Max van der Horst

Role: Researcher level 3
Max is involved in the coordination of the CSIRT’s operations. Having joined DIVD in 2021, Max gained experience on DIVD’s scanning and notification efforts over a large number of investigations. He uses this experience to assist other researchers with challenges they encounter and, while he is still operationally involved, applies his experience to work on more strategic developments for the team such as collaboration with academia and governments. Max is also a CVE Numbering Authority (CNA) administrator for DIVD and has a background in strategic cyber threat intelligence and vulnerability management.

Social media

Icon - Max van der Horst

Articles / cases / cves

CSIRT Cases

• DIVD-2024-00028 - Local File Inclusion in SolarWinds U-Serv
• DIVD-2024-00020 - Authentication Bypass in GitHub Enterprise Server (GHES)
• DIVD-2024-00019 - Victim Notification Operation Endgame
• DIVD-2024-00005 - Remote code execution in FortiOS
• DIVD-2024-00004 - 2024-00004 Global NGOs
• DIVD-2024-00001 - Auth. Bypass and Command Injection in Ivanti VPN appliance
• DIVD-2023-00042 - Confluence improper authorization vulnerability
• DIVD-2023-00039 - VMware vCenter Server RCE
• DIVD-2023-00038 - Global Cisco IOS-XE (CVE-2023-20198) Implants
• DIVD-2023-00037 - Security Feature Bypass in MinIO
• DIVD-2023-00036 - Authentication Bypass in JetBrains TeamCity
• DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series
• DIVD-2023-00034 - API Authentication Bypass Vulnerability in Ivanti Sentry
• DIVD-2023-00033 - Citrix systems exploited with CVE-2023-3519
• DIVD-2023-00029 - Critical Fortinet SSL-VPN RCE Vulnerability
• DIVD-2023-00025 - Multiple vulnerabilities in Danfoss AK-SM800A
• DIVD-2023-00024 - SQL injection in GeoServer - CVE-2023-25157
• DIVD-2023-00023 - SQL injection in MOVEit Transfer - CVE-2023-34362
• DIVD-2023-00022 - OS command injection vulnerability of Zyxel firewalls
• DIVD-2023-00021 - Multiple vulnerabilities in Danfoss AK-EM 100
• DIVD-2023-00020 - PaperCut MF/NG Authentication Bypass
• DIVD-2023-00017 - Cisco Small Business Router Authentication Bypass
• DIVD-2023-00011 - FortiNAC and FortiWeb RCE Vulnerability
• DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server
• DIVD-2023-00009 - Cisco RV Series Remote Command Execution
• DIVD-2023-00007 - Global VMware ESXi Ransomware Attack
• DIVD-2023-00004 - Unauthenticated Remote Command Execution using SAML in Zoho ManageEngine
• DIVD-2023-00003 - OS command injection in CentOS CWP
• DIVD-2023-00002 - Publicly Reachable Malicious Webshells
• DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN
• DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS
• DIVD-2022-00060 - Command Injection vulnerability in Bitbucket Server and Data Center
• DIVD-2022-00054 - ProxyNotShell - Microsoft Exchange SSRF and RCE
• DIVD-2022-00027 - F5 BIG-IP iControl REST API remote code execution
• DIVD-2022-00024 - Spring Cloud RCE - CVE-2022-22963
• DIVD-2022-00022 - WatchGuard Firebox and XTM appliance ACE vulnerability
• DIVD-2022-00012 - Global Charity Vulnerabilities
• DIVD-2022-00004 - Post-Log4J Open Database C2 and Monero Miner Infections
• DIVD-2021-00020 - OSNexsus QuantaStor limited disclosure and product warning

CVEs contributed to

• CVE-2022-45049 - Reflected XSS in Axiell Iguana CMS
• CVE-2022-45050 - Reflected XSS in Axiell Iguana CMS
• CVE-2022-45051 - Reflected POST XSS in Axiell Iguana CMS
• CVE-2022-45052 - Local File Inclusion in Axiell Iguana CMS
• CVE-2023-22583 - SQL Injection in Danfoss AK-EM 100
• CVE-2023-22584 - Cleartext credentials in Danfoss AK-EM 100
• CVE-2023-22585 - Reflected Cross-Site Scripting in Danfoss AK-EM 100
• CVE-2023-22586 - Local File Inclusion in Danfoss AK-EM 100
• CVE-2023-25911 - OS Command Injection in Danfoss AK-EM 100
• CVE-2023-25912 - Webreport disclosure to unauthorized actor in Danfoss AK-EM 100
• CVE-2023-25913 - Authentication Bypass in Danfoss AK-SM800A
• CVE-2023-25914 - Path Traversal in Danfoss AK-SM800A
• CVE-2023-25915 - Remote Command Execution in Danfoss AK-SM800A