Open cases
DIVD-2023-00023 - SQL injection in MOVEit Transfer - CVE-2023-34362Max van der Horst
MOVEit Transfer has a critical SQL injection vulnerability that is actively exploited for data theft.
More
DIVD-2023-00022 - OS command injection vulnerability of Zyxel firewallsStan Plasmeijer
Zyxel has released patches for an OS command injection vulnerability found by TRAPA Security and urges uses to install them for optimal protection.
More
DIVD-2023-00021 - Multiple vulnerabilities in Danfoss AK-EM 100Max van der Horst
Danfoss AK-EM 100 has multiple web-related vulnerabilities. It is advised to phase out this product, as this product is End of Life.
More
DIVD-2023-00020 - PaperCut MF/NG Authentication BypassMax van der Horst
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut MF/NG 22.0.5 (Build 63914).
More
DIVD-2023-00017 - Cisco Small Business Router Authentication BypassMax van der Horst
Cisco RV016, RV042, RV042G and RV082 contain an authentication bypass vulnerability.
More
DIVD-2023-00011 - FortiNAC and FortiWeb RCE VulnerabilityMax van der Horst
Fortinet has released security updates for its FortiNAC and FortiWeb products to fix two critical vulnerabilities.
More
DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange ServerCélistine Oosting
Remote Code Execution vulnerability was found and fixed in Microsoft Exchange Server, the DIVD is scanning for vulnerable systems and notifying owners of vulnerable systems
More
DIVD-2023-00009 - Cisco RV Series Remote Command ExecutionMax van der Horst
Cisco RV340, RV340W, RV345 and RV345P contain a Remote Command Execution vulnerability.
More
DIVD-2023-00002 - Publicly Reachable Malicious WebshellsMax van der Horst
DIVD is searching the Internet for publicly reachable malicious webshells.
More
Closed cases
DIVD-2023-00016 - GLPI Remote Code ExecutionFinn van der Knaap en Josha Beekman
GLPI version below 9.5.9 & 10.0.3 are vulnerable to Remote Code Execution
More
DIVD-2023-00015 - Yeastar Configuration Panel TakeoverRutger Hermens
Yeastar N412 and N824 Configuration Panels are vulnerable to unauthenticated account takeover.
More
DIVD-2023-00014 - Critical Broken Authentication Flaw in Jira Service Management ProductsRutger Hermens
Vulnerable Jira Service Management Server and Data Center versions allow an attacker to impersonate another user and gain access under certain circumstances.
More
DIVD-2023-00012 - Unauthenticated Remote Command Execution in IBM Aspera FaspexAxel Boesenach
IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system.
More
DIVD-2023-00007 - Global VMware ESXi Ransomware AttackMax van der Horst
Criminals are attacking VMware ESXi servers vulnerable to CVE-2021-21974 worldwide to deploy ransomware.
More
DIVD-2023-00006 - Unauthenticated code injection in QNAP QTS and QuTS heroStan Plasmeijer
QNAP has released an advisory for devices running QTS 5.0.1 and QuTS hero h5.0.1. Those devices might be vulnerable for code injection.
More
DIVD-2023-00004 - Unauthenticated Remote Command Execution using SAML in Zoho ManageEngineMax van der Horst
Use of outdated Apache Santuario library in Zoho ManageEngine causes an unauthenticated RCE vulnerability by sending a malicious SAML response.
More
DIVD-2023-00003 - OS command injection in CentOS CWPMax van der Horst
The login/index.php endpoint in CentOS Control Web Panel 7 before 0.9.8.1147 allows unauthenticated attackers to execute OS commands.
More
DIVD-2023-00001 - Citrix systems vulnerable for CVE-2022-27510 and/or CVE-2022-27518Frank Breedijk
Based on scanning data obtained from Fox-IT, DIVD is notifying owners of vulnerable Citrix ADC and Gateway systems
More
Open cases
DIVD-2022-00065 - Multiple Critical Vulnerabilities in multiple Zyxel EOL devicesRutger Hermens
Based on disclosure by Sec Consult, DIVD performed scans of end of life device impacted by multiple vulnerabilities.
More
DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMSMax van der Horst
Multiple injection vulnerabilities have been identified within Axiell Iguana CMS, each of which can lead to compromise of the system.
More
DIVD-2022-00061 - KNXNet/IP gateways often left open to the internetPepijn van der Stap
DIVD is scanning for and notifying parties about KNXNet/IP gateways that are accessible from the internet.
More
DIVD-2022-00058 - ZK Framework - ZK AuUploader Servlet Upload VulnerabilityAxel Boesenach
DIVD is scanning for parties vulnerable to CVE-2022-36537.
More
DIVD-2022-00056 - Critical authentication bypass affecting Fortigate productsTom Wolters
DIVD is scanning for parties vulnerable to CVE-2022-40684
More
DIVD-2022-00055 - Server Management Interfaces security issuesPepijn van der Stap
DIVD is researching vulnerabilities in (hardware) server management interfaces globally and notifying the owners of misconfigured services.
More
DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow softwareVictor Pasman
DIVD is scanning for parties vulnerable to CVE-2022-41216 and CVE-2022-41217
More
DIVD-2022-00048 - Dossier Energy TransitionFrank Breedijk
In this dossier we are tracking cases and other findings related to the global energy transition
More
DIVD-2022-00030 - Exposed QNAPRalph Horn
QNAP urges users to immediately patch NAS devices after several were recently compromised and infected with malicious software. DIVD is actively notifying owners of vulnerable systems
More
DIVD-2022-00017 - Global Healthcare VulnerabilitiesVictor Gevers
DIVD is researching vulnerabilities in healthcare services globally and notifying these services.
More
Closed cases
DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERNVictor Pasman
Multiple vulnerabilities have been identified in White Rabbit Switch from CERN. Leveraging these vulnerabilities could allow an attacker to compromise the system.
More
DIVD-2022-00063 - Memory overflow vulnerability in FortiOS SSL VPNRalph Horn
DIVD is scanning for parties vulnerable to CVE-2022-42475
More
DIVD-2022-00060 - Command Injection vulnerability in Bitbucket Server and Data CenterMax van der Horst
DIVD is scanning for parties vulnerable to CVE-2022-43781
More
DIVD-2022-00054 - ProxyNotShell - Microsoft Exchange SSRF and RCEMax van der Horst
DIVD is scanning for parties vulnerable to CVE-2022-41040 and CVE-2022-41082 (nicknamed ProxyNotShell).
More
DIVD-2022-00053 - Atlassian Bitbucket Server - CVE-2022-36804Pepijn van der Stap
DIVD is researching Bitbucket instances that are vulnerable to CVE-2022-36804.
More
DIVD-2022-00051 - H2 Web Console - CVE-2021-42392, CVE-2022-23221Martin van Wingerden
DIVD is researching vulnerable, accessible H2 Web Console instances
More
DIVD-2022-00045 - Injection vulnerability found within Socket.ioVictor Pasman
A injection vulnerability was identified in Socket.io which can result in Remote Code Execution (RCE)
More
DIVD-2022-00042 - Canon print portals facing the internetSimon Kort
Easily accessible Canon print portals facing towards the internet can lead to full access to the administration interface of the printer.
More
DIVD-2022-00038 - Vulnerable Oracle WebLogic ServerTom Wolters
Patch vulnerable Oracle WebLogic servers immediately as some versions are vulnerable for an Local File Inclusion Attack, which causes secrets and sourcecode to be readable by malicious attackers. DIVD is actively notifying owners of vulnerable systems
More
DIVD-2022-00033 - Atlassian Confluence 0-day unauthenticated RCEFrank Breedijk
CVE-2022-26134 is a 0-day RCE in Confluence. We are scanning the internet for exposed servers and warning owners. If you have Confluence the advice is to apply the patch and if that is not possible to take it offline
More
DIVD-2022-00032 - Exchange backdoorVictor Pasman
Sneaky backdoor installed on earlier hit Exchange Servers.
More
DIVD-2022-00029 - Remote Code Execution on Sophos FirewallVictor Pasman
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
More
DIVD-2022-00027 - F5 BIG-IP iControl REST API remote code executionPepijn van der Stap
F5 BIG-IP is vulnerable to remote code execution due to a vulnerability that allows attackers to execute commands by leveraging a authentication bypass in the REST API. DIVD is actively notifying owners of vulnerable systems
More
DIVD-2022-00026 - WSO2 Remote Code Executions - CVE-2022-29464Pepijn van der Stap
WSO2 servers are vulnerable to remote code execution due to a vulnerability that allows attackers to perform unauthenticated unrestricted arbitrary file uploads. DIVD is actively notifying owners of vulnerable systems
More
DIVD-2022-00025 - VMware - CVE-2022-22954Victor Pasman
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
More
DIVD-2022-00024 - Spring Cloud RCE - CVE-2022-22963Pepijn van der Stap
Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. DIVD is actively notifying owners of vulnerable systems
More
DIVD-2022-00022 - WatchGuard Firebox and XTM appliance ACE vulnerabilityMax van der Horst
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code. DIVD is actively scanning to notify owners of vulnerable systems.
More
DIVD-2022-00021 - Ivanti EPM CSA remote code executionPepijn van der Stap
DIVD is searching for vulnerable instances of the Ivanti EPM Cloud Services Appliance (CSA).
More
DIVD-2022-00020 - Inproper input validation vulnerabilities identified within Feathers.jsVictor Pasman
Inproper input validation vulnerabilities are identified in Feathers.js, these can result in SQL-injection on the system.
More
DIVD-2022-00019 - Insecure Mendix ApplicationsJohn Cornegge
DIVD is researching misconfigured Entity access rules in applications built with the Mendix Platform.
More
DIVD-2022-00015 - Unauthenticated user enumeration on GraphQL APIMick Beer
CVE-2021-4191: GitLab GraphQL API User Enumeration
More
DIVD-2022-00014 - GreyNoise's Ukraine only listFrank Breedijk
GreyNoise has created a public list of IP addresses that have exclusively been observed in their honeypots in Ukraine, and not anywhere else. We decided to take it upon ourselves to make network administrators aware of the fact that these hosts are on this list.
More
DIVD-2022-00013 - The curious case of the odd update.microsoft.com certificatesFrank Breedijk
An exploration into a curious case where 13k+ servers are offering the same tls certificate
More
DIVD-2022-00012 - Global Charity VulnerabilitiesMax van der Horst
DIVD is researching vulnerabilities in charities globally and notifying these charities.
More
DIVD-2022-00010 - Auth bypass in SAPPatrick Hulshof
Unauthenticated user impersonation (auth bypass) in SAP Posted on February 8 2022
More
DIVD-2022-00009 - SolarMan backend administrator account/passwordFrank Breedijk
DIVD researcher Jelle Ursem found the password of the super user of the web backend for all SolarMan / Solis / Omnik / Ginlong inverters, loggers, and batteries. The password has been changed now, and the repository containing the password has been deleted.
More
DIVD-2022-00008 - XSS Zeroday in ZimbraBoaz Braaksma
A new Zero-day XSS Vulnerability in Zimbra was published on the internet on the third of February 2022.
More
DIVD-2022-00007 - Subdomain TakeoversMartin van Wingerden
Subdomain Takeovers via CNAMES or A records pointing to Azure, AWS, GitHub or unregistered domains
More
DIVD-2022-00006 - SAProuterJoris van de Vis
DIVD scanned for internet connected SAProuters that respond to information-requests, meaning they are not properly secured.
More
DIVD-2022-00004 - Post-Log4J Open Database C2 and Monero Miner InfectionsMax van der Horst
Post-Log4J Open Database Instances used for C2 and Monero Miner Infections.
More
DIVD-2022-00002 - GrafanaTom Wolters
Unauthenticated Directory Traversal vulnerability in Grafana - CVE-2021-43798
More
Open cases
DIVD-2021-00014 - Kaseya UnitrendsVictor Gevers
Users of on-premise Kaseya Unitrends are advised to not expose this service directly to the internet
More
Closed cases
DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solutionVictor Pasman,Frank Breedijk
ITarian an online platform and on-premise solution for Managed Services Providers, contains 3 critical vulnerabilities. Vulnerabilities have been patched in the SaaS version only!
More
DIVD-2021-00036 - VMware vCenter Server arbitrary file read vulnerabilityLennaert Oudshoorn
We will be scanning for CVE-2021-21980
More
DIVD-2021-00033 - Sites with Potential SQL-InjectionCélistine Oosting
We obtained a list with sites potentially vulnerable to SQL-Injection
More
DIVD-2021-00030 - GitLab Unauthenticated RCE FlawJeroen van de Weerd
We will be scanning for CVE-2021-22205
More
DIVD-2021-00029 - SmartertrackFinn van der Knaap
Several vulnerabilities have been found in the helpdesk software called SmarterTrack made by SmarterTools.
More
DIVD-2021-00027 - Apache HTTP 2.4.49 Path Traversal and File DisclosureDiego Klinkhamer
We will be scanning for CVE-2021-41773
More
DIVD-2021-00026 - Omigod: Microsoft Open Management Interface RCECélistine Oosting
Omigod vulnerabilities make it possible to execute remote code via Microsoft Open Management Interface (OMI) this service is installed automatically on machines running certain Azure services (either on premise or in the cloud)
More
DIVD-2021-00023 - Atlassian Confluence OGNL injection (RCE)Pepijn van der Stap
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
More
DIVD-2021-00022 - Exchange ProxyShell and ProxyOracleFrank Breedijk
We will be scanning for the vulnerabilities related to the ProxyShell and ProxyOracle attacks against Microsoft Exchange.
More
DIVD-2021-00021 - Qlik Sense Enterprise domain user enumerationHidde Smit
Domain user enumeration via response timing
More
DIVD-2021-00017 - SolarWinds N-able N-central agent vulnerabilitiesHidde Smit
Vulnerabilities discovered affect multi-tenant environments.
More
DIVD-2021-00015 - Telegram ODVictor Gevers
One of our researchers has discovered a Telegram group that shares millions of usernames and passwords that criminals have stolen from their victims.
More
DIVD-2021-00012 - Warehouse BotnetFrank Breedijk
One of our researchers has discovered a database full of usernames and passwords that criminals have stolen from their victims'.
More
DIVD-2021-00011 - Kaseya VSA DisclosureLennaert Oudshoorn
Wietse Boonstra found multiple vulnerabilities in Kaseya VSA, this casefile details the disclosure process.
More
DIVD-2021-00010 - vCenter Server PreAuth RCEHidde Smit
A critical vulnerability has been found in VMware vCenter Server versions 3.x, 4.x, 6.5, 6.7 and 7.0.
More
DIVD-2021-00007 - EA Origin XSS and RCE 1-clickHidde Smit
Origin users are advised to update Origin client to the latest version
More
DIVD-2021-00006 - SmarterMailVictor Pasman
Multiple vulnerabilities discovered in all versions of 16.x of Smartertools SmarterMail and all versions before 100.0.7803 (May 13, 2021)
More
DIVD-2021-00005 - Pulse Secure PreAuth RCEMatthijs Koot
Er zijn kritieke kwetsbaarheden gevonden in Pulse Secure Connect versies >=9.0R3 en =9.0R3 and <9.1R11.4.
More
DIVD-2021-00004 - Gelekte phishing gegevens / Leaked phishing credentialsLennaert Oudshoorn,Célistine Oosting
DIVD heeft een lijst van bij phishing buitgemaakte en daarna gelekte emailadressen en wachtwoorden van een security researcher ontvangen. / DIVD has received a list of credentials obtained through phishing from a security researcher.
More
DIVD-2021-00002 - Kaseya VSAVictor Gevers,Lennaert Oudshoorn
Users of on-premise Kaseya VSA are advised to disable their Kaseya VSA servers.
More
DIVD-2021-00001 - Microsoft on-prem Exchange ServersLennaert Oudshoorn
Microsoft heeft meerdere 0-day exploits ontdekt die actief gebruikt worden om on-premises versies van Microsoft Exchange Server aan te vallen. / Microsoft has detected multiple 0-day exploits that are actively being used in attacks against on-premises versions of Microsoft Exchange Server.
More
Open cases
Closed cases
DIVD-2020-00014 - SolarWinds OrionLennaert Oudshoorn
Een authenticatie bypass kan aanvallers de mogelijkeheid geven om API commando's uit te voeren, hierdoor kan het systeem gecompromiteerd worden. / An authentication bypass could allow attackers to execute API commands which may result in a compromise of the system.
More
DIVD-2020-00013 - Gelekte phishing wachtwoorden / Leaked phishing credentialsFrank Breedijk
DIVD heeft een lijst van bij phishing buitgemaakte en daarna gelekte email en wachtwoorden van een partner ontvangen / DIVD has received a list of credentials obtained through phishing from a partner.
More
DIVD-2020-00012 - 49 000 vulnerable Fortinet VPN devicesLennaert Oudshoorn
Er is een lijst online aangetroffen met 49 577 kwetsbare Fortinet VPN devices waarvan login credentials gestolen kunnen worden / A list was found online, with 49 577 vulnerable Fortinet VPN devices, potentially login credentials could be exposed
More
DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDRFrank Breedijk
DIVD Onderzoeker Wietse Boonstra heeft vier critieke kwetsbaarheden gevonden in Vembu BDR, patches zijn beschikbaar / DIVD researcher Wietse Boonstra hasdiscovered four critical vulnerabilities in Vembu BDR, patches are available.
More
DIVD-2020-00010 - wpDiscuz plugin Remote Code ExcutionFrank Breedijk
In de WordPress Plugin wpDiscuz zit een kritieke kwetsbaarheid die aanvalles in staat stelt een systemen over te nemen / Wordpress plugin wpDiscuz has a critical vulnerability that allows an attacker to take over the system.
More
DIVD-2020-00009 - Pulse Secure VPN enterprise LeakLennaert Oudshoorn
Een datadump met informatie over meer dan 900 gecompromitteerde Pulse Secure VPN enterprise servers is publiek gemaakt. / A data dump with information of over 900 compromised Pulse Secure VPN enterprise servers has been released.
More
DIVD-2020-00008 - 313 000 Wordpress sites scannedLennaert Oudshoorn
Onderzoekers van het DIVD hebben 313 000 Wordpress sites met .NL domein gescanned, meldingen voor kwetsbare sites worden gedaan naarmate de resultaten verwerkt worden. / DIVD researchers scanned 313 000 Wordpress websites with .NL domains, vulnerability notifications are being sent as results are processed.
More
DIVD-2020-00007 - Citrix ShareFileLennaert Oudshoorn
Er is een kwetsbaarheid gevonden in Citrix ShareFile deze kwetsbaarheid kan gebruikt worden door een aanvaller om toegang te verkrijgen tot gevoelige data. / A vulnerabilty in Citrix ShareFile has been discovered, this vulnerability can be used by an attacker to potentially gain access to sensitive data.
More
DIVD-2020-00006 - SMBv3 Server Compression Transform Header Memory CorruptionSander Spierenburg
Security Meldpunt vraagt uw aandacht voor een SMBv3 kwetsbaarheid en gaat netwerkbeheerders met publiek beschikbare SMBv3 servers met compressie waarschuwen / The Security hotline is asking your attention for a vulnerabilty in SMBv3 and is going to warn network operators of Dutch IPs that respond to SMBv3 handshakes and have encryption enabled
More
DIVD-2020-00005 - Apache Tomcat AJP File Read/Inclusion VulnerabilityJeroen van de Weerd
773 Nederlandse IP adressen kwetsbaar voor Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability / 773 Dutch IP addresses vulnerable to Ghostcat - Apache Tomcat AJP File Read / Inclusion Vulnerability
More
DIVD-2020-00004 - List of Mirai botnet victims published with credentialsSander Spierenburg
Een lijst met ruim 500k+ botnet slachtoffers is gepubliceerd / A list of Mirai botnet victims has been published exposing a total of 500K+ systems
More
DIVD-2020-00003 - Microsoft RDP Gateway vulnerable for Bluegate RCEBarry van Kampen
16.000 kwetsbare Microsoft RDP Gateway systemen online / 16.000 vulnerable Microsoft RDP Gateway systemen online
More
DIVD-2020-00002 - Wildcard certificaten Citrix ADCFrank Breedijk
Op ruim 450 kwetsbare Citrix ADC systemen hebben wij wildcard certificaten aangetroffen / We have found over 450 vulnerable Citrix ADC that used wildcard certificates
More
DIVD-2020-00001 - Citrix ADCFrank Breedijk
Onze status omtrend CVE-2019-19781 / Our current status around CVE-2019-19781
More
gantt
title Cases in 2023
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
DIVD-2021-00014 - Kaseya Unitrends, 2 Jul 2021 -> ? (open) :2023-01-01, 2023-07-03
DIVD-2022-00012 - Global Charity Vulnerabilities, 22 Feb 2022 - 12 Jan 2023 (325 days) :2023-01-01, 2023-01-12
DIVD-2022-00017 - Global Healthcare Vulnerabilities, 10 Mar 2022 -> ? (open) :2023-01-01, 2023-07-03
DIVD-2022-00020 - Inproper input validation vulnerabilities identified within Feathers.js, 23 Feb 2022 - 27 May 2023 (459 days) :2023-01-01, 2023-05-27
DIVD-2022-00029 - Remote Code Execution on Sophos Firewall, 10 May 2022 - 22 Feb 2023 (289 days) :2023-01-01, 2023-02-22
DIVD-2022-00030 - Exposed QNAP, 23 May 2022 -> ? (open) :2023-01-01, 2023-07-03
DIVD-2022-00038 - Vulnerable Oracle WebLogic Server, 3 Jul 2022 - 7 Mar 2023 (248 days) :2023-01-01, 2023-03-07
DIVD-2022-00042 - Canon print portals facing the internet, 18 Aug 2022 - 5 Apr 2023 (231 days) :2023-01-01, 2023-04-05
DIVD-2022-00045 - Injection vulnerability found within Socket.io, 29 Apr 2022 - 22 Feb 2023 (300 days) :2023-01-01, 2023-02-22
DIVD-2022-00048 - Dossier Energy Transition, 7 Sep 2022 -> ? (open) :2023-01-01, 2023-07-03
DIVD-2022-00051 - H2 Web Console - CVE-2021-42392, CVE-2022-23221, 9 Sep 2022 - 11 Jan 2023 (125 days) :2023-01-01, 2023-01-11
DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software, 21 Feb 2023 -> ? (open) :2023-02-21, 2023-07-03
DIVD-2022-00053 - Atlassian Bitbucket Server - CVE-2022-36804, 21 Sep 2022 - 22 Feb 2023 (155 days) :2023-01-01, 2023-02-22
DIVD-2022-00054 - ProxyNotShell - Microsoft Exchange SSRF and RCE, 30 Sep 2022 - 10 Apr 2023 (193 days) :2023-01-01, 2023-04-10
DIVD-2022-00055 - Server Management Interfaces security issues, 8 Oct 2022 -> ? (open) :2023-01-01, 2023-07-03
DIVD-2022-00056 - Critical authentication bypass affecting Fortigate products, 7 Oct 2022 -> ? (open) :2023-01-01, 2023-07-03
DIVD-2022-00058 - ZK Framework - ZK AuUploader Servlet Upload Vulnerability, 30 Oct 2022 -> ? (open) :2023-01-01, 2023-07-03
DIVD-2022-00060 - Command Injection vulnerability in Bitbucket Server and Data Center, 17 Nov 2022 - 13 Mar 2023 (117 days) :2023-01-01, 2023-03-13
DIVD-2022-00061 - KNXNet/IP gateways often left open to the internet, 8 Feb 2022 -> ? (open) :2023-01-01, 2023-07-03
DIVD-2022-00063 - Memory overflow vulnerability in FortiOS SSL VPN, 12 Dec 2022 - 31 May 2023 (171 days) :2023-01-01, 2023-05-31
DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS, 8 Sep 2022 -> ? (open) :2023-01-01, 2023-07-03
DIVD-2022-00065 - Multiple Critical Vulnerabilities in multiple Zyxel EOL devices, 19 Dec 2022 -> ? (open) :2023-01-01, 2023-07-03
DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN, 16 Nov 2022 - 31 May 2023 (197 days) :2023-01-01, 2023-05-31
DIVD-2023-00001 - Citrix systems vulnerable for CVE-2022-27510 and/or CVE-2022-27518, 18 Jan 2023 - 24 May 2023 (127 days) :2023-01-18, 2023-05-24
DIVD-2023-00002 - Publicly Reachable Malicious Webshells, 6 Jan 2023 -> ? (open) :2023-01-06, 2023-07-03
DIVD-2023-00003 - OS command injection in CentOS CWP, 11 Jan 2023 - 22 Feb 2023 (43 days) :2023-01-11, 2023-02-22
DIVD-2023-00004 - Unauthenticated Remote Command Execution using SAML in Zoho ManageEngine, 20 Jan 2023 - 17 Apr 2023 (88 days) :2023-01-20, 2023-04-17
DIVD-2023-00006 - Unauthenticated code injection in QNAP QTS and QuTS hero, 2 Feb 2023 - 22 Mar 2023 (49 days) :2023-02-02, 2023-03-22
DIVD-2023-00007 - Global VMware ESXi Ransomware Attack, 3 Feb 2023 - 18 Apr 2023 (75 days) :2023-02-03, 2023-04-18
DIVD-2023-00009 - Cisco RV Series Remote Command Execution, 7 Feb 2023 -> ? (open) :2023-02-07, 2023-07-03
DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server, 14 Feb 2023 -> ? (open) :2023-02-14, 2023-07-03
DIVD-2023-00011 - FortiNAC and FortiWeb RCE Vulnerability, 3 Feb 2023 -> ? (open) :2023-02-03, 2023-07-03
DIVD-2023-00012 - Unauthenticated Remote Command Execution in IBM Aspera Faspex, 17 Feb 2023 - 20 Apr 2023 (63 days) :2023-02-17, 2023-04-20
DIVD-2023-00014 - Critical Broken Authentication Flaw in Jira Service Management Products, 1 Feb 2023 - 5 Apr 2023 (64 days) :2023-02-01, 2023-04-05
DIVD-2023-00015 - Yeastar Configuration Panel Takeover, 20 Jan 2023 - 2 Feb 2023 (14 days) :2023-01-20, 2023-02-02
DIVD-2023-00016 - GLPI Remote Code Execution, 10 Nov 2022 - 25 May 2023 (197 days) :2023-01-01, 2023-05-25
DIVD-2023-00017 - Cisco Small Business Router Authentication Bypass, 15 Mar 2023 -> ? (open) :2023-03-15, 2023-07-03
DIVD-2023-00020 - PaperCut MF/NG Authentication Bypass, 20 Apr 2023 -> ? (open) :2023-04-20, 2023-07-03
DIVD-2023-00021 - Multiple vulnerabilities in Danfoss AK-EM 100, 18 Jan 2023 -> ? (open) :2023-01-18, 2023-07-03
DIVD-2023-00022 - OS command injection vulnerability of Zyxel firewalls, 28 Apr 2023 -> ? (open) :2023-04-28, 2023-07-03
DIVD-2023-00023 - SQL injection in MOVEit Transfer - CVE-2023-34362, 2 Jun 2023 -> ? (open) :2023-06-02, 2023-07-03
gantt
title Cases in 2022
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
DIVD-2021-00006 - SmarterMail, 30 Apr 2021 - 13 Jan 2022 (259 days) :2022-01-01, 2022-01-13
DIVD-2021-00014 - Kaseya Unitrends, 2 Jul 2021 -> ? (open) :2022-01-01, 2023-01-01
DIVD-2021-00015 - Telegram OD, 10 Jun 2021 - 10 Oct 2022 (488 days) :2022-01-01, 2022-10-10
DIVD-2021-00021 - Qlik Sense Enterprise domain user enumeration, 18 Aug 2021 - 1 Apr 2022 (227 days) :2022-01-01, 2022-04-01
DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle, 30 Aug 2021 - 10 Oct 2022 (407 days) :2022-01-01, 2022-10-10
DIVD-2021-00023 - Atlassian Confluence OGNL injection (RCE), 22 Sep 2021 - 10 Oct 2022 (384 days) :2022-01-01, 2022-10-10
DIVD-2021-00029 - Smartertrack, 17 Oct 2021 - 10 Oct 2022 (359 days) :2022-01-01, 2022-10-10
DIVD-2021-00033 - Sites with Potential SQL-Injection, 16 Nov 2021 - 9 Feb 2022 (86 days) :2022-01-01, 2022-02-09
DIVD-2021-00036 - VMware vCenter Server arbitrary file read vulnerability, 3 Dec 2021 - 12 Jan 2022 (41 days) :2022-01-01, 2022-01-12
DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solution, 1 Dec 2021 - 10 Oct 2022 (314 days) :2022-01-01, 2022-10-10
DIVD-2021-00038 - Apache Log4j2, 9 Dec 2021 - 5 Apr 2022 (118 days) :2022-01-01, 2022-04-05
DIVD-2021-00039 - HP iLO, 31 Dec 2021 - 9 Mar 2022 (69 days) :2022-01-01, 2022-03-09
DIVD-2022-00002 - Grafana, 7 Dec 2021 - 7 Nov 2022 (336 days) :2022-01-01, 2022-11-07
DIVD-2022-00004 - Post-Log4J Open Database C2 and Monero Miner Infections, 13 Jan 2022 - 25 May 2022 (133 days) :2022-01-13, 2022-05-25
DIVD-2022-00005 - Exposed BACnet devices, 29 Jan 2022 - 20 Apr 2022 (82 days) :2022-01-29, 2022-04-20
DIVD-2022-00006 - SAProuter, 7 Feb 2022 - 13 Jul 2022 (157 days) :2022-02-07, 2022-07-13
DIVD-2022-00007 - Subdomain Takeovers, 4 Feb 2022 - 1 Dec 2022 (301 days) :2022-02-04, 2022-12-01
DIVD-2022-00008 - XSS Zeroday in Zimbra, 14 Dec 2021 - 20 Apr 2022 (128 days) :2022-01-01, 2022-04-20
DIVD-2022-00009 - SolarMan backend administrator account/password, 6 Feb 2022 - 2 Jul 2022 (147 days) :2022-02-06, 2022-07-02
DIVD-2022-00010 - Auth bypass in SAP, 8 Feb 2022 - 10 Apr 2022 (62 days) :2022-02-08, 2022-04-10
DIVD-2022-00012 - Global Charity Vulnerabilities, 22 Feb 2022 - 12 Jan 2023 (325 days) :2022-02-22, 2023-01-01
DIVD-2022-00013 - The curious case of the odd update.microsoft.com certificates, 5 Feb 2022 - 23 Oct 2022 (261 days) :2022-02-05, 2022-10-23
DIVD-2022-00014 - GreyNoise's Ukraine only list, 4 Mar 2022 - 15 Aug 2022 (165 days) :2022-03-04, 2022-08-15
DIVD-2022-00015 - Unauthenticated user enumeration on GraphQL API, 4 Mar 2022 - 31 Aug 2022 (181 days) :2022-03-04, 2022-08-31
DIVD-2022-00017 - Global Healthcare Vulnerabilities, 10 Mar 2022 -> ? (open) :2022-03-10, 2023-01-01
DIVD-2022-00019 - Insecure Mendix Applications, 19 Mar 2022 - 7 Nov 2022 (234 days) :2022-03-19, 2022-11-07
DIVD-2022-00020 - Inproper input validation vulnerabilities identified within Feathers.js, 23 Feb 2022 - 27 May 2023 (459 days) :2022-02-23, 2023-01-01
DIVD-2022-00021 - Ivanti EPM CSA remote code execution, 25 Mar 2022 - 20 Nov 2022 (241 days) :2022-03-25, 2022-11-20
DIVD-2022-00022 - WatchGuard Firebox and XTM appliance ACE vulnerability, 29 Mar 2022 - 31 Oct 2022 (217 days) :2022-03-29, 2022-10-31
DIVD-2022-00024 - Spring Cloud RCE - CVE-2022-22963, 31 Mar 2022 - 22 Sep 2022 (176 days) :2022-03-31, 2022-09-22
DIVD-2022-00025 - VMware - CVE-2022-22954, 12 Apr 2022 - 1 Dec 2022 (234 days) :2022-04-12, 2022-12-01
DIVD-2022-00026 - WSO2 Remote Code Executions - CVE-2022-29464, 24 Apr 2022 - 20 Nov 2022 (211 days) :2022-04-24, 2022-11-20
DIVD-2022-00027 - F5 BIG-IP iControl REST API remote code execution, 10 May 2022 - 25 Jun 2022 (47 days) :2022-05-10, 2022-06-25
DIVD-2022-00029 - Remote Code Execution on Sophos Firewall, 10 May 2022 - 22 Feb 2023 (289 days) :2022-05-10, 2023-01-01
DIVD-2022-00030 - Exposed QNAP, 23 May 2022 -> ? (open) :2022-05-23, 2023-01-01
DIVD-2022-00032 - Exchange backdoor, 3 Jun 2022 - 22 Nov 2022 (173 days) :2022-06-03, 2022-11-22
DIVD-2022-00033 - Atlassian Confluence 0-day unauthenticated RCE, 3 Jun 2022 - 1 Dec 2022 (182 days) :2022-06-03, 2022-12-01
DIVD-2022-00038 - Vulnerable Oracle WebLogic Server, 3 Jul 2022 - 7 Mar 2023 (248 days) :2022-07-03, 2023-01-01
DIVD-2022-00042 - Canon print portals facing the internet, 18 Aug 2022 - 5 Apr 2023 (231 days) :2022-08-18, 2023-01-01
DIVD-2022-00045 - Injection vulnerability found within Socket.io, 29 Apr 2022 - 22 Feb 2023 (300 days) :2022-04-29, 2023-01-01
DIVD-2022-00048 - Dossier Energy Transition, 7 Sep 2022 -> ? (open) :2022-09-07, 2023-01-01
DIVD-2022-00051 - H2 Web Console - CVE-2021-42392, CVE-2022-23221, 9 Sep 2022 - 11 Jan 2023 (125 days) :2022-09-09, 2023-01-01
DIVD-2022-00053 - Atlassian Bitbucket Server - CVE-2022-36804, 21 Sep 2022 - 22 Feb 2023 (155 days) :2022-09-21, 2023-01-01
DIVD-2022-00054 - ProxyNotShell - Microsoft Exchange SSRF and RCE, 30 Sep 2022 - 10 Apr 2023 (193 days) :2022-09-30, 2023-01-01
DIVD-2022-00055 - Server Management Interfaces security issues, 8 Oct 2022 -> ? (open) :2022-10-08, 2023-01-01
DIVD-2022-00056 - Critical authentication bypass affecting Fortigate products, 7 Oct 2022 -> ? (open) :2022-10-07, 2023-01-01
DIVD-2022-00058 - ZK Framework - ZK AuUploader Servlet Upload Vulnerability, 30 Oct 2022 -> ? (open) :2022-10-30, 2023-01-01
DIVD-2022-00060 - Command Injection vulnerability in Bitbucket Server and Data Center, 17 Nov 2022 - 13 Mar 2023 (117 days) :2022-11-17, 2023-01-01
DIVD-2022-00061 - KNXNet/IP gateways often left open to the internet, 8 Feb 2022 -> ? (open) :2022-02-08, 2023-01-01
DIVD-2022-00063 - Memory overflow vulnerability in FortiOS SSL VPN, 12 Dec 2022 - 31 May 2023 (171 days) :2022-12-12, 2023-01-01
DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS, 8 Sep 2022 -> ? (open) :2022-09-08, 2023-01-01
DIVD-2022-00065 - Multiple Critical Vulnerabilities in multiple Zyxel EOL devices, 19 Dec 2022 -> ? (open) :2022-12-19, 2023-01-01
DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN, 16 Nov 2022 - 31 May 2023 (197 days) :2022-11-16, 2023-01-01
DIVD-2023-00016 - GLPI Remote Code Execution, 10 Nov 2022 - 25 May 2023 (197 days) :2022-11-10, 2023-01-01
gantt
title Cases in 2021
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDR, 26 Oct 2020 - 11 May 2021 (198 days) :2021-01-01, 2021-05-11
DIVD-2021-00001 - Microsoft on-prem Exchange Servers, 3 Mar 2021 - 15 May 2021 (74 days) :2021-03-03, 2021-05-15
DIVD-2021-00002 - Kaseya VSA, 1 Apr 2021 - 9 Jul 2021 (100 days) :2021-04-01, 2021-07-09
DIVD-2021-00004 - Gelekte phishing gegevens / Leaked phishing credentials, 7 May 2021 - 10 May 2021 (4 days) :2021-05-07, 2021-05-10
DIVD-2021-00005 - Pulse Secure PreAuth RCE, 21 Apr 2021 - 1 Aug 2021 (103 days) :2021-04-21, 2021-08-01
DIVD-2021-00006 - SmarterMail, 30 Apr 2021 - 13 Jan 2022 (259 days) :2021-04-30, 2022-01-01
DIVD-2021-00007 - EA Origin XSS and RCE 1-click, 21 Apr 2021 - 13 Jul 2021 (84 days) :2021-04-21, 2021-07-13
DIVD-2021-00010 - vCenter Server PreAuth RCE, 30 May 2021 - 30 Nov 2021 (185 days) :2021-05-30, 2021-11-30
DIVD-2021-00011 - Kaseya VSA Disclosure, 1 Apr 2021 - 7 Jul 2021 (98 days) :2021-04-01, 2021-07-07
DIVD-2021-00012 - Warehouse Botnet, 20 May 2021 - 4 Jun 2021 (16 days) :2021-05-20, 2021-06-04
DIVD-2021-00014 - Kaseya Unitrends, 2 Jul 2021 -> ? (open) :2021-07-02, 2022-01-01
DIVD-2021-00015 - Telegram OD, 10 Jun 2021 - 10 Oct 2022 (488 days) :2021-06-10, 2022-01-01
DIVD-2021-00017 - SolarWinds N-able N-central agent vulnerabilities, 5 Jul 2021 - 24 Sep 2021 (82 days) :2021-07-05, 2021-09-24
DIVD-2021-00021 - Qlik Sense Enterprise domain user enumeration, 18 Aug 2021 - 1 Apr 2022 (227 days) :2021-08-18, 2022-01-01
DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle, 30 Aug 2021 - 10 Oct 2022 (407 days) :2021-08-30, 2022-01-01
DIVD-2021-00023 - Atlassian Confluence OGNL injection (RCE), 22 Sep 2021 - 10 Oct 2022 (384 days) :2021-09-22, 2022-01-01
DIVD-2021-00026 - Omigod Microsoft Open Management Interface RCE, 15 Sep 2021 - 24 Nov 2021 (71 days) :2021-09-15, 2021-11-24
DIVD-2021-00027 - Apache HTTP 2.4.49 Path Traversal and File Disclosure, 5 Oct 2021 - 1 Dec 2021 (58 days) :2021-10-05, 2021-12-01
DIVD-2021-00029 - Smartertrack, 17 Oct 2021 - 10 Oct 2022 (359 days) :2021-10-17, 2022-01-01
DIVD-2021-00030 - GitLab Unauthenticated RCE Flaw, 1 Nov 2021 - 29 Dec 2021 (59 days) :2021-11-01, 2021-12-29
DIVD-2021-00033 - Sites with Potential SQL-Injection, 16 Nov 2021 - 9 Feb 2022 (86 days) :2021-11-16, 2022-01-01
DIVD-2021-00036 - VMware vCenter Server arbitrary file read vulnerability, 3 Dec 2021 - 12 Jan 2022 (41 days) :2021-12-03, 2022-01-01
DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solution, 1 Dec 2021 - 10 Oct 2022 (314 days) :2021-12-01, 2022-01-01
DIVD-2021-00038 - Apache Log4j2, 9 Dec 2021 - 5 Apr 2022 (118 days) :2021-12-09, 2022-01-01
DIVD-2021-00039 - HP iLO, 31 Dec 2021 - 9 Mar 2022 (69 days) :2021-12-31, 2022-01-01
DIVD-2022-00002 - Grafana, 7 Dec 2021 - 7 Nov 2022 (336 days) :2021-12-07, 2022-01-01
DIVD-2022-00008 - XSS Zeroday in Zimbra, 14 Dec 2021 - 20 Apr 2022 (128 days) :2021-12-14, 2022-01-01
gantt
title Cases in 2020
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
DIVD-2020-00001 - Citrix ADC, 13 Jan 2020 - 9 Mar 2020 (57 days) :2020-01-13, 2020-03-09
DIVD-2020-00002 - Wildcard certificaten Citrix ADC, 9 Jan 2020 - 22 Jan 2020 (14 days) :2020-01-09, 2020-01-22
DIVD-2020-00003 - Microsoft RDP Gateway vulnerable for Bluegate RCE, 27 Jan 2020 - 9 Mar 2020 (43 days) :2020-01-27, 2020-03-09
DIVD-2020-00004 - List of Mirai botnet victims published with credentials, 20 Jan 2020 - 7 Feb 2020 (19 days) :2020-01-20, 2020-02-07
DIVD-2020-00005 - Apache Tomcat AJP File Read/Inclusion Vulnerability, 22 Feb 2020 - 3 Dec 2020 (286 days) :2020-02-22, 2020-12-03
DIVD-2020-00006 - SMBv3 Server Compression Transform Header Memory Corruption, 10 Mar 2020 - 3 Dec 2020 (269 days) :2020-03-10, 2020-12-03
DIVD-2020-00007 - Citrix ShareFile, 26 May 2020 - 23 Jun 2020 (29 days) :2020-05-26, 2020-06-23
DIVD-2020-00008 - 313 000 Wordpress sites scanned, 10 Nov 2020 - 30 Nov 2020 (21 days) :2020-11-10, 2020-11-30
DIVD-2020-00009 - Pulse Secure VPN enterprise Leak, 5 Aug 2020 - 3 Dec 2020 (121 days) :2020-08-05, 2020-12-03
DIVD-2020-00010 - wpDiscuz plugin Remote Code Excution, 4 Aug 2020 - 3 Dec 2020 (122 days) :2020-08-04, 2020-12-03
DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDR, 26 Oct 2020 - 11 May 2021 (198 days) :2020-10-26, 2021-01-01
DIVD-2020-00012 - 49 000 vulnerable Fortinet VPN devices, 22 Nov 2020 - 3 Dec 2020 (12 days) :2020-11-22, 2020-12-03
DIVD-2020-00013 - Gelekte phishing wachtwoorden / Leaked phishing credentials, 20 Dec 2020 - 31 Dec 2020 (12 days) :2020-12-20, 2020-12-31
DIVD-2020-00014 - SolarWinds Orion, 28 Dec 2020 - 30 Dec 2020 (3 days) :2020-12-28, 2020-12-30