera Faspex, 17 Feb 2023 - 20 Apr 2023 (63 days) :2023-02-17, 2023-04-20
DIVD-2023-00014 - Critical Broken Authentication Flaw in Jira Service Management Products, 1 Feb 2023 - 5 Apr 2023 (64 days) :2023-02-01, 2023-04-05
DIVD-2023-00015 - Yeastar Configuration Panel Takeover, 20 Jan 2023 - 2 Feb 2023 (14 days) :2023-01-20, 2023-02-02
DIVD-2023-00016 - GLPI Remote Code Execution, 10 Nov 2022 - 25 May 2023 (197 days) :2023-01-01, 2023-05-25
DIVD-2023-00017 - Cisco Small Business Router Authentication Bypass, 15 Mar 2023 - 26 Sep 2023 (196 days) :2023-03-15, 2023-09-26
DIVD-2023-00020 - PaperCut MF/NG Authentication Bypass, 20 Apr 2023 - 10 May 2023 (21 days) :2023-04-20, 2023-05-10
DIVD-2023-00021 - Multiple vulnerabilities in Danfoss AK-EM 100, 18 Jan 2023 - 20 Dec 2023 (337 days) :2023-01-18, 2023-12-20
DIVD-2023-00022 - OS command injection vulnerability of Zyxel firewalls, 28 Apr 2023 - 20 Dec 2023 (237 days) :2023-04-28, 2023-12-20
DIVD-2023-00023 - SQL injection in MOVEit Transfer - CVE-2023-34362, 2 Jun 2023 - 27 Jul 2023 (56 days) :2023-06-02, 2023-07-27
DIVD-2023-00024 - SQL injection in GeoServer - CVE-2023-25157, 7 Jun 2023 - 26 Sep 2023 (112 days) :2023-06-07, 2023-09-26
DIVD-2023-00025 - Multiple vulnerabilities in Danfoss AK-SM800A, 18 Jan 2023 - 20 Dec 2023 (337 days) :2023-01-18, 2023-12-20
DIVD-2023-00026 - Apache Superset authentication bypass leads to RCE - CVE-2023-27524, 2 Jul 2023 - 7 Jul 2023 (6 days) :2023-07-02, 2023-07-07
DIVD-2023-00027 - Ignite Realtime Openfire auth bypass - CVE-2023-32315, 23 Jun 2023 - 6 Sep 2023 (76 days) :2023-06-23, 2023-09-06
DIVD-2023-00028 - SQL Injection in MOVEit Transfer - CVE-2023-36934, 6 Jul 2023 - 22 Jul 2024 (383 days) :2023-07-06, 2024-01-01
DIVD-2023-00029 - Critical Fortinet SSL-VPN RCE Vulnerability, 9 Jun 2023 - 26 Sep 2023 (110 days) :2023-06-09, 2023-09-26
DIVD-2023-00030 - Citrix systems vulnerable for CVE-2023-3519, 18 Jul 2023 - 24 Jul 2023 (7 days) :2023-07-18, 2023-07-24
DIVD-2023-00031 - Ivanti MobileIron vulnerable for CVE-2023-35078, 25 Jul 2023 - 26 Sep 2023 (64 days) :2023-07-25, 2023-09-26
DIVD-2023-00032 - Access Control Bypass - CVE-2023-29298 & CVE-2023-38205, 14 Jul 2023 - 11 Aug 2023 (29 days) :2023-07-14, 2023-08-11
DIVD-2023-00033 - Citrix systems exploited with CVE-2023-3519, 18 Jul 2023 - 26 Sep 2023 (71 days) :2023-07-18, 2023-09-26
DIVD-2023-00034 - API Authentication Bypass Vulnerability in Ivanti Sentry, 22 Aug 2023 - 26 Sep 2023 (36 days) :2023-08-22, 2023-09-26
DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series, 11 Sep 2023 - 6 May 2024 (239 days) :2023-09-11, 2024-01-01
DIVD-2023-00036 - Authentication Bypass in JetBrains TeamCity, 20 Sep 2023 - 16 Dec 2023 (88 days) :2023-09-20, 2023-12-16
DIVD-2023-00037 - Security Feature Bypass in MinIO, 26 Sep 2023 - 30 Nov 2023 (66 days) :2023-09-26, 2023-11-30
DIVD-2023-00038 - Global Cisco IOS-XE (CVE-2023-20198) Implants, 17 Oct 2023 - 1 Dec 2023 (46 days) :2023-10-17, 2023-12-01
DIVD-2023-00039 - VMware vCenter Server RCE, 25 Oct 2023 - 22 Jul 2024 (272 days) :2023-10-25, 2024-01-01
DIVD-2023-00040 - Critical F5 BIG-IP unauthenticated RCE Vulnerability, 28 Oct 2023 - 9 Nov 2023 (13 days) :2023-10-28, 2023-11-09
DIVD-2023-00042 - Confluence improper authorization vulnerability, 11 Nov 2023 - 14 Apr 2024 (156 days) :2023-11-11, 2024-01-01
DIVD-2023-00045 - Confluence RCE Vulnerability In Confluence Data Center and Confluence Server, 5 Dec 2023 - 14 Apr 2024 (132 days) :2023-12-05, 2024-01-01
DIVD-2024-00003 - Unauthenticaded Remote Code Execution in CrushFTP, 13 Dec 2023 - 17 Apr 2024 (127 days) :2023-12-13, 2024-01-01
DIVD-2024-00004 - 2024-00004 Global NGOs, 4 Oct 2023 -> ? (open) :2023-10-04, 2024-01-01
gantt
title Cases in 2022
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
DIVD-2021-00006 - SmarterMail, 30 Apr 2021 - 13 Jan 2022 (259 days) :2022-01-01, 2022-01-13
DIVD-2021-00014 - Kaseya Unitrends, 2 Jul 2021 - 5 Jul 2023 (734 days) :2022-01-01, 2023-01-01
DIVD-2021-00015 - Telegram OD, 10 Jun 2021 - 10 Oct 2022 (488 days) :2022-01-01, 2022-10-10
DIVD-2021-00020 - OSNexsus QuantaStor limited disclosure and product warning, 10 Aug 2021 - 16 Oct 2023 (798 days) :2022-01-01, 2023-01-01
DIVD-2021-00021 - Qlik Sense Enterprise domain user enumeration, 18 Aug 2021 - 1 Apr 2022 (227 days) :2022-01-01, 2022-04-01
DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle, 30 Aug 2021 - 10 Oct 2022 (407 days) :2022-01-01, 2022-10-10
DIVD-2021-00023 - Atlassian Confluence OGNL injection (RCE), 22 Sep 2021 - 10 Oct 2022 (384 days) :2022-01-01, 2022-10-10
DIVD-2021-00029 - Smartertrack, 17 Oct 2021 - 10 Oct 2022 (359 days) :2022-01-01, 2022-10-10
DIVD-2021-00033 - Sites with Potential SQL-Injection, 16 Nov 2021 - 9 Feb 2022 (86 days) :2022-01-01, 2022-02-09
DIVD-2021-00036 - VMware vCenter Server arbitrary file read vulnerability, 3 Dec 2021 - 12 Jan 2022 (41 days) :2022-01-01, 2022-01-12
DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solution, 1 Dec 2021 - 10 Oct 2022 (314 days) :2022-01-01, 2022-10-10
DIVD-2021-00038 - Apache Log4j2, 9 Dec 2021 - 5 Apr 2022 (118 days) :2022-01-01, 2022-04-05
DIVD-2021-00039 - HP iLO, 31 Dec 2021 - 9 Mar 2022 (69 days) :2022-01-01, 2022-03-09
DIVD-2022-00002 - Grafana, 7 Dec 2021 - 7 Nov 2022 (336 days) :2022-01-01, 2022-11-07
DIVD-2022-00004 - Post-Log4J Open Database C2 and Monero Miner Infections, 13 Jan 2022 - 25 May 2022 (133 days) :2022-01-13, 2022-05-25
DIVD-2022-00005 - Exposed BACnet devices, 29 Jan 2022 - 20 Apr 2022 (82 days) :2022-01-29, 2022-04-20
DIVD-2022-00006 - SAProuter, 7 Feb 2022 - 13 Jul 2022 (157 days) :2022-02-07, 2022-07-13
DIVD-2022-00007 - Subdomain Takeovers, 4 Feb 2022 - 1 Dec 2022 (301 days) :2022-02-04, 2022-12-01
DIVD-2022-00008 - XSS Zeroday in Zimbra, 14 Dec 2021 - 20 Apr 2022 (128 days) :2022-01-01, 2022-04-20
DIVD-2022-00009 - SolarMan backend administrator account/password, 6 Feb 2022 - 2 Jul 2022 (147 days) :2022-02-06, 2022-07-02
DIVD-2022-00010 - Auth bypass in SAP, 8 Feb 2022 - 10 Apr 2022 (62 days) :2022-02-08, 2022-04-10
DIVD-2022-00012 - Global Charity Vulnerabilities, 22 Feb 2022 - 12 Jan 2023 (325 days) :2022-02-22, 2023-01-01
DIVD-2022-00013 - The curious case of the odd update.microsoft.com certificates, 5 Feb 2022 - 23 Oct 2022 (261 days) :2022-02-05, 2022-10-23
DIVD-2022-00014 - GreyNoise's Ukraine only list, 4 Mar 2022 - 15 Aug 2022 (165 days) :2022-03-04, 2022-08-15
DIVD-2022-00015 - Unauthenticated user enumeration on GraphQL API, 4 Mar 2022 - 31 Aug 2022 (181 days) :2022-03-04, 2022-08-31
DIVD-2022-00017 - Global Healthcare Vulnerabilities, 10 Mar 2022 - 1 Mar 2023 (357 days) :2022-03-10, 2023-01-01
DIVD-2022-00019 - Insecure Mendix Applications, 19 Mar 2022 - 7 Nov 2022 (234 days) :2022-03-19, 2022-11-07
DIVD-2022-00020 - Inproper input validation vulnerabilities identified within Feathers.js, 23 Feb 2022 - 27 May 2023 (459 days) :2022-02-23, 2023-01-01
DIVD-2022-00021 - Ivanti EPM CSA remote code execution, 25 Mar 2022 - 20 Nov 2022 (241 days) :2022-03-25, 2022-11-20
DIVD-2022-00022 - WatchGuard Firebox and XTM appliance ACE vulnerability, 29 Mar 2022 - 31 Oct 2022 (217 days) :2022-03-29, 2022-10-31
DIVD-2022-00024 - Spring Cloud RCE - CVE-2022-22963, 31 Mar 2022 - 22 Sep 2022 (176 days) :2022-03-31, 2022-09-22
DIVD-2022-00025 - VMware - CVE-2022-22954, 12 Apr 2022 - 1 Dec 2022 (234 days) :2022-04-12, 2022-12-01
DIVD-2022-00026 - WSO2 Remote Code Executions - CVE-2022-29464, 24 Apr 2022 - 20 Nov 2022 (211 days) :2022-04-24, 2022-11-20
DIVD-2022-00027 - F5 BIG-IP iControl REST API remote code execution, 10 May 2022 - 25 Jun 2022 (47 days) :2022-05-10, 2022-06-25
DIVD-2022-00029 - Remote Code Execution on Sophos Firewall, 10 May 2022 - 22 Feb 2023 (289 days) :2022-05-10, 2023-01-01
DIVD-2022-00030 - Exposed QNAP, 23 May 2022 - 10 Jun 2022 (19 days) :2022-05-23, 2022-06-10
DIVD-2022-00032 - Exchange backdoor, 3 Jun 2022 - 22 Nov 2022 (173 days) :2022-06-03, 2022-11-22
DIVD-2022-00033 - Atlassian Confluence 0-day unauthenticated RCE, 3 Jun 2022 - 1 Dec 2022 (182 days) :2022-06-03, 2022-12-01
DIVD-2022-00038 - Vulnerable Oracle WebLogic Server, 3 Jul 2022 - 7 Mar 2023 (248 days) :2022-07-03, 2023-01-01
DIVD-2022-00042 - Canon print portals facing the internet, 18 Aug 2022 - 5 Apr 2023 (231 days) :2022-08-18, 2023-01-01
DIVD-2022-00045 - Injection vulnerability found within Socket.io, 29 Apr 2022 - 22 Feb 2023 (300 days) :2022-04-29, 2023-01-01
DIVD-2022-00048 - Dossier Energy Transition, 7 Sep 2022 - 1 Apr 2024 (573 days) :2022-09-07, 2023-01-01
DIVD-2022-00051 - H2 Web Console - CVE-2021-42392, CVE-2022-23221, 9 Sep 2022 - 11 Jan 2023 (125 days) :2022-09-09, 2023-01-01
DIVD-2022-00053 - Atlassian Bitbucket Server - CVE-2022-36804, 21 Sep 2022 - 22 Feb 2023 (155 days) :2022-09-21, 2023-01-01
DIVD-2022-00054 - ProxyNotShell - Microsoft Exchange SSRF and RCE, 30 Sep 2022 - 10 Apr 2023 (193 days) :2022-09-30, 2023-01-01
DIVD-2022-00055 - Server Management Interfaces security issues, 8 Oct 2022 - 8 Jan 2023 (93 days) :2022-10-08, 2023-01-01
DIVD-2022-00056 - Critical authentication bypass affecting Fortigate products, 7 Oct 2022 - 5 Apr 2023 (181 days) :2022-10-07, 2023-01-01
DIVD-2022-00058 - ZK Framework - ZK AuUploader Servlet Upload Vulnerability, 30 Oct 2022 - 21 May 2023 (204 days) :2022-10-30, 2023-01-01
DIVD-2022-00060 - Command Injection vulnerability in Bitbucket Server and Data Center, 17 Nov 2022 - 13 Mar 2023 (117 days) :2022-11-17, 2023-01-01
DIVD-2022-00061 - KNXNet/IP gateways often left open to the internet, 8 Feb 2022 - 31 May 2023 (478 days) :2022-02-08, 2023-01-01
DIVD-2022-00063 - Memory overflow vulnerability in FortiOS SSL VPN, 12 Dec 2022 - 31 May 2023 (171 days) :2022-12-12, 2023-01-01
DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS, 8 Sep 2022 - 22 Jul 2024 (684 days) :2022-09-08, 2023-01-01
DIVD-2022-00065 - Multiple Critical Vulnerabilities in multiple Zyxel EOL devices, 19 Dec 2022 - 20 Jul 2023 (214 days) :2022-12-19, 2023-01-01
DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN, 16 Nov 2022 - 31 May 2023 (197 days) :2022-11-16, 2023-01-01
DIVD-2023-00016 - GLPI Remote Code Execution, 10 Nov 2022 - 25 May 2023 (197 days) :2022-11-10, 2023-01-01
gantt
title Cases in 2021
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDR, 26 Oct 2020 - 11 May 2021 (198 days) :2021-01-01, 2021-05-11
DIVD-2021-00001 - Microsoft on-prem Exchange Servers, 3 Mar 2021 - 15 May 2021 (74 days) :2021-03-03, 2021-05-15
DIVD-2021-00002 - Kaseya VSA, 1 Apr 2021 - 9 Jul 2021 (100 days) :2021-04-01, 2021-07-09
DIVD-2021-00004 - Gelekte phishing gegevens / Leaked phishing credentials, 7 May 2021 - 10 May 2021 (4 days) :2021-05-07, 2021-05-10
DIVD-2021-00005 - Pulse Secure PreAuth RCE, 21 Apr 2021 - 1 Aug 2021 (103 days) :2021-04-21, 2021-08-01
DIVD-2021-00006 - SmarterMail, 30 Apr 2021 - 13 Jan 2022 (259 days) :2021-04-30, 2022-01-01
DIVD-2021-00007 - EA Origin XSS and RCE 1-click, 21 Apr 2021 - 13 Jul 2021 (84 days) :2021-04-21, 2021-07-13
DIVD-2021-00010 - vCenter Server PreAuth RCE, 30 May 2021 - 30 Nov 2021 (185 days) :2021-05-30, 2021-11-30
DIVD-2021-00011 - Kaseya VSA Disclosure, 1 Apr 2021 - 7 Jul 2021 (98 days) :2021-04-01, 2021-07-07
DIVD-2021-00012 - Warehouse Botnet, 20 May 2021 - 4 Jun 2021 (16 days) :2021-05-20, 2021-06-04
DIVD-2021-00014 - Kaseya Unitrends, 2 Jul 2021 - 5 Jul 2023 (734 days) :2021-07-02, 2022-01-01
DIVD-2021-00015 - Telegram OD, 10 Jun 2021 - 10 Oct 2022 (488 days) :2021-06-10, 2022-01-01
DIVD-2021-00017 - SolarWinds N-able N-central agent vulnerabilities, 5 Jul 2021 - 24 Sep 2021 (82 days) :2021-07-05, 2021-09-24
DIVD-2021-00020 - OSNexsus QuantaStor limited disclosure and product warning, 10 Aug 2021 - 16 Oct 2023 (798 days) :2021-08-10, 2022-01-01
DIVD-2021-00021 - Qlik Sense Enterprise domain user enumeration, 18 Aug 2021 - 1 Apr 2022 (227 days) :2021-08-18, 2022-01-01
DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle, 30 Aug 2021 - 10 Oct 2022 (407 days) :2021-08-30, 2022-01-01
DIVD-2021-00023 - Atlassian Confluence OGNL injection (RCE), 22 Sep 2021 - 10 Oct 2022 (384 days) :2021-09-22, 2022-01-01
DIVD-2021-00026 - Omigod Microsoft Open Management Interface RCE, 15 Sep 2021 - 24 Nov 2021 (71 days) :2021-09-15, 2021-11-24
DIVD-2021-00027 - Apache HTTP 2.4.49 Path Traversal and File Disclosure, 5 Oct 2021 - 1 Dec 2021 (58 days) :2021-10-05, 2021-12-01
DIVD-2021-00029 - Smartertrack, 17 Oct 2021 - 10 Oct 2022 (359 days) :2021-10-17, 2022-01-01
DIVD-2021-00030 - GitLab Unauthenticated RCE Flaw, 1 Nov 2021 - 29 Dec 2021 (59 days) :2021-11-01, 2021-12-29
DIVD-2021-00033 - Sites with Potential SQL-Injection, 16 Nov 2021 - 9 Feb 2022 (86 days) :2021-11-16, 2022-01-01
DIVD-2021-00036 - VMware vCenter Server arbitrary file read vulnerability, 3 Dec 2021 - 12 Jan 2022 (41 days) :2021-12-03, 2022-01-01
DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solution, 1 Dec 2021 - 10 Oct 2022 (314 days) :2021-12-01, 2022-01-01
DIVD-2021-00038 - Apache Log4j2, 9 Dec 2021 - 5 Apr 2022 (118 days) :2021-12-09, 2022-01-01
DIVD-2021-00039 - HP iLO, 31 Dec 2021 - 9 Mar 2022 (69 days) :2021-12-31, 2022-01-01
DIVD-2022-00002 - Grafana, 7 Dec 2021 - 7 Nov 2022 (336 days) :2021-12-07, 2022-01-01
DIVD-2022-00008 - XSS Zeroday in Zimbra, 14 Dec 2021 - 20 Apr 2022 (128 days) :2021-12-14, 2022-01-01
gantt
title Cases in 2020
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
DIVD-2020-00001 - Citrix ADC, 13 Jan 2020 - 9 Mar 2020 (57 days) :2020-01-13, 2020-03-09
DIVD-2020-00002 - Wildcard certificaten Citrix ADC, 9 Jan 2020 - 22 Jan 2020 (14 days) :2020-01-09, 2020-01-22
DIVD-2020-00003 - Microsoft RDP Gateway vulnerable for Bluegate RCE, 27 Jan 2020 - 9 Mar 2020 (43 days) :2020-01-27, 2020-03-09
DIVD-2020-00004 - List of Mirai botnet victims published with credentials, 20 Jan 2020 - 7 Feb 2020 (19 days) :2020-01-20, 2020-02-07
DIVD-2020-00005 - Apache Tomcat AJP File Read/Inclusion Vulnerability, 22 Feb 2020 - 3 Dec 2020 (286 days) :2020-02-22, 2020-12-03
DIVD-2020-00006 - SMBv3 Server Compression Transform Header Memory Corruption, 10 Mar 2020 - 3 Dec 2020 (269 days) :2020-03-10, 2020-12-03
DIVD-2020-00007 - Citrix ShareFile, 26 May 2020 - 23 Jun 2020 (29 days) :2020-05-26, 2020-06-23
DIVD-2020-00008 - 313 000 Wordpress sites scanned, 10 Nov 2020 - 30 Nov 2020 (21 days) :2020-11-10, 2020-11-30
DIVD-2020-00009 - Pulse Secure VPN enterprise Leak, 5 Aug 2020 - 3 Dec 2020 (121 days) :2020-08-05, 2020-12-03
DIVD-2020-00010 - wpDiscuz plugin Remote Code Excution, 4 Aug 2020 - 3 Dec 2020 (122 days) :2020-08-04, 2020-12-03
DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDR, 26 Oct 2020 - 11 May 2021 (198 days) :2020-10-26, 2021-01-01
DIVD-2020-00012 - 49 000 vulnerable Fortinet VPN devices, 22 Nov 2020 - 3 Dec 2020 (12 days) :2020-11-22, 2020-12-03
DIVD-2020-00013 - Gelekte phishing wachtwoorden / Leaked phishing credentials, 20 Dec 2020 - 31 Dec 2020 (12 days) :2020-12-20, 2020-12-31
DIVD-2020-00014 - SolarWinds Orion, 28 Dec 2020 - 30 Dec 2020 (3 days) :2020-12-28, 2020-12-30