DIVD

our mission

We aim to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them. We have a global reach, but do it Dutch style: open, honest, collaborative and for free.

Our statistics

Year	# of cases	# of vulnerable IPs notified
2020	14	58,358
2021	25	99,006
2022	42	244,788
2023	36	285,607

Icon

Team

DIVD is a platform for security researchers to report vulnerabilities, supported by volunteers.

Icon

Code of Conduct

How and why we scan and report.

Icon

News & Events

Just getting started with some presentations here and there

Icon

REPORTS

Reports on closed research

Icon

CSIRT

Blog on current research by our Computer Security Incident Response Team

Icon

PARTNERS

Who we collaborate with, our sponsors and references

Icon

CONTACT

We are a network of security researchers who mainly work online.

Icon

JOIN

Join DIVD

Icon

DONATE

We need your support for our mission.

Current open cases

DIVD-2023-00042 - Confluence improper authorization vulnerability

DIVD-2023-00040 - Critical F5 BIG-IP unauthenticated RCE Vulnerability

DIVD-2023-00039 - VMware vCenter Server RCE

DIVD-2023-00038 - Global Cisco IOS-XE (CVE-2023-20198) Implants

DIVD-2023-00036 - Authentication Bypass in JetBrains TeamCity

DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series

DIVD-2023-00032 - Access Control Bypass - CVE-2023-29298 & CVE-2023-38205

DIVD-2023-00030 - Citrix systems vulnerable for CVE-2023-3519

DIVD-2023-00028 - SQL Injection in MOVEit Transfer - CVE-2023-36934

DIVD-2023-00027 - Ignite Realtime Openfire auth bypass - CVE-2023-32315

DIVD-2023-00026 - Apache Superset authentication bypass leads to RCE - CVE-2023-27524

DIVD-2023-00025 - Multiple vulnerabilities in Danfoss AK-SM800A

DIVD-2023-00022 - OS command injection vulnerability of Zyxel firewalls

DIVD-2023-00021 - Multiple vulnerabilities in Danfoss AK-EM 100

DIVD-2023-00011 - FortiNAC and FortiWeb RCE Vulnerability

DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server

DIVD-2023-00002 - Publicly Reachable Malicious Webshells

DIVD-2022-00065 - Multiple Critical Vulnerabilities in multiple Zyxel EOL devices

DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS

DIVD-2022-00061 - KNXNet/IP gateways often left open to the internet

DIVD-2022-00058 - ZK Framework - ZK AuUploader Servlet Upload Vulnerability

DIVD-2022-00055 - Server Management Interfaces security issues

DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software

DIVD-2022-00048 - Dossier Energy Transition

All cases

Last 10 csirt blog posts

10 July 2023 - Limited disclosure of 6 vulnerabilities in OSNexus Quantastor

24 February 2023 - DIVD’s response regard the involvement of a DIVD volunteer in a major data theft case

18 January 2023 - Fox-IT and DIVD cooperate to warn owners of vulnerable Citrix servers

14 December 2022 - Fortinet sslvpnd vulnerability - update

13 December 2022 - Fortinet SSL VPN Vulnerability

15 August 2022 - Closing GeyNoise Ukraine Only case

10 August 2022 - Itarian Full disclosure

09 August 2022 - SmarterTrack Full disclosure

08 June 2022 - ITarian critical vulnerabilities

03 June 2022 - Confluence 0-day

All posts