Skip to the content.
Home
/
DIVD CSIRT
Making the internet safer through Coordinated Vulnerability Disclosure
Menu
Home
DIVD
CSIRT
Cases
DIVD-2025-00035 - Sharepoint Mass-Exploitation (ToolShell) through CVE-2025
Threat actors are targeting Sharepoint installations with CVE-2025-53770. I...
DIVD-2025-00034 - Remote Code Execution in IBM WebSphere version 8.5 and 9.
A critical vulnerability in IBM WebSphere was discovered in versions 8.5 an...
DIVD-2025-00033 - Remote Code Execution in GeoServer versions below 2.27.0,
A critical vulnerability in GeoServer was discovered in versions below 2.27...
DIVD-2025-00032 - Unauthenticated Arbitrary Remote Code Execution in Pterod
A critical vulnerability in Pterodactyl was discovered in versions below 1....
DIVD-2025-00031 - Critical vulnerabilities in Citrix ADC and Gateway system
Citrix has released security updates for vulnerabilities in Citrix ADC and ...
DIVD-2025-00019 - Unauthenticated file upload in Visual Composer (VCFRAMEWO
SAP NetWeaver Visual Composer Metadata Uploader lacks proper authorization,...
DIVD-2025-00018 - Victim Notification Operation Endgame 2.0
DIVD is notifying victims of the Latrodectus infostealer, the evolution of ...
DIVD-2025-00017 - Authentication Bypass and Remote Code Execution in Ivanti
Authentication bypass in Ivanti EPMM chained together with a remote code ex...
DIVD-2025-00016 - Unauthenticated Remote Code Execution in Ingress-Nginx.
Unauthenticated Remote Code Execution in Ingress-Nginx can result in cluste...
DIVD-2025-00012 - Four vulnerabilities in Schneider Electric EVLink Wallbox
Wilco van Beijnum has discovered four vulnerabilities in Schneider Electric...
DIVD-2025-00011 - Failed authentication check in Growatt portal
Authentication vulnerability in the `plant transfer` function of the Growat...
DIVD-2025-00010 - Stack-based buffer overflow in Ivanti Connect Secure
A critical stack-based buffer overflow in Ivanti Connect Secure allows unau...
DIVD-2025-00009 - Sungrow's iSolarCloud MQTT lacking permissions
On behalf of ENCS, DIVD has reported a vulnerability to SunGrow that allowe...
DIVD-2025-00007 - Authentication bypass in CrushFTP service
A critical vulnerability in CrushFTP was discovered in versions 10.0.0 thro...
DIVD-2025-00006 - Next.js Middleware Authorization Bypass
The vulnerability affects the middleware functionality in Next.js, an attac...
DIVD-2025-00005 - Exposed Automated Tank Gauge Systems
Automated Tank Gauge (ATG) systems at gas stations and critical facilities ...
DIVD-2025-00004 - Authentication Bypass in PAN-OS Management Web Interface
Due to confusion between the ngnix and apache web servers/proxies used to s...
DIVD-2025-00003 - Multiple vulnerabilities in Mennekes Smart / Premium Char
Five vulnerabilities have been found in Mennekes Smart / Premium charging s...
DIVD-2025-00002 - Authentication bypass in SonicWall SSL-VPN service
SonicWall has identified an Improper Authentication vulnerability in the SS...
DIVD-2025-00001 - Multiple vulnerabilities in Sicomm BASEC Service
The Sicomm BASEC online tool contains multiple vulnerabilities....
All cases
CVEs
CVE-2025-5743 - ...
CVE-2025-5742 - ...
CVE-2025-5741 - ...
CVE-2025-5740 - ...
CVE-2025-29757 - ...
CVE-2025-29756 - MQTT implementation in Sungrow iSolarCloud allowed users to ...
CVE-2025-22375 - Authentication Bypass in CyberAudit-Web...
CVE-2025-22374 - SSRF in CyberAudit-Web videx-legacy-ssl...
CVE-2025-22373 - XSS, HTML and Style injection on login page...
CVE-2025-22372 - Insecure password storage in SicommNet BASEC...
More...
CNA
Stolen credentials
Blog
2025-07-09 : Endgame 2.0 Stealer logs...
2025-07-07 : Endgame 2.0 Stealer logs...
2025-05-07 : Full disclosure DIVD-2021-00020...
2025-04-14 : SicommNet BASEC product warning...
2025-01-09 : Wilco van Beijnum and Harm van den Brink found 17 vulnerabilities in Iochar...
2024-08-12 : Research of Wietse Boonstra and Hidde Smit featured in Follow the Money and...
2024-05-30 : DIVD CSIRT performs victim notification for Operation Endgame...
2024-04-25 : DIVD CSIRT Congratulates Project Melissa...
2023-07-10 : Limited disclosure of 6 vulnerabilities in OSNexus Quantastor...
2023-02-24 : DIVD’s response regard the involvement of a DIVD volunteer in a major data ...
More...
Donate
Search...
RSS
Contact
Search