
How DIVD Protects the Internet – And Why It Matters to You
Publication date: 2025-03-20
The Dutch Cybersecurity Watchdog
The Dutch Institute for Vulnerability Disclosure (DIVD) may not be a household name, but in the world of cybersecurity, it plays a crucial role. This non-profit organization, based in the Netherlands, is dedicated to finding and reporting security vulnerabilities before malicious hackers can exploit them.
In a world where cyber threats are growing every day, organizations like DIVD are the unsung heroes working behind the scenes. By proactively scanning systems, analyzing security flaws, and responsibly disclosing vulnerabilities, DIVD helps businesses, governments, and individuals stay ahead of cyber risks.
What Does DIVD Do?
At its core, DIVD is all about responsible disclosure. Instead of hoarding vulnerabilities or selling them to the highest bidder (as some black-hat hackers do), DIVD informs affected companies and helps them fix security issues before they can be exploited.
Here’s how their process works:
- Scanning for vulnerabilities – DIVD researchers continuously check public systems for security flaws.
- Analyzing findings – Once a vulnerability is found, they determine how severe it is.
- Notifying affected organizations – Companies, developers, and even government agencies are alerted so they can fix the issue.
- Coordinated disclosure – After giving organizations time to resolve the problem, DIVD publicly discloses the vulnerability so others can learn from it.
This method prevents cybercriminals from taking advantage of security gaps while also raising awareness across industries.
DIVD as a CVE Numbering Authority (CNA)
One of the most important aspects of DIVD’s work is its role as an official CVE Numbering Authority (CNA) for MITRE’s Common Vulnerabilities and Exposures (CVE) system. This means DIVD is authorized to assign unique CVE identifiers to newly discovered vulnerabilities, ensuring they are properly tracked and documented in global security databases.
For cybersecurity professionals and tools like BaseFortify.eu, this is critical. Each CVE is a reference point for known threats, helping security teams quickly understand risks and take action. The list of CVEs DIVD has published can be found at CVEs | DIVD CSIRT.
DIVD’s Connection to CSIRT
DIVD operates in a space closely linked to Computer Security Incident Response Teams (CSIRTs). These teams are responsible for responding to security incidents in organizations, and they rely on up-to-date vulnerability disclosures to patch systems before an attack happens.
By working in tandem with CSIRTs, DIVD ensures that critical security information reaches the right people at the right time. This partnership strengthens the overall cybersecurity landscape and helps minimize the damage caused by cyber threats.
Notable CVEs Published by DIVD
DIVD has uncovered and disclosed numerous vulnerabilities over the years, helping to patch security holes in widely used software and infrastructure.
One example is the Mennekes smart/premium EV chargers, where DIVD researchers discovered multiple security flaws in 2025. These included CVE-2025-22366, a command injection vulnerability in the firmware upgrade process, and CVE-2025-22370, which exposed the system to SQL injection attacks via the web configuration interface. If left unpatched, these issues could have allowed attackers to manipulate charging stations, disrupt services, or even gain control over connected infrastructure.
Another significant disclosure was related to the Enphase IQ Gateway in 2024, a crucial component in many solar power installations. CVE-2024-21876 exposed a path traversal vulnerability that allowed unauthorized access to critical files, while CVE-2024-21878 demonstrated how attackers could execute arbitrary commands by exploiting unsafe file evaluations. These vulnerabilities could have had far-reaching consequences for energy management and grid security if they had not been patched in time.
DIVD has also helped uncover security flaws in SOPlanning, an open-source project management tool. In 2024, they identified multiple vulnerabilities, including CVE-2024-27112, an SQL injection flaw that could allow attackers to manipulate or steal data, and CVE-2024-27114, a remote code execution vulnerability through file uploads.
Beyond these examples, DIVD has contributed to securing various systems, from web applications and database platforms to industrial control systems. Their proactive approach ensures that vendors and users can patch vulnerabilities before attackers exploit them.
Why DIVD Matters for BaseFortify.eu Users
If you use BaseFortify.eu to monitor cybersecurity threats, DIVD’s work is directly relevant to you. Every time DIVD discloses a new vulnerability, tools like BaseFortify.eu integrate this information, allowing businesses and security teams to stay ahead of potential risks.
Here’s how DIVD’s findings help platforms like BaseFortify.eu:
- Improved threat intelligence – New CVEs from DIVD provide insights into emerging risks.
- Faster security response – Companies can take immediate action based on disclosed vulnerabilities.
- Better compliance – Staying informed about vulnerabilities helps organizations meet regulatory requirements.
By incorporating DIVD’s CVE data, BaseFortify.eu users can ensure they are protecting their systems with the most up-to-date security intelligence available.
Final Thoughts
Cyber threats aren’t going away anytime soon, but organizations like DIVD are making the digital world a safer place. Their proactive approach to finding and reporting vulnerabilities ensures that security teams and businesses have the knowledge they need to defend themselves.
At BaseFortify.eu, we recognize the importance of these efforts. By keeping an eye on DIVD’s latest CVEs and integrating them into our platform, we help businesses stay one step ahead in the ever-evolving cybersecurity landscape. If you want to see all the CVEs published by DIVD and annotated by BaseFortify then visit our own CVE page. There in the filters panel you can add ‘[email protected]’ as assigner.
Currently BaseFortify.eu is free for registration. Within minutes of logging in you can obtain an overview of vulnerabilities that pose a threat to you through easy-to-use terminal commands. So register now at https://basefortify.eu/register