our mission

We aim to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them. We have a global reach, but do it Dutch style: open, honest, collaborative and for free.

Icon

Team

DIVD is a platform for security researchers to report vulnerabilities, supported by volunteers.

Icon

Code of Conduct

How and why we scan and report.

Icon

News & Events

Just getting started with some presentations here and there

Icon

REPORTS

Reports on closed research

Icon

CSIRT

Blog on current research by our Computer Security Incident Response Team

Icon

SECURITY

Public documents and reports about (our) security

Icon

CONTACT

We are a network of security researchers who mainly work online.

Icon

JOIN

Join DIVD

Icon

DONATE

We need your support for our mission.

Current open cases

DIVD-2021-00030 - GitLab Unauthenticated RCE Flaw
DIVD-2021-00027 - Apache HTTP 2.4.49 Path Traversal and File Disclosure
DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle
DIVD-2021-00015 - Telegram OD
DIVD-2021-00014 - Kaseya Unitrends
DIVD-2021-00012 - Warehouse Botnet
DIVD-2021-00011 - Kaseya VSA Limited Disclosure
DIVD-2021-00010 - vCenter Server PreAuth RCE
DIVD-2021-00006 - SmarterMail
DIVD-2021-00002 - Kaseya VSA
DIVD-2020-00012 - 49 000 vulnerable Fortinet VPN devices
DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDR

All cases

Last 10 csirt blog posts

27 November 2021 - NMAP script for GitLab CVE-2021-22205
11 November 2021 - GitLab Unauthenticated RCE Flaw
04 November 2021 - SolarWinds N-able N-central
07 October 2021 - Apache HTTP 2.4.49 Path Traversal and File Disclosure Update
05 October 2021 - Apache HTTP 2.4.49 Path Traversal and File Disclosure
26 August 2021 - Exchange ProxyShell and ProxyOracle
26 August 2021 - Kaseya Unitrends update
25 August 2021 - Vembu BDR Full Disclosure
20 August 2021 - Social media consolidation
20 August 2021 - Planned Vembu Full Disclosure

All posts