Skip to the content.
Home
/
DIVD CSIRT
Making the internet safer through Coordinated Vulnerability Disclosure
Menu
Home
DIVD
CSIRT
Cases
DIVD-2024-00013 - Palo Alto PAN-OS Command Injection Vulnerability in Globa
A command injection vulnerability has been discovered in the GlobalProtect ...
DIVD-2024-00010 - Unauthenticated Command Injection In Progress Kemp LoadMa
Unauthenticated remote attackers can access the system through the LoadMast...
DIVD-2024-00009 - Authentication Bypass in JetBrains TeamCity
Successful exploitation of CVE-2024-27198 and CVE-2024-27199 allows an unau...
DIVD-2024-00008 - Authentication Bypass and Remote Code Execution in Connec
Successful exploitation of CVE-2024-1708 and CVE-2024-1709 allows an unauth...
DIVD-2024-00006 - Authentication Bypass in JetBrains TeamCity
Successful exploitation of CVE-2024-23917 allows an unauthenticated attacke...
DIVD-2024-00005 - Remote code execution in FortiOS
A new RCE vulnerability in FortiOS SSL VPN could lead to full compromise of...
DIVD-2024-00003 - Unauthenticaded Remote Code Execution in CrushFTP
CrushFTP versions prior to 10.5.1 are vulnerable for an unauthenticated rem...
DIVD-2024-00002 - Account takeover vulnerability in Gitlab CE/EE
Gitlab CE/EE critical account takeover vulnerability...
DIVD-2024-00001 - Auth. Bypass and Command Injection in Ivanti VPN applianc
Ivanti warns of an authentication bypass and command injection exploited by...
DIVD-2023-00045 - Confluence RCE Vulnerability In Confluence Data Center an
Confluence Data Center and Server RCE vulnerability allow an authorized use...
DIVD-2023-00042 - Confluence improper authorization vulnerability
Confluence Data Center and Server allow unauthorized users to set Confluenc...
DIVD-2023-00040 - Critical F5 BIG-IP unauthenticated RCE Vulnerability
This vulnerability (CVE-2023-46747) may allow an unauthenticated adversary ...
DIVD-2023-00039 - VMware vCenter Server RCE
VMware has released security updates for vCenter Server that could result i...
DIVD-2023-00038 - Global Cisco IOS-XE (CVE-2023-20198) Implants
An unknown threat actor is using a recent authentication bypass vulnerabili...
DIVD-2023-00037 - Security Feature Bypass in MinIO
An attacker can use crafted requests to bypass metadata bucket name checkin...
DIVD-2023-00036 - Authentication Bypass in JetBrains TeamCity
Successful exploitation of CVE-2023-42793 allows an unauthenticated attacke...
DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Ser
By chaining multiple vulnerabilities an attacker is able to execute arbitra...
DIVD-2023-00034 - API Authentication Bypass Vulnerability in Ivanti Sentry
Ivanti Sentry has an API authentication bypass vulnerability with CVSS 9.8....
DIVD-2023-00033 - Citrix systems exploited with CVE-2023-3519
DIVD is notifying owners of exploited Citrix ADC and Gateway systems, based...
DIVD-2023-00032 - Access Control Bypass - CVE-2023-29298 & CVE-2023-38205
Both vulnerabilities allow an attacker to bypass the product feature that r...
All cases
CVEs
CVE-2024-21875 - DoS attack when broadcasting billboard messages...
CVE-2023-25915 - Remote Command Execution in Danfoss AK-SM800A...
CVE-2023-25914 - Path Traversal in Danfoss AK-SM800A...
CVE-2023-25913 - Authentication Bypass in Danfoss AK-SM800A...
CVE-2023-25912 - Webreport disclosure to unauthorized actor in Danfoss AK-EM ...
CVE-2023-25911 - OS Command Injection in Danfoss AK-EM 100...
CVE-2023-22586 - Local File Inclusion in Danfoss AK-EM 100...
CVE-2023-22585 - Reflected Cross-Site Scripting in Danfoss AK-EM 100...
CVE-2023-22584 - Cleartext credentials in Danfoss AK-EM 100...
CVE-2023-22583 - SQL Injection in Danfoss AK-EM 100...
CNA
Blog
2023-07-10 : Limited disclosure of 6 vulnerabilities in OSNexus Quantastor...
2023-02-24 : DIVD’s response regard the involvement of a DIVD volunteer in a major data ...
2023-01-18 : Fox-IT and DIVD cooperate to warn owners of vulnerable Citrix servers...
2022-12-14 : Fortinet sslvpnd vulnerability - update...
2022-12-13 : Fortinet SSL VPN Vulnerability...
2022-08-15 : Closing GeyNoise Ukraine Only case...
2022-08-10 : Itarian Full disclosure...
2022-08-09 : SmarterTrack Full disclosure...
2022-06-08 : ITarian critical vulnerabilities...
2022-06-03 : Confluence 0-day...
More...
Donate
Search...
RSS
Contact
Search