our mission

We aim to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them. We have a global reach, but do it Dutch style: open, honest, collaborative and for free.

Our statistics

Year # of cases # of vulnerable IPs notified
2020 14 58,358
2021 24 98,757
2022 35 174,935
Icon

Team

DIVD is a platform for security researchers to report vulnerabilities, supported by volunteers.

Icon

Code of Conduct

How and why we scan and report.

Icon

News & Events

Just getting started with some presentations here and there

Icon

REPORTS

Reports on closed research

Icon

CSIRT

Blog on current research by our Computer Security Incident Response Team

Icon

PARTNERS

Who we collaborate with, our sponsors and references

Icon

CONTACT

We are a network of security researchers who mainly work online.

Icon

JOIN

Join DIVD

Icon

DONATE

We need your support for our mission.

Current open cases

DIVD-2022-00060 - Command Injection vulnerability in Bitbucket Server and Data Center
DIVD-2022-00056 - Critical authentication bypass affecting Fortigate products
DIVD-2022-00055 - Server Management Interfaces security issues
DIVD-2022-00054 - ProxyNotShell - Microsoft Exchange SSRF and RCE
DIVD-2022-00053 - Atlassian Bitbucket Server - CVE-2022-36804
DIVD-2022-00051 - H2 Web Console - CVE-2021-42392, CVE-2022-23221
DIVD-2022-00048 - Dossier Energy Transition
DIVD-2022-00045 - Injection vulnerability found within Socket.io
DIVD-2022-00042 - Canon print portals facing the internet
DIVD-2022-00038 - Vulnerable Oracle WebLogic Server
DIVD-2022-00033 - Atlassian Confluence 0-day unauthenticated RCE
DIVD-2022-00032 - Exchange backdoor
DIVD-2022-00030 - Exposed QNAP
DIVD-2022-00029 - Remote Code Execution on Sophos Firewall
DIVD-2022-00025 - VMware - CVE-2022-22954
DIVD-2022-00024 - Spring Cloud RCE - CVE-2022-22963
DIVD-2022-00020 - Multiple injection vulnerabilities identified within Feathers.js
DIVD-2022-00017 - Global Healthcare Vulnerabilities
DIVD-2022-00012 - Global Charity Vulnerabilities
DIVD-2022-00007 - Subdomain Takeovers
DIVD-2022-00005 - Exposed BACnet devices
DIVD-2021-00014 - Kaseya Unitrends

All cases

Last 10 csirt blog posts

15 August 2022 - Closing GeyNoise Ukraine Only case
10 August 2022 - Itarian Full disclosure
09 August 2022 - SmarterTrack Full disclosure
08 June 2022 - ITarian critical vulnerabilities
03 June 2022 - Confluence 0-day
04 April 2022 - Kaseya Full Disclosure
12 March 2022 - SmarterTrack limited disclosure
08 February 2022 - Auth bypass in SAP
07 February 2022 - XSS Zeroday in Zimbra
01 February 2022 - DIVD is a CVE Numbering Authority

All posts