Skip to the content.
Home /

DIVD CSIRT

Making the internet safer through Coordinated Vulnerability Disclosure

Menu
  • Home
    • DIVD
    • CSIRT
  • Cases
    • DIVD-2023-00007 - Global VMware ESXi Ransomware Attack
      Criminals are attacking VMware ESXi servers vulnerable to CVE-2021-21974 wo...
    • DIVD-2023-00006 - Unauthenticated code injection in QNAP QTS and QuTS hero
      QNAP has released an advisory for devices running QTS 5.0.1 and QuTS hero h...
    • DIVD-2023-00004 - Unauthenticated Remote Command Execution using SAML in Zo
      Use of outdated Apache Santuario library in Zoho ManageEngine causes an una...
    • DIVD-2023-00003 - OS command injection in CentOS CWP
      The login/index.php endpoint in CentOS Control Web Panel 7 before 0.9.8.114...
    • DIVD-2023-00002 - Publicly Reachable Malicious Webshells
      DIVD is searching the Internet for publicly reachable malicious webshells....
    • DIVD-2023-00001 - Citrix systems vulnerable for CVE-2022-27510 and/or CVE-
      Based on scanning data obtained from Fox-IT, DIVD is notifying owners of vu...
    • DIVD-2022-00065 - Multiple Critical Vulnerabilities in multiple Zyxel EOL d
      Based on disclosure by Sec Consult, DIVD performed scans of end of life dev...
    • DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axie
      Multiple injection vulnerabilities have been identified within Axiell Iguan...
    • DIVD-2022-00063 - Memory overflow vulnerability in FortiOS SSL VPN
      DIVD is scanning for parties vulnerable to CVE-2022-42475...
    • DIVD-2022-00061 - KNXNet/IP gateways often left open to the internet
      DIVD is scanning for and notifying parties about KNXNet/IP gateways that ar...
    • DIVD-2022-00060 - Command Injection vulnerability in Bitbucket Server and D
      DIVD is scanning for parties vulnerable to CVE-2022-43781...
    • DIVD-2022-00056 - Critical authentication bypass affecting Fortigate produc
      DIVD is scanning for parties vulnerable to CVE-2022-40684...
    • DIVD-2022-00055 - Server Management Interfaces security issues
      DIVD is researching vulnerabilities in (hardware) server management interfa...
    • DIVD-2022-00054 - ProxyNotShell - Microsoft Exchange SSRF and RCE
      DIVD is scanning for parties vulnerable to CVE-2022-41040 and CVE-2022-4108...
    • DIVD-2022-00053 - Atlassian Bitbucket Server - CVE-2022-36804
      DIVD is researching Bitbucket instances that are vulnerable to CVE-2022-368...
    • DIVD-2022-00051 - H2 Web Console - CVE-2021-42392, CVE-2022-23221
      DIVD is researching vulnerable, accessible H2 Web Console instances...
    • DIVD-2022-00048 - Dossier Energy Transition
      In this dossier we are tracking cases and other findings related to the glo...
    • DIVD-2022-00045 - Injection vulnerability found within Socket.io
      A injection vulnerability was identified in Socket.io which can result in R...
    • DIVD-2022-00042 - Canon print portals facing the internet
      Easily accessible Canon print portals facing towards the internet can lead ...
    • DIVD-2022-00038 - Vulnerable Oracle WebLogic Server
      Patch vulnerable Oracle WebLogic servers immediately as some versions are v...
    • All cases
  • CVEs
    • CVE-2022-45052 - Local File Inclusion in Axiell Iguana CMS...
    • CVE-2022-45051 - Reflected POST XSS in Axiell Iguana CMS...
    • CVE-2022-45050 - Reflected XSS in Axiell Iguana CMS...
    • CVE-2022-45049 - Reflected XSS in Axiell Iguana CMS...
    • CVE-2022-29823 - Feathers - Query “__proto__” is converted to real prototype...
    • CVE-2022-29822 - Feathers - Improper parameter filtering in the Feathers js l...
    • CVE-2022-25153 - ITarian - Local privilege escalation in Endpoint Manager age...
    • CVE-2022-25152 - ITarian - Any user with a valid session token can create and...
    • CVE-2022-25151 - ITarian - Session cookie not protected by HttpOnly flag...
    • CVE-2022-24387 - File upload and overwrite to app_data/Config in SmarterTrack...
  • Blog
    • 2023-01-18 : Fox-IT and DIVD cooperate to warn owners of vulnerable Citrix servers...
    • 2022-12-14 : Fortinet sslvpnd vulnerability - update...
    • 2022-12-13 : Fortinet SSL VPN Vulnerability...
    • 2022-08-15 : Closing GeyNoise Ukraine Only case...
    • 2022-08-10 : Itarian Full disclosure...
    • 2022-08-09 : SmarterTrack Full disclosure...
    • 2022-06-08 : ITarian critical vulnerabilities...
    • 2022-06-03 : Confluence 0-day...
    • 2022-04-04 : Kaseya Full Disclosure...
    • 2022-03-12 : SmarterTrack limited disclosure...
    • More...
  • Donate
  • Search...
  • RSS
  • Contact

    •  Twitter
    •  LinkedIn