our mission

We aim to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them. We have a global reach, but do it Dutch style: open, honest, collaborative and for free.

Our statistics

Year # of cases # of vulnerable IPs notified
2020 14 58,358
2021 25 99,006
2022 42 295,757
2023 37 348,352
2024 21 69,721
Icon

Team

DIVD is a platform for security researchers to report vulnerabilities, supported by volunteers.

Icon

Code of Conduct

How and why we scan and report.

Icon

News & Events

Just getting started with some presentations here and there

Icon

REPORTS

Reports on closed research

Icon

CSIRT

Blog on current research by our Computer Security Incident Response Team

Icon

PARTNERS

Who we collaborate with, our sponsors and references

Icon

CONTACT

We are a network of security researchers who mainly work online.

Icon

JOIN

Join DIVD

Icon

DONATE

We need your support for our mission.

Current open cases

DIVD-2024-00030 - Zyxel NAS - unauthenticated OS command injection
DIVD-2024-00028 - Local File Inclusion in SolarWinds U-Serv
DIVD-2024-00026 - Unauthenticated RCE in Rejetto HTTP File Server
DIVD-2024-00025 - QNAP - OS command injection as Admin user possible via quick.cgi
DIVD-2024-00023 - Authentication Bypass Vulnerability in Progress Telerik Report Server
DIVD-2024-00021 - Local File Inclusion in Check Point Security Gateway software
DIVD-2024-00020 - Authentication Bypass in GitHub Enterprise Server (GHES)
DIVD-2024-00019 - Victim Notification Operation Endgame
DIVD-2024-00018 - Out-Of-Bounds memory read vulnerability in Citrix Netscaler and Gateway
DIVD-2024-00016 - Command injection vulnerabilities in QNAP devices
DIVD-2024-00014 - Qlik Sense Remote Code Execution
DIVD-2024-00005 - Remote code execution in FortiOS
DIVD-2023-00040 - Critical F5 BIG-IP unauthenticated RCE Vulnerability
DIVD-2023-00039 - VMware vCenter Server RCE
DIVD-2023-00038 - Global Cisco IOS-XE (CVE-2023-20198) Implants
DIVD-2023-00028 - SQL Injection in MOVEit Transfer - CVE-2023-36934
DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server
DIVD-2023-00002 - Publicly Reachable Malicious Webshells
DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS
DIVD-2022-00058 - ZK Framework - ZK AuUploader Servlet Upload Vulnerability
DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software

All cases

Last 10 csirt blog posts

30 May 2024 - DIVD CSIRT performs victim notification for Operation Endgame
25 April 2024 - DIVD CSIRT Congratulates Project Melissa
10 July 2023 - Limited disclosure of 6 vulnerabilities in OSNexus Quantastor
24 February 2023 - DIVD’s response regard the involvement of a DIVD volunteer in a major data theft case
18 January 2023 - Fox-IT and DIVD cooperate to warn owners of vulnerable Citrix servers
14 December 2022 - Fortinet sslvpnd vulnerability - update
13 December 2022 - Fortinet SSL VPN Vulnerability
15 August 2022 - Closing GeyNoise Ukraine Only case
10 August 2022 - Itarian Full disclosure
09 August 2022 - SmarterTrack Full disclosure

All posts