Skip to the content.
Home
/ CVEs
DIVD CSIRT
Making the internet safer through Coordinated Vulnerability Disclosure
Menu
Home
DIVD
CSIRT
Cases
DIVD-2024-00033 - ServiceNow - unauthenticated remote code execution (RCE)
Multiple vulnerabilities have been found in ServiceNow. Combining these vul...
DIVD-2024-00032 - Unauthenticated Remote Code Execution (RCE) vulnerability
Geoserver has a Remote Code Execution (RCE) vulnerability in evaluating pro...
DIVD-2024-00030 - Zyxel NAS - unauthenticated OS command injection
Multiple vulnerabilities have been found in the firmware of the Zyxel NAS d...
DIVD-2024-00029 - VMware vCenter Server multiple heap-overflow vulnerabilit
The vCenter Server contains multiple heap-overflow vulnerabilities in the i...
DIVD-2024-00028 - Local File Inclusion in SolarWinds U-Serv
SolarWinds U-Serv was susceptible to a Path Traversal vulnerability, result...
DIVD-2024-00026 - Unauthenticated RCE in Rejetto HTTP File Server
In Rejetto HTTP File Server, version 2.3x up to 2.4 RC07, an vulnerability ...
DIVD-2024-00025 - QNAP - OS command injection as Admin user possible via qu
Two OS command injection vulnerabilities via quick.cgi file are found in QN...
DIVD-2024-00023 - Authentication Bypass Vulnerability in Progress Telerik R
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier...
DIVD-2024-00021 - Local File Inclusion in Check Point Security Gateway soft
An unauthenticated local file inclusion vulnerability was present in Check ...
DIVD-2024-00020 - Authentication Bypass in GitHub Enterprise Server (GHES)
An authentication bypass vulnerability was present in GitHub Enterprise Ser...
DIVD-2024-00019 - Victim Notification Operation Endgame
The DIVD is notifying victims of several botnets, based on information obta...
DIVD-2024-00018 - Out-Of-Bounds memory read vulnerability in Citrix Netscal
In Citrix Netscaler and Gateway products (VPN virtual server, ICA Proxy, CV...
DIVD-2024-00016 - Command injection vulnerabilities in QNAP devices
Several (OS) command injection vulnerabilities are found in QNAP QTS, QuTS ...
DIVD-2024-00015 - Remote Command Execution in CrushFTP
CrushFTP has a RCE vulnerability that can be exploited without authenticati...
DIVD-2024-00014 - Qlik Sense Remote Code Execution
Multiple unauthenticated remote code execution vulnerabilities in Qlik Sens...
DIVD-2024-00013 - Palo Alto PAN-OS Command Injection Vulnerability in Globa
A command injection vulnerability has been discovered in the GlobalProtect ...
DIVD-2024-00010 - Unauthenticated Command Injection In Progress Kemp LoadMa
Unauthenticated remote attackers can access the system through the LoadMast...
DIVD-2024-00009 - Authentication Bypass in JetBrains TeamCity
Successful exploitation of CVE-2024-27198 and CVE-2024-27199 allows an unau...
DIVD-2024-00008 - Authentication Bypass and Remote Code Execution in Connec
Successful exploitation of CVE-2024-1708 and CVE-2024-1709 allows an unauth...
DIVD-2024-00006 - Authentication Bypass in JetBrains TeamCity
Successful exploitation of CVE-2024-23917 allows an unauthenticated attacke...
All cases
CVEs
CVE-2024-21875 - DoS attack when broadcasting billboard messages...
CVE-2023-25915 - Remote Command Execution in Danfoss AK-SM800A...
CVE-2023-25914 - Path Traversal in Danfoss AK-SM800A...
CVE-2023-25913 - Authentication Bypass in Danfoss AK-SM800A...
CVE-2023-25912 - Webreport disclosure to unauthorized actor in Danfoss AK-EM ...
CVE-2023-25911 - OS Command Injection in Danfoss AK-EM 100...
CVE-2023-22586 - Local File Inclusion in Danfoss AK-EM 100...
CVE-2023-22585 - Reflected Cross-Site Scripting in Danfoss AK-EM 100...
CVE-2023-22584 - Cleartext credentials in Danfoss AK-EM 100...
CVE-2023-22583 - SQL Injection in Danfoss AK-EM 100...
CNA
Blog
2024-05-30 : DIVD CSIRT performs victim notification for Operation Endgame...
2024-04-25 : DIVD CSIRT Congratulates Project Melissa...
2023-07-10 : Limited disclosure of 6 vulnerabilities in OSNexus Quantastor...
2023-02-24 : DIVD’s response regard the involvement of a DIVD volunteer in a major data ...
2023-01-18 : Fox-IT and DIVD cooperate to warn owners of vulnerable Citrix servers...
2022-12-14 : Fortinet sslvpnd vulnerability - update...
2022-12-13 : Fortinet SSL VPN Vulnerability...
2022-08-15 : Closing GeyNoise Ukraine Only case...
2022-08-10 : Itarian Full disclosure...
2022-08-09 : SmarterTrack Full disclosure...
More...
Donate
Search...
RSS
Contact
CVE-2024-21875 - DoS attack when broadcasting billboard messages
CVE-2023-25915 - Remote Command Execution in Danfoss AK-SM800A
CVE-2023-25914 - Path Traversal in Danfoss AK-SM800A
CVE-2023-25913 - Authentication Bypass in Danfoss AK-SM800A
CVE-2023-25912 - Webreport disclosure to unauthorized actor in Danfoss AK-EM 100
CVE-2023-25911 - OS Command Injection in Danfoss AK-EM 100
CVE-2023-22586 - Local File Inclusion in Danfoss AK-EM 100
CVE-2023-22585 - Reflected Cross-Site Scripting in Danfoss AK-EM 100
CVE-2023-22584 - Cleartext credentials in Danfoss AK-EM 100
CVE-2023-22583 - SQL Injection in Danfoss AK-EM 100
CVE-2023-22581 - White Rabbit Switch - Unauthenticated remote code execution
CVE-2023-22580 - Sequalize - Bad query filtering leading to SQL errors
CVE-2023-22579 - Sequalize - Unsafe fall-through in getWhereConditions
CVE-2023-22578 - Sequalize - Default support for “raw attributes” when using parentheses
CVE-2023-22577 - White Rabbit Switch - Password Disclosure Vulnerability
CVE-2022-45052 - Local File Inclusion in Axiell Iguana CMS
CVE-2022-45051 - Reflected POST XSS in Axiell Iguana CMS
CVE-2022-45050 - Reflected XSS in Axiell Iguana CMS
CVE-2022-45049 - Reflected XSS in Axiell Iguana CMS
CVE-2022-41217 - Cloudflow - Unauthenticated file upload vulnerability
CVE-2022-41216 - Cloudflow - Local File Inclusion Vulnerability
CVE-2022-3901 - Visioweb.js - Prototype Pollution can results in XSS
CVE-2022-29823 - Feathers - Query “__proto__” is converted to real prototype
CVE-2022-29822 - Feathers - Improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection
CVE-2022-25153 - ITarian - Local privilege escalation in Endpoint Manager agent on Windows
CVE-2022-25152 - ITarian - Any user with a valid session token can create and execute agent procedures and bypass mandatory approvals
CVE-2022-25151 - ITarian - Session cookie not protected by HttpOnly flag
CVE-2022-24387 - File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010
CVE-2022-24386 - Stored XSS in SmarterTrack v100.0.8019.14010
CVE-2022-24385 - Information disclosure via direct object access on SmarterTrack v100.0.8019.14010
CVE-2022-24384 - Reflective XSS on SmarterTrack v100.0.8019.14010
CVE-2022-2422 - Feathers - SQL injection via attribute aliases
CVE-2022-2421 - Socket.io - Improper type validation in attachment parsing
CVE-2022-0564 - Qlik sense Enterprise Domain User enumeration
CVE-2021-4406 - Authenticated Remote COmmand Execution as root in OSNEXUS QuantaStor version 6.0.0.355 and others
CVE-2021-43977 - SmarterTools SmarterMail before 100.0.7803 allows XSS
CVE-2021-42083 - Authenticated Stored XSS in OSNEXUS QuantaStor 6.0.0.335
CVE-2021-42082 - Local Privilege Escalation to root in OSNEXUS QuantaStor before 6.0.0.355
CVE-2021-42081 - Authenticated Remote Command Execution vulnerability in OSNEXUS QuantaStor before 6.0.0.355
CVE-2021-42080 - Reflected XSS vulnerability in OSNEXUS QuantaStor before 6.0.0.355
CVE-2021-42079 - SSRF vulnerability in OSNEXUS QuantaStor before 6.0.0.355
CVE-2021-40387 - Authenticated Remote Code Execution in UniTrends Server < v10.5.5-2
CVE-2021-40386 - Remote code execution in Unitrends Client prior to v10.6.2
CVE-2021-40385 - Privilege escalation from read-only user to admin in Kaseya Unitrends Backup Server < 10.5.5-2
CVE-2021-32234 - SmarterTools SmarterMail before Build 7776 allows RCE
CVE-2021-32233 - SmarterTools SmarterMail before Build 7776 allows XSS
CVE-2021-30201 - Unauthenticated XML External Entity vulnerability in Kaseya VSA < v9.5.6
CVE-2021-30121 - (Semi-)Authenticated local file inclusion in Kaseya VSA < v9.5.6
CVE-2021-30120 - 2FA bypass in Kaseya VSA <= v9.5.6
CVE-2021-30119 - Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6
CVE-2021-30118 - Unauthenticated Remote Code Execution in Kaseya VSA < v9.5.5
CVE-2021-30117 - Authenticated SQL injection in Kaseya VSA < v9.5.6
CVE-2021-30116 - Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6
CVE-2021-26474 - UNAUTHENTICATED SERVER SIDE REQUEST FORGERY IN VEMBU PRODUCTS
CVE-2021-26473 - Unauthenticated arbitrary file upload and command execution in Vembu products
CVE-2021-26472 - Unauthenticated remote command execution with SYSTEM privileges in Vembu products
CVE-2021-26471 - Unauthenticated remote command execution in Vembu products