Victor Pasman
CSIRT
CSIRT cases
- DIVD-2026-00003 - Mendix Applications – Data Exposure due to Authorization Misconfiguration
- DIVD-2026-00002 - DIVD-2026-00002 – Ivanti Endpoint Manager Mobile Vulnerabilities
- DIVD-2025-00042 - React2shell vulnerability
- DIVD-2025-00039 - Cisco ASA WebVPN Vulnerabilities
- DIVD-2025-00037 - Critical vulnerabilities in Citrix ADC and Gateway systems
Show more Show less
- DIVD-2025-00035 - Sharepoint Mass-Exploitation (ToolShell) through CVE-2025-53770
- DIVD-2025-00034 - Remote Code Execution in IBM WebSphere version 8.5 and 9.0
- DIVD-2025-00033 - Remote Code Execution in GeoServer versions below 2.27.0, 2.26.2 and 2.25.6
- DIVD-2025-00032 - Unauthenticated Arbitrary Remote Code Execution in Pterodactyl
- DIVD-2025-00031 - Critical vulnerabilities in Citrix ADC and Gateway systems
- DIVD-2025-00022 - SolarEdge SE3680H and SolarEdge Monitoring Platform vulnerabilities
- DIVD-2025-00018 - Victim Notification Operation Endgame 2.0
- DIVD-2025-00016 - Unauthenticated Remote Code Execution in Ingress-Nginx.
- DIVD-2025-00011 - Severe vulnerabilities in Growatt portal
- DIVD-2024-00042 - Multiple critical vulnerabilities in Solarwinds Web Help Desk
- DIVD-2024-00031 - Unauthenticated Local File Inclusion vulnerability in ComfortKey
- DIVD-2024-00024 - Multiple vulnerabilities found in the SOPlanning tool
- DIVD-2024-00005 - Remote code execution in FortiOS
- DIVD-2024-00004 - 2024-00004 Global NGOs
- DIVD-2024-00001 - Auth. Bypass and Command Injection in Ivanti VPN appliance
- DIVD-2023-00039 - VMware vCenter Server RCE
- DIVD-2023-00036 - Authentication Bypass in JetBrains TeamCity
- DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series
- DIVD-2023-00029 - Critical Fortinet SSL-VPN RCE Vulnerability
- DIVD-2023-00011 - FortiNAC and FortiWeb RCE Vulnerability
- DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN
- DIVD-2022-00063 - Memory overflow vulnerability in FortiOS SSL VPN
- DIVD-2022-00058 - ZK Framework - ZK AuUploader Servlet Upload Vulnerability
- DIVD-2022-00056 - Critical authentication bypass affecting Fortigate products
- DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software
- DIVD-2022-00045 - Injection vulnerability found within Socket.io
- DIVD-2022-00038 - Vulnerable Oracle WebLogic Server
- DIVD-2022-00033 - Atlassian Confluence 0-day unauthenticated RCE
- DIVD-2022-00032 - Exchange backdoor
- DIVD-2022-00029 - Remote Code Execution on Sophos Firewall
- DIVD-2022-00027 - F5 BIG-IP iControl REST API remote code execution
- DIVD-2022-00026 - WSO2 Remote Code Executions - CVE-2022-29464
- DIVD-2022-00025 - VMware - CVE-2022-22954
- DIVD-2022-00024 - Spring Cloud RCE - CVE-2022-22963
- DIVD-2022-00020 - Inproper input validation vulnerabilities identified within Feathers.js
- DIVD-2022-00008 - XSS Zeroday in Zimbra
- DIVD-2021-00038 - Apache Log4j2
- DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solution
- DIVD-2021-00033 - Sites with Potential SQL-Injection
- DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle
- DIVD-2021-00020 - OSNexsus QuantaStor limited disclosure and product warning
- DIVD-2021-00015 - Telegram OD
- DIVD-2021-00006 - SmarterMail
CVE Records
- CleverDisplay BlueOne unauthorized BIOS access through physical USB keyboard
- Authentication bypass on web interface
- SWD Interface Open on Growatt ShineLan-X
- Undocumented backup Account and No Password Configuration Capability
- Missing encryption on Local Configuration Interface or Cloud Endpoint Communication - Growatt MIC3300TL-X and ShineLan-X
Show more Show less
- Stored cross site scripting (XSS) vulnerability in Growatt ShineLan-X
- Stored Cross-Site Scripting (XSS) vulnerability in Growatt ShineLan-X
- Hardcoded FTP Credentials within the firmware
- SolarEdge Monitoring Platform contains a XSS upon report deletion
- SolarEdge SE3680H contains Linux Kernel vulnerabilities
- SolarEdge SE3680H - Information Exposure during Bootloader Loop
- SolarEdge SE3680H - Exposed Debug interface
- White Rabbit Switch - Unauthenticated remote code execution
- Sequalize - Bad query filtering leading to SQL errors
- Sequalize - Default support for “raw attributes” when using parentheses
- White Rabbit Switch - Password Disclosure Vulnerability
- Cloudflow - Unauthenticated file upload vulnerability
- Cloudflow - Local File Inclusion Vulnerability
- Visioweb.js - Prototype Pollution can results in XSS
- Authenticated Remote COmmand Execution as root in OSNEXUS QuantaStor version 6.0.0.355 and others
- SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.
- Authenticated Stored XSS in OSNEXUS QuantaStor 6.0.0.335
- Local Privilege Escalation to root in OSNEXUS QuantaStor before 6.0.0.355
- Authenticated Remote Command Execution vulnerability in OSNEXUS QuantaStor before 6.0.0.355
- Reflected XSS vulnerability in OSNEXUS QuantaStor before 6.0.0.355
- SSRF vulnerability in OSNEXUS QuantaStor before 6.0.0.355
- SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution.
- SmarterTools SmarterMail before Build 7776 allows XSS.