About DIVD DIVD Community Security

Notification email

EN

About DIVD

Who we are
What we do
The team
Contact
FAQ

DIVD Community

Contribute
Become a volunteer
Become a partner
Donate
Newsroom

Security

Code of Conduct
Code of Ethics
Why our work matters
Coordinated Vulnerability Disclosure
ANBI
CSIRT

EN

Ralph Horn
The Team >
Who we are >
Home >

Ralph Horn

Sabbatical

Featured articles

Fortinet SSL VPN Vulnerability
Apache log4j2 remote code execution
Apache HTTP 2.4.49 Path Traversal and File Disclosure Update

CSIRT cases

DIVD-2024-00015 - Remote Command Execution in CrushFTP
DIVD-2024-00014 - Qlik Sense Remote Code Execution
DIVD-2024-00013 - Palo Alto PAN-OS Command Injection Vulnerability in GlobalProtect
DIVD-2024-00005 - Remote code execution in FortiOS
DIVD-2024-00002 - Account takeover vulnerability in Gitlab CE/EE

Show more Show less

DIVD-2024-00001 - Auth. Bypass and Command Injection in Ivanti VPN appliance
DIVD-2023-00045 - Confluence RCE Vulnerability In Confluence Data Center and Confluence Server
DIVD-2023-00040 - Critical F5 BIG-IP unauthenticated RCE Vulnerability
DIVD-2023-00039 - VMware vCenter Server RCE
DIVD-2023-00038 - Global Cisco IOS-XE (CVE-2023-20198) Implants
DIVD-2023-00029 - Critical Fortinet SSL-VPN RCE Vulnerability
DIVD-2023-00028 - SQL Injection in MOVEit Transfer - CVE-2023-36934
DIVD-2023-00027 - Ignite Realtime Openfire auth bypass - CVE-2023-32315
DIVD-2023-00026 - Apache Superset authentication bypass leads to RCE - CVE-2023-27524
DIVD-2023-00023 - SQL injection in MOVEit Transfer - CVE-2023-34362
DIVD-2023-00022 - OS command injection vulnerability of Zyxel firewalls
DIVD-2023-00020 - PaperCut MF/NG Authentication Bypass
DIVD-2023-00011 - FortiNAC and FortiWeb RCE Vulnerability
DIVD-2023-00007 - Global VMware ESXi Ransomware Attack
DIVD-2023-00002 - Publicly Reachable Malicious Webshells
DIVD-2022-00063 - Memory overflow vulnerability in FortiOS SSL VPN
DIVD-2022-00060 - Command Injection vulnerability in Bitbucket Server and Data Center
DIVD-2022-00058 - ZK Framework - ZK AuUploader Servlet Upload Vulnerability
DIVD-2022-00054 - ProxyNotShell - Microsoft Exchange SSRF and RCE
DIVD-2022-00053 - Atlassian Bitbucket Server - CVE-2022-36804
DIVD-2022-00045 - Injection vulnerability found within Socket.io
DIVD-2022-00030 - Exposed QNAP
DIVD-2022-00027 - F5 BIG-IP iControl REST API remote code execution
DIVD-2022-00025 - VMware - CVE-2022-22954
DIVD-2022-00024 - Spring Cloud RCE - CVE-2022-22963
DIVD-2022-00022 - WatchGuard Firebox and XTM appliance ACE vulnerability
DIVD-2022-00020 - Inproper input validation vulnerabilities identified within Feathers.js
DIVD-2022-00017 - Global Healthcare Vulnerabilities
DIVD-2022-00012 - Global Charity Vulnerabilities
DIVD-2022-00010 - Auth bypass in SAP
DIVD-2022-00008 - XSS Zeroday in Zimbra
DIVD-2022-00004 - Post-Log4J Open Database C2 and Monero Miner Infections
DIVD-2021-00038 - Apache Log4j2
DIVD-2021-00033 - Sites with Potential SQL-Injection
DIVD-2021-00027 - Apache HTTP 2.4.49 Path Traversal and File Disclosure

We aim to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them. We have a global reach, but do it Dutch style: open, honest, collaborative, and for free.

Become a volunteer Become a partner

About
Security
Stay up to date

Ethics at the base of everything we do

Since we handle sensitive data collected without informed consent, we've created this Code of Conduct to establish an ethical foundation for our work. This code can also be utilized by other researchers involved in what is currently known as responsible disclosure or coordinated vulnerability disclosure.

Code of conduct

Scanning from: AS50559 IPv4: 194.5.73.0/24 aka 194.5.73.0-194.5.73.255 - Our own local infrastructure

© 2024 DIVD. All rights reserved