Skip to the content.
Home
/ CVEs
DIVD CSIRT
Making the internet safer through Coordinated Vulnerability Disclosure
Menu
Home
DIVD
CSIRT
Cases
DIVD-2021-00030 - GitLab Unauthenticated RCE Flaw
Gitlab fixes a critical remote code execution (RCE) vulnerability in GitLab...
DIVD-2021-00027 - Apache HTTP 2.4.49 Path Traversal and File Disclosure
Apache fixes actively exploited web server zero-day...
DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle
New vulnerabilities in Microsoft Exchange...
DIVD-2021-00017 – SolarWinds N-able N-central agent vulnerabilities
DIVD recommends updating N-able to version 2021.1 HF6 or higher....
DIVD-2021-00015 - Telegram OD
Telegram group shares stolen credentials....
DIVD-2021-00014 - Kaseya Unitrends
DIVD recommends not exposing the on-premise Kaseya Unitrends servers to the...
DIVD-2021-00012 - Warehouse Botnet
Botnet stolen credentials...
DIVD-2021-00011 - Kaseya VSA Limited Disclosure
Multiple vulnerabilities discovered in Kaseya VSA....
DIVD-2021-00010 - vCenter Server PreAuth RCE
A PreAuth RCE vulnerability has been found in vCenter Server...
DIVD-2021-00007 - EA Origin XSS and RCE 1-click
DIVD recommends updating the Origin client and don't click untrusted Origin...
DIVD-2021-00006 - SmarterMail
Multiple vulnerabilities discovered in SmarterMail....
DIVD-2021-00005 - Pulse Secure PreAuth RCE
A PreAuth RCE vulnerability has been found in Pulse Connect Secure...
DIVD-2021-00004 - Gelekte phishing gegevens / Leaked phishing credentials
A list of credentials that phishers gained from victims has leaked and has ...
DIVD-2021-00002 - Kaseya VSA
Kaseya recommends disabling the on-premise Kaseya VSA servers immediately....
DIVD-2021-00001 - Microsoft on-prem Exchange Servers
On-prem Exchange Servers targeted with 0-day exploits...
DIVD-2020-00014 - SolarWinds Orion
SolarWinds Orion API authentication bypass...
DIVD-2020-00013 - Gelekte phishing wachtwoorden / Leaked phishing credentia
A list of credentials that phishers gained from victims has leaked and has ...
DIVD-2020-00012 - 49 000 vulnerable Fortinet VPN devices
A list of 49 577 vulnerable Fortinet devices leaked online...
DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDR
Four critical vulnerabilities in Vembu BDR...
DIVD-2020-00010 - wpDiscuz plugin Remote Code Excution
WordPress Plugin wpDiscuz has a vulnerability that alllows attackers to tak...
DIVD-2020-00009 - Pulse Secure VPN enterprise Leak
Data dumped from compromised Pulse Secure VPN enterprise servers....
DIVD-2020-00008 - 313 000 Wordpress sites scanned
313 000 .NL domains running Wordpress scanned....
DIVD-2020-00007 - Citrix ShareFile
Citrix ShareFile storage zones Controller multiple security updates...
DIVD-2020-00006 - SMBv3 Server Compression Transform Header Memory Corrupti
SMBv3 Server Compression Transform Header Memory Corruption...
DIVD-2020-00005 - Apache Tomcat AJP File Read/Inclusion Vulnerability
Apache Tomcat AJP File Read/Inclusion Vulnerability...
DIVD-2020-00004 - List of Mirai botnet victims published with credentials
List of Mirai botnet victims published with credentials...
DIVD-2020-00003 - Microsoft RDP Gateway vulnerable for Bluegate RCE
Exploits available for MS RDP Gateway Bluegate...
DIVD-2020-00002 - Wildcard certificaten Citrix ADC
Wildcard Certificates Citrix ADC...
DIVD-2020-00001 - Citrix ADC
Citrix ADC...
CVEs
CVE-2021-43977 - SmarterTools SmarterMail before 100.0.7803 allows XSS...
CVE-2021-40387 - Authenticated Remote Code Execution in UniTrends Server < v...
CVE-2021-40386 - Undisclosed critical vulnerability in Unitrends Client, curr...
CVE-2021-40385 - Privilege escalation from read-only to administrator in web ...
CVE-2021-32234 - SmarterTools SmarterMail before Build 7776 allows RCE...
CVE-2021-32233 - SmarterTools SmarterMail before Build 7776 allows XSS...
CVE-2021-30201 - Authenticated XML External Entity vulnerability in Kaseya VS...
CVE-2021-30121 - Authenticated local file inclusion in Kaseya VSA < v9.5.6...
CVE-2021-30120 - 2FA bypass in Kaseya VSA <= v9.5.6...
CVE-2021-30119 - Authenticated Authenticated reflective XSS in Kaseya VSA <= ...
Blog
2021-11-27 : NMAP script for GitLab CVE-2021-22205...
2021-11-11 : GitLab Unauthenticated RCE Flaw...
2021-11-04 : SolarWinds N-able N-central...
2021-10-07 : Apache HTTP 2.4.49 Path Traversal and File Disclosure Update...
2021-10-05 : Apache HTTP 2.4.49 Path Traversal and File Disclosure...
2021-08-26 : Exchange ProxyShell and ProxyOracle...
2021-08-26 : Kaseya Unitrends update...
2021-08-25 : Vembu BDR Full Disclosure...
2021-08-20 : Social media consolidation...
2021-08-20 : Planned Vembu Full Disclosure...
More...
Donate
RSS
Contact
CVE-2021-43977 - SmarterTools SmarterMail before 100.0.7803 allows XSS
CVE-2021-40387 - Authenticated Remote Code Execution in UniTrends Server < v10.5.5-2
CVE-2021-40386 - Undisclosed critical vulnerability in Unitrends Client, currently unpatched
CVE-2021-40385 - Privilege escalation from read-only to administrator in web interface of UniTrends Server < v10.5.5-2
CVE-2021-32234 - SmarterTools SmarterMail before Build 7776 allows RCE
CVE-2021-32233 - SmarterTools SmarterMail before Build 7776 allows XSS
CVE-2021-30201 - Authenticated XML External Entity vulnerability in Kaseya VSA < v9.5.6
CVE-2021-30121 - Authenticated local file inclusion in Kaseya VSA < v9.5.6
CVE-2021-30120 - 2FA bypass in Kaseya VSA <= v9.5.6
CVE-2021-30119 - Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6
CVE-2021-30118 - Unautheticated RCE in Kaseya VSA < v9.5.5
CVE-2021-30117 - Autheticated SQL injection in Kaseya VSA < v9.5.6
CVE-2021-30116 - Unautheticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6
CVE-2021-26474 - Unauthenticated server side request forgery in Vembu products
CVE-2021-26473 - Unauthenticated arbitrary file upload and command execution in Vembu products
CVE-2021-26472 - Unauthenticated remote command execution with SYSTEM privileges in Vembu products
CVE-2021-26471 - Unauthenticated remote command execution in Vembu products