About DIVD DIVD Community Security

Notification email

About DIVD

Who we are
What we do
The team
Contact
FAQ

DIVD Community

Contribute
Become a volunteer
Become a partner
Donate
Newsroom

Security

Code of Conduct
Code of Ethics
Why our work matters
Coordinated Vulnerability Disclosure
ANBI
CSIRT

Koen Schagen
The Team >
Who we are >
Home >

Koen Schagen

CSIRT Researcher

CSIRT cases

DIVD-2025-00006 - Next.js Middleware Authorization Bypass
DIVD-2024-00051 - Improper authorization vulnerabilty in ProjectSend,
DIVD-2024-00050 - Path traversal vulnerabilty in Mitel MiCollab
DIVD-2024-00049 - Vulnerabilities in D-Link NAS: Backdoor and Command Injection Exploits
DIVD-2024-00044 - Missing authentication in Fortinet FortiManager fgfmsd

Show more Show less

DIVD-2024-00035 - 17 vulnerabilities in Iocharger devices
DIVD-2024-00032 - Unauthenticated Remote Code Execution (RCE) vulnerability in Geoserver
DIVD-2024-00030 - Zyxel NAS - unauthenticated OS command injection
DIVD-2024-00025 - QNAP - OS command injection as Admin user possible via quick.cgi
DIVD-2024-00021 - Local File Inclusion in Check Point Security Gateway software
DIVD-2024-00016 - Command injection vulnerabilities in QNAP devices

Other links

LinkedIn

We aim to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them. We have a global reach, but do it Dutch style: open, honest, collaborative, and for free.

Become a volunteer Become a partner

About
Security
Stay up to date

Ethics at the base of everything we do

Since we handle sensitive data collected without informed consent, we've created this Code of Conduct to establish an ethical foundation for our work. This code can also be utilized by other researchers involved in what is currently known as responsible disclosure or coordinated vulnerability disclosure.

Code of conduct

Scanning from: AS50559 IPv4: 194.5.73.0/24 aka 194.5.73.0-194.5.73.255 - Our own local infrastructure

© 2026 DIVD. All rights reserved