DELTA OBSCURA
We are the team behind Mission Cyber Sentinel, a mission dedicated to securing 446,000 digital assets globally.
Vulnerability DB Entries
Total CVEs
35
Disclosed
Affected Assets
444779
Digital assets impacted
Affected Users
1241707900
Users impacted
Elite Contributor
0xhamy
with 28 CVEs
Proficient Contributor
KhanMarshai
with 12 CVEs
Competent Contributor
ali
with 3 CVEs
| Title | CVE ID | Author | Credit | Severity | Post Date | Action |
|---|---|---|---|---|---|---|
| Vvveb 1.0.7.2 - File Upload to Full Server Compromise | CVE-2025-11027 | KhanMarshai, 0xhamy | Critical | 2025-10-27 | ||
| Vvveb 1.0.7.2 - cross-site request forgery | CVE-2025-11029 | KhanMarshai, 0xhamy | High | 2025-10-23 | ||
| Vvveb 1.0.7.2 - Image information disclosure | CVE-2025-11028 | KhanMarshai, 0xhamy | Medium | 2025-10-23 | ||
| Vvveb 1.0.7.2 - Configuration File information disclosure | CVE-2025-11026 | KhanMarshai, 0xhamy | High | 2025-10-23 | ||
| Academico Current - Unrestricted File Upload to RCE | CVE-2025-10763 | KhanMarshai | Critical | 2025-10-23 | ||
| Mentingo learn-v2025.08.27 - Content-Type unrestricted upload | CVE-2025-10755 | KhanMarshai | Medium | 2025-10-23 | ||
| OpenCart - v4.1.0.4 - Cross-Site Scripting via SVG upload | CVE-2025-45893 | ali,0xhamy | High | 2025-10-22 | ||
| OpenCart - v4.1.0.4 - Cross-Site Scripting via blog editor | CVE-2025-45892 | ali,0xhamy | High | 2025-10-22 | ||
| EspoCRM - v9.0.7 - HTML injection | CVE-2025-32390 | xoriath | High | 2025-10-22 | ||
| Rallly - v3.11.2 - Insufficient login token entropy | CVE-2025-47781 | xoriath | Critical | 2025-10-22 | ||
| Apache JSPWiki - v2.12.3-git-04 - Cross-Site Scripting | CVE-2025-24854 | 0xhamy | High | 2025-10-22 | ||
| Vvveb - v1.0.5 - Cross-Site Scripting via posts & pages | CVE-2025-8975 | 0xhamy | High | 2025-10-22 | ||
| Vvveb - v1.0.5 - Cross-Site Scripting via SVG | CVE-2025-8976 | 0xhamy | High | 2025-10-22 | ||
| Vvveb - v1.0.5 - Cross-Site Scripting via navbar | CVE-2025-8521 | 0xhamy | High | 2025-10-22 | ||
| EasyAppointments - v1.5.0 - Password Brute Force | CVE-2024-57602 | 0xhamy | Critical | 2025-10-22 | ||
| EasyAppointments - v1.5.0 - Cross-Site Scripting | CVE-2024-57601 | 0xhamy | High | 2025-10-22 | ||
| OnlyOffice Community Server - v12.7.0 - Cross-Site Scripting (cross-origin) | CVE-2025-10255 | 0xhamy,daeda1us | Low | 2025-10-22 | ||
| OnlyOffice Community Server - v12.7.0 - Cross-Site Scripting | CVE-2025-10254 | 0xhamy,daeda1us | High | 2025-10-22 | ||
| Lemon OS - vnightly-2024-07-12 - Remote stack overflow | CVE-2025-9001 | 0xhamy | High | 2025-10-22 | ||
| Apache Answer - v1.4.1 - Externally referenced images can leak user privacy | CVE-2025-29868 | 0xhamy,daeda1us | Medium | 2025-10-22 |