Skip to the content.
Home
/
DIVD CSIRT
Making the internet safer through Coordinated Vulnerability Disclosure
Menu
Home
DIVD
CSIRT
Cases
DIVD-2024-00040 - Zimbra Collaboration (ZCS) vulnerable for RCE under speci
The postjournal in Zimbra Collaboration (ZCS) sometimes allows unauthentica...
DIVD-2024-00039 - Incorrect authorization vulnerability in Apache OFBiz res
In Apache OFBiz, version 18.12.14 and below, an Incorrect Authorization vul...
DIVD-2024-00033 - ServiceNow - unauthenticated remote code execution (RCE)
Multiple vulnerabilities have been found in ServiceNow. Combining these vul...
DIVD-2024-00032 - Unauthenticated Remote Code Execution (RCE) vulnerability
Geoserver has a Remote Code Execution (RCE) vulnerability in evaluating pro...
DIVD-2024-00031 - Unauthenticated Local File Inclusion vulnerability in Com
A Local File Inclusion vulnerability has been found in ComfortKey, a produc...
DIVD-2024-00030 - Zyxel NAS - unauthenticated OS command injection
Multiple vulnerabilities have been found in the firmware of the Zyxel NAS d...
DIVD-2024-00029 - VMware vCenter Server multiple heap-overflow vulnerabilit
The vCenter Server contains multiple heap-overflow vulnerabilities in the i...
DIVD-2024-00028 - Local File Inclusion in SolarWinds U-Serv
SolarWinds U-Serv was susceptible to a Path Traversal vulnerability, result...
DIVD-2024-00026 - Unauthenticated RCE in Rejetto HTTP File Server
In Rejetto HTTP File Server, version 2.3x up to 2.4 RC07, a vulnerability e...
DIVD-2024-00025 - QNAP - OS command injection as Admin user possible via qu
Two OS command injection vulnerabilities via quick.cgi file are found in QN...
DIVD-2024-00023 - Authentication Bypass Vulnerability in Progress Telerik R
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier...
DIVD-2024-00022 - Millions of credentials scraped from Telegram
DIVD was contacted by a source, who scraped millions of credentials from Te...
DIVD-2024-00021 - Local File Inclusion in Check Point Security Gateway soft
An unauthenticated local file inclusion vulnerability was present in Check ...
DIVD-2024-00020 - Authentication Bypass in GitHub Enterprise Server (GHES)
An authentication bypass vulnerability was present in GitHub Enterprise Ser...
DIVD-2024-00019 - Victim Notification Operation Endgame
The DIVD is notifying victims of several botnets, based on information obta...
DIVD-2024-00018 - Out-Of-Bounds memory read vulnerability in Citrix Netscal
In Citrix Netscaler and Gateway products (VPN virtual server, ICA Proxy, CV...
DIVD-2024-00016 - Command injection vulnerabilities in QNAP devices
Several (OS) command injection vulnerabilities are found in QNAP QTS, QuTS ...
DIVD-2024-00015 - Remote Command Execution in CrushFTP
CrushFTP has a RCE vulnerability that can be exploited without authenticati...
DIVD-2024-00014 - Qlik Sense Remote Code Execution
Multiple unauthenticated remote code execution vulnerabilities in Qlik Sens...
DIVD-2024-00013 - Palo Alto PAN-OS Command Injection Vulnerability in Globa
A command injection vulnerability has been discovered in the GlobalProtect ...
All cases
CVEs
CVE-2024-27120 - Local File Inclusion in ComfortKey before version 24.1.2...
CVE-2024-21881 - Upload of encrypted packages allows authenticated command ex...
CVE-2024-21880 - URL parameter manipulations allows an authenticated attacker...
CVE-2024-21879 - URL parameter manipulations allows an authenticated attacker...
CVE-2024-21878 - Command Injection through Unsafe File Name Evaluation in int...
CVE-2024-21877 - Insecure File Generation Based on User Input in Enphase IQ G...
CVE-2024-21876 - Unauthenticated Path Traversal via URL Parameter in Enphase ...
CVE-2024-21875 - DoS attack when broadcasting billboard messages...
CVE-2023-25915 - Remote Command Execution in Danfoss AK-SM800A...
CVE-2023-25914 - Path Traversal in Danfoss AK-SM800A...
More...
CNA
Stolen credentials
Blog
2024-08-12 : Research of Wietse Boonstra and Hidde Smit featured in Follow the Money and...
2024-05-30 : DIVD CSIRT performs victim notification for Operation Endgame...
2024-04-25 : DIVD CSIRT Congratulates Project Melissa...
2023-07-10 : Limited disclosure of 6 vulnerabilities in OSNexus Quantastor...
2023-02-24 : DIVD’s response regard the involvement of a DIVD volunteer in a major data ...
2023-01-18 : Fox-IT and DIVD cooperate to warn owners of vulnerable Citrix servers...
2022-12-14 : Fortinet sslvpnd vulnerability - update...
2022-12-13 : Fortinet SSL VPN Vulnerability...
2022-08-15 : Closing GeyNoise Ukraine Only case...
2022-08-10 : Itarian Full disclosure...
More...
Donate
Search...
RSS
Contact
Search