Skip to the content.
Home
/ CVEs
DIVD CSIRT
Making the internet safer through Coordinated Vulnerability Disclosure
Menu
Home
DIVD
CSIRT
Cases
DIVD-2023-00023 - SQL injection in MOVEit Transfer - CVE-2023-34362
MOVEit Transfer has a critical SQL injection vulnerability that is actively...
DIVD-2023-00022 - OS command injection vulnerability of Zyxel firewalls
Zyxel has released patches for an OS command injection vulnerability found ...
DIVD-2023-00021 - Multiple vulnerabilities in Danfoss AK-EM 100
Danfoss AK-EM 100 has multiple web-related vulnerabilities. It is advised t...
DIVD-2023-00020 - PaperCut MF/NG Authentication Bypass
This vulnerability allows remote attackers to bypass authentication on affe...
DIVD-2023-00017 - Cisco Small Business Router Authentication Bypass
Cisco RV016, RV042, RV042G and RV082 contain an authentication bypass vulne...
DIVD-2023-00016 - GLPI Remote Code Execution
GLPI version below 9.5.9 & 10.0.3 are vulnerable to Remote Code Execution...
DIVD-2023-00015 - Yeastar Configuration Panel Takeover
Yeastar N412 and N824 Configuration Panels are vulnerable to unauthenticate...
DIVD-2023-00014 - Critical Broken Authentication Flaw in Jira Service Manag
Vulnerable Jira Service Management Server and Data Center versions allow an...
DIVD-2023-00012 - Unauthenticated Remote Command Execution in IBM Aspera Fa
IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary ...
DIVD-2023-00011 - FortiNAC and FortiWeb RCE Vulnerability
Fortinet has released security updates for its FortiNAC and FortiWeb produc...
DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server
Remote Code Execution vulnerability was found and fixed in Microsoft Exchan...
DIVD-2023-00009 - Cisco RV Series Remote Command Execution
Cisco RV340, RV340W, RV345 and RV345P contain a Remote Command Execution vu...
DIVD-2023-00007 - Global VMware ESXi Ransomware Attack
Criminals are attacking VMware ESXi servers vulnerable to CVE-2021-21974 wo...
DIVD-2023-00006 - Unauthenticated code injection in QNAP QTS and QuTS hero
QNAP has released an advisory for devices running QTS 5.0.1 and QuTS hero h...
DIVD-2023-00004 - Unauthenticated Remote Command Execution using SAML in Zo
Use of outdated Apache Santuario library in Zoho ManageEngine causes an una...
DIVD-2023-00003 - OS command injection in CentOS CWP
The login/index.php endpoint in CentOS Control Web Panel 7 before 0.9.8.114...
DIVD-2023-00002 - Publicly Reachable Malicious Webshells
DIVD is searching the Internet for publicly reachable malicious webshells....
DIVD-2023-00001 - Citrix systems vulnerable for CVE-2022-27510 and/or CVE-
Based on scanning data obtained from Fox-IT, DIVD is notifying owners of vu...
DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit S
Multiple vulnerabilities have been identified in White Rabbit Switch from C...
DIVD-2022-00065 - Multiple Critical Vulnerabilities in multiple Zyxel EOL d
Based on disclosure by Sec Consult, DIVD performed scans of end of life dev...
All cases
CVEs
CVE-2023-25912 - Webreport disclosure to unauthorized actor in Danfoss AK-EM ...
CVE-2023-25911 - OS Command Injection in Danfoss AK-EM 100...
CVE-2023-22586 - Local File Inclusion in Danfoss AK-EM 100...
CVE-2023-22585 - Reflected Cross-Site Scripting in Danfoss AK-EM 100...
CVE-2023-22584 - Cleartext credentials in Danfoss AK-EM 100...
CVE-2023-22583 - SQL Injection in Danfoss AK-EM 100...
CVE-2023-22581 - White Rabbit Switch - Unauthenticated remote code execution...
CVE-2023-22580 - Sequalize - Bad query filtering leading to SQL errors...
CVE-2023-22579 - Sequalize - Unsafe fall-through in getWhereConditions...
CVE-2023-22578 - Sequalize - Default support for “raw attributes” when using ...
CNA
Blog
2023-02-24 : DIVD’s response regard the involvement of a DIVD volunteer in a major data ...
2023-01-18 : Fox-IT and DIVD cooperate to warn owners of vulnerable Citrix servers...
2022-12-14 : Fortinet sslvpnd vulnerability - update...
2022-12-13 : Fortinet SSL VPN Vulnerability...
2022-08-15 : Closing GeyNoise Ukraine Only case...
2022-08-10 : Itarian Full disclosure...
2022-08-09 : SmarterTrack Full disclosure...
2022-06-08 : ITarian critical vulnerabilities...
2022-06-03 : Confluence 0-day...
2022-04-04 : Kaseya Full Disclosure...
More...
Donate
Search...
RSS
Contact
CVE-2023-25912 - Webreport disclosure to unauthorized actor in Danfoss AK-EM 100
CVE-2023-25911 - OS Command Injection in Danfoss AK-EM 100
CVE-2023-22586 - Local File Inclusion in Danfoss AK-EM 100
CVE-2023-22585 - Reflected Cross-Site Scripting in Danfoss AK-EM 100
CVE-2023-22584 - Cleartext credentials in Danfoss AK-EM 100
CVE-2023-22583 - SQL Injection in Danfoss AK-EM 100
CVE-2023-22581 - White Rabbit Switch - Unauthenticated remote code execution
CVE-2023-22580 - Sequalize - Bad query filtering leading to SQL errors
CVE-2023-22579 - Sequalize - Unsafe fall-through in getWhereConditions
CVE-2023-22578 - Sequalize - Default support for “raw attributes” when using parentheses
CVE-2023-22577 - White Rabbit Switch - Password Disclosure Vulnerability
CVE-2022-45052 - Local File Inclusion in Axiell Iguana CMS
CVE-2022-45051 - Reflected POST XSS in Axiell Iguana CMS
CVE-2022-45050 - Reflected XSS in Axiell Iguana CMS
CVE-2022-45049 - Reflected XSS in Axiell Iguana CMS
CVE-2022-41217 - Cloudflow - Unauthenticated file upload vulnerability
CVE-2022-41216 - Cloudflow - Local File Inclusion Vulnerability
CVE-2022-3901 - Visioweb.js - Prototype Pollution can results in XSS
CVE-2022-29823 - Feathers - Query “__proto__” is converted to real prototype
CVE-2022-29822 - Feathers - Improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection
CVE-2022-25153 - ITarian - Local privilege escalation in Endpoint Manager agent on Windows
CVE-2022-25152 - ITarian - Any user with a valid session token can create and execute agent procedures and bypass mandatory approvals
CVE-2022-25151 - ITarian - Session cookie not protected by HttpOnly flag
CVE-2022-24387 - File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010
CVE-2022-24386 - Stored XSS in SmarterTrack v100.0.8019.14010
CVE-2022-24385 - Information disclosure via direct object access on SmarterTrack v100.0.8019.14010
CVE-2022-24384 - Reflective XSS on SmarterTrack v100.0.8019.14010
CVE-2022-2422 - Feathers - SQL injection via attribute aliases
CVE-2022-2421 - Socket.io - Improper type validation in attachment parsing
CVE-2022-0564 - Qlik sense Enterprise Domain User enumeration
CVE-2021-43977 - SmarterTools SmarterMail before 100.0.7803 allows XSS
CVE-2021-40387 - Authenticated Remote Code Execution in UniTrends Server < v10.5.5-2
CVE-2021-40386 - Undisclosed critical vulnerability in Unitrends Client, currently unpatched
CVE-2021-40385 - Privilege escalation from read-only to administrator in web interface of UniTrends Server < v10.5.5-2
CVE-2021-32234 - SmarterTools SmarterMail before Build 7776 allows RCE
CVE-2021-32233 - SmarterTools SmarterMail before Build 7776 allows XSS
CVE-2021-30201 - Unauthenticated XML External Entity vulnerability in Kaseya VSA < v9.5.6
CVE-2021-30121 - (Semi-)Authenticated local file inclusion in Kaseya VSA < v9.5.6
CVE-2021-30120 - 2FA bypass in Kaseya VSA <= v9.5.6
CVE-2021-30119 - Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6
CVE-2021-30118 - Unauthenticated Remote Code Execution in Kaseya VSA < v9.5.5
CVE-2021-30117 - Authenticated SQL injection in Kaseya VSA < v9.5.6
CVE-2021-30116 - Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6
CVE-2021-26474 - UNAUTHENTICATED SERVER SIDE REQUEST FORGERY IN VEMBU PRODUCTS
CVE-2021-26473 - Unauthenticated arbitrary file upload and command execution in Vembu products
CVE-2021-26472 - Unauthenticated remote command execution with SYSTEM privileges in Vembu products
CVE-2021-26471 - Unauthenticated remote command execution in Vembu products