Skip to the content.
Home /

DIVD CSIRT

Making the internet safer through Coordinated Vulnerability Disclosure

Menu
  • Home
    • DIVD
    • CSIRT
  • Cases
    • DIVD-2025-00010 - Stack-based buffer overflow in Ivanti Connect Secure
      A critical stack-based buffer overflow in Ivanti Connect Secure allows unau...
    • DIVD-2025-00007 - Authentication bypass in CrushFTP service
      A critical vulnerability in CrushFTP was discovered in versions 10.0.0 thro...
    • DIVD-2025-00006 - Next.js Middleware Authorization Bypass
      The vulnerability affects the middleware functionality in Next.js, an attac...
    • DIVD-2025-00004 - Authentication Bypass in PAN-OS Management Web Interface
      Due to confusion between the ngnix and apache web servers/proxies used to s...
    • DIVD-2025-00003 - Multiple vulnerabilities in Mennekes Smart / Premium Char
      Five vulnerabilities have been found in Mennekes Smart / Premium charging s...
    • DIVD-2025-00002 - Authentication bypass in SonicWall SSL-VPN service
      SonicWall has identified an Improper Authentication vulnerability in the SS...
    • DIVD-2025-00001 - Multiple vulnerabilities in Sicomm BASEC Service
      The Sicomm BASEC online tool contains multiple vulnerabilities....
    • DIVD-2024-00052 - Remote code execution in Cleo Harmony, VLCTrader and Lexi
      Cleo has identified an unrestricted file upload and download vulnerability ...
    • DIVD-2024-00051 - Improper authorization vulnerabilty in ProjectSend,
      Improper authorization vulnerabilty, CVE-2024-11680, in open-source file-sh...
    • DIVD-2024-00050 - Path traversal vulnerabilty in Mitel MiCollab
      A path traversal vulnerability, CVE-2024-41713, in the NuPoint Unified Mess...
    • DIVD-2024-00049 - Vulnerabilities in D-Link NAS: Backdoor and Command Injec
      D-Link NAS are affected by a backdoor vulnerability facilitated by hardcode...
    • DIVD-2024-00048 - VMware vCenter Server heap-overflow and remote code execu
      The vCenter Server contains a heap-overflow vulnerability and a privilege e...
    • DIVD-2024-00047 - Multiple critical vulnerablilties in Palo Alto Networks P
      An authentication bypass in Palo Alto Networks PAN-OS software (CVE-2024-00...
    • DIVD-2024-00046 - Multiple critical vulnerablilties in Ivanti Cloud Service
      Ivanti CSA is affected by two critical vulnerabilities, allowing a remote u...
    • DIVD-2024-00045 - SysAid ITSM SQL Injection vulnerability
      In March 2024, a SQL Injection vulnerability has been discovered in SysAid ...
    • DIVD-2024-00044 - Missing authentication in Fortinet FortiManager fgfmsd
      A missing authentication for critical function vulnerability [CWE-306] in F...
    • DIVD-2024-00043 - CyberAudit-Web - SSRF and Authentication bypass CVEs Regi
      Two vulnerabilities have been found in Videx's CyberAudit-Web. These vulner...
    • DIVD-2024-00042 - Multiple critical vulnerabilities in Solarwinds Web Help
      The SolarWinds Web Help Desk software is affected by three critical vulnera...
    • DIVD-2024-00041 - Progress Software WhatsUp Gold SQL Injection Authenticati
      A SQL Injection vulnerability allows an unauthenticated attacker to retriev...
    • DIVD-2024-00040 - Zimbra Collaboration (ZCS) vulnerable for RCE under speci
      The postjournal in Zimbra Collaboration (ZCS) sometimes allows unauthentica...
    • All cases
  • CVEs
    • CVE-2025-22375 - Authentication Bypass in CyberAudit-Web...
    • CVE-2025-22374 - SSRF in CyberAudit-Web videx-legacy-ssl...
    • CVE-2025-22373 - XSS, HTML and Style injection on login page...
    • CVE-2025-22372 - Insecure password storage in SicommNet BASEC...
    • CVE-2025-22371 - SQL-injection in admin_login_handler allows unauthenticated ...
    • CVE-2025-22370 - Mennekes smart/premium charges systems, SQL Injection in web...
    • CVE-2025-22369 - Mennekes smart/premium charges systems, Arbitrary file downl...
    • CVE-2025-22368 - Mennekes smart/premium charges systems, Command injection in...
    • CVE-2025-22367 - Mennekes smart/premium charges systems, Command injection in...
    • CVE-2025-22366 - Mennekes smart/premium charges systems, Command injection in...
    • More...
  • CNA
  • Stolen credentials
  • Blog
    • 2025-04-14 : SicommNet BASEC product warning...
    • 2025-01-09 : Wilco van Beijnum and Harm van den Brink found 17 vulnerabilities in Iochar...
    • 2024-08-12 : Research of Wietse Boonstra and Hidde Smit featured in Follow the Money and...
    • 2024-05-30 : DIVD CSIRT performs victim notification for Operation Endgame...
    • 2024-04-25 : DIVD CSIRT Congratulates Project Melissa...
    • 2023-07-10 : Limited disclosure of 6 vulnerabilities in OSNexus Quantastor...
    • 2023-02-24 : DIVD’s response regard the involvement of a DIVD volunteer in a major data ...
    • 2023-01-18 : Fox-IT and DIVD cooperate to warn owners of vulnerable Citrix servers...
    • 2022-12-14 : Fortinet sslvpnd vulnerability - update...
    • 2022-12-13 : Fortinet SSL VPN Vulnerability...
    • More...
  • Donate
  • Search...
  • RSS
  • Contact

    •  Twitter
    •  LinkedIn