Skip to the content.
Home
/ CVEs
DIVD CSIRT
Making the internet safer through Coordinated Vulnerability Disclosure
Menu
Home
DIVD
CSIRT
Cases
DIVD-2022-00060 - Command Injection vulnerability in Bitbucket Server and D
DIVD is scanning for parties vulnerable to CVE-2022-43781...
DIVD-2022-00056 - Critical authentication bypass affecting Fortigate produc
DIVD is scanning for parties vulnerable to CVE-2022-40684...
DIVD-2022-00055 - Server Management Interfaces security issues
DIVD is researching vulnerabilities in (hardware) server management interfa...
DIVD-2022-00054 - ProxyNotShell - Microsoft Exchange SSRF and RCE
DIVD is scanning for parties vulnerable to CVE-2022-41040 and CVE-2022-4108...
DIVD-2022-00053 - Atlassian Bitbucket Server - CVE-2022-36804
DIVD is researching Bitbucket instances that are vulnerable to CVE-2022-368...
DIVD-2022-00051 - H2 Web Console - CVE-2021-42392, CVE-2022-23221
DIVD is researching vulnerable, accessible H2 Web Console instances...
DIVD-2022-00048 - Dossier Energy Transition
In this dossier we are tracking cases and other findings related to the glo...
DIVD-2022-00045 - Injection vulnerability found within Socket.io
A injection vulnerability was identified in Socket.io which can result in R...
DIVD-2022-00042 - Canon print portals facing the internet
Easily accessible Canon print portals facing towards the internet can lead ...
DIVD-2022-00038 - Vulnerable Oracle WebLogic Server
Patch vulnerable Oracle WebLogic servers immediately as some versions are v...
DIVD-2022-00033 - Atlassian Confluence 0-day unauthenticated RCE
CVE-2022-26134 is a 0-day RCE in Confluence. We are scanning the internet f...
DIVD-2022-00032 - Exchange backdoor
Sneaky backdoor installed on earlier hit Exchange Servers....
DIVD-2022-00030 - Exposed QNAP
QNAP urges users to immediately patch NAS devices after several were recent...
DIVD-2022-00029 - Remote Code Execution on Sophos Firewall
An authentication bypass vulnerability in the User Portal and Webadmin allo...
DIVD-2022-00027 - F5 BIG-IP iControl REST API remote code execution
F5 BIG-IP is vulnerable to remote code execution due to a vulnerability tha...
DIVD-2022-00026 - WSO2 Remote Code Executions - CVE-2022-29464
WSO2 servers are vulnerable to remote code execution due to a vulnerability...
DIVD-2022-00025 - VMware - CVE-2022-22954
VMware Workspace ONE Access and Identity Manager contain a remote code exec...
DIVD-2022-00024 - Spring Cloud RCE - CVE-2022-22963
Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to r...
DIVD-2022-00022 - WatchGuard Firebox and XTM appliance ACE vulnerability
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execu...
DIVD-2022-00021 - Ivanti EPM CSA remote code execution
DIVD is searching for vulnerable instances of the Ivanti EPM Cloud Services...
All cases
CVEs
CVE-2022-29823 - Feathers - Query “__proto__” is converted to real prototype...
CVE-2022-29822 - Feathers - Improper parameter filtering in the Feathers js l...
CVE-2022-25153 - ITarian - Local privilege escalation in Endpoint Manager age...
CVE-2022-25152 - ITarian - Any user with a valid session token can create and...
CVE-2022-25151 - ITarian - Session cookie not protected by HttpOnly flag...
CVE-2022-24387 - File upload and overwrite to app_data/Config in SmarterTrack...
CVE-2022-24386 - Stored XSS in SmarterTrack v100.0.8019.14010...
CVE-2022-24385 - Information disclosure via direct object access on SmarterTr...
CVE-2022-24384 - Reflective XSS on SmarterTrack v100.0.8019.14010...
CVE-2022-2422 - Feathers - SQL injection via attribute aliases...
Blog
2022-08-15 : Closing GeyNoise Ukraine Only case...
2022-08-10 : Itarian Full disclosure...
2022-08-09 : SmarterTrack Full disclosure...
2022-06-08 : ITarian critical vulnerabilities...
2022-06-03 : Confluence 0-day...
2022-04-04 : Kaseya Full Disclosure...
2022-03-12 : SmarterTrack limited disclosure...
2022-02-08 : Auth bypass in SAP...
2022-02-07 : XSS Zeroday in Zimbra...
2022-02-01 : DIVD is a CVE Numbering Authority...
More...
Donate
Search...
RSS
Contact
CVE-2022-29823 - Feathers - Query “__proto__” is converted to real prototype
CVE-2022-29822 - Feathers - Improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection
CVE-2022-25153 - ITarian - Local privilege escalation in Endpoint Manager agent on Windows
CVE-2022-25152 - ITarian - Any user with a valid session token can create and execute agent procedures and bypass mandatory approvals
CVE-2022-25151 - ITarian - Session cookie not protected by HttpOnly flag
CVE-2022-24387 - File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010
CVE-2022-24386 - Stored XSS in SmarterTrack v100.0.8019.14010
CVE-2022-24385 - Information disclosure via direct object access on SmarterTrack v100.0.8019.14010
CVE-2022-24384 - Reflective XSS on SmarterTrack v100.0.8019.14010
CVE-2022-2422 - Feathers - SQL injection via attribute aliases
CVE-2022-2421 - Socket.io - Improper type validation in attachment parsing
CVE-2022-0564 - Qlik sense Enterprise Domain User enumeration
CVE-2021-43977 - SmarterTools SmarterMail before 100.0.7803 allows XSS
CVE-2021-40387 - Authenticated Remote Code Execution in UniTrends Server < v10.5.5-2
CVE-2021-40386 - Undisclosed critical vulnerability in Unitrends Client, currently unpatched
CVE-2021-40385 - Privilege escalation from read-only to administrator in web interface of UniTrends Server < v10.5.5-2
CVE-2021-32234 - SmarterTools SmarterMail before Build 7776 allows RCE
CVE-2021-32233 - SmarterTools SmarterMail before Build 7776 allows XSS
CVE-2021-30201 - Unauthenticated XML External Entity vulnerability in Kaseya VSA < v9.5.6
CVE-2021-30121 - (Semi-)Authenticated local file inclusion in Kaseya VSA < v9.5.6
CVE-2021-30120 - 2FA bypass in Kaseya VSA <= v9.5.6
CVE-2021-30119 - Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6
CVE-2021-30118 - Unauthenticated Remote Code Execution in Kaseya VSA < v9.5.5
CVE-2021-30117 - Authenticated SQL injection in Kaseya VSA < v9.5.6
CVE-2021-30116 - Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6
CVE-2021-26474 - UNAUTHENTICATED SERVER SIDE REQUEST FORGERY IN VEMBU PRODUCTS
CVE-2021-26473 - Unauthenticated arbitrary file upload and command execution in Vembu products
CVE-2021-26472 - Unauthenticated remote command execution with SYSTEM privileges in Vembu products
CVE-2021-26471 - Unauthenticated remote command execution in Vembu products