DELTA OBSCURA

We are the team behind Mission Vector Zero, an ongoing cybersecurity mission that has already protected 2.5+ billion users globally.

Our Partners
Our Services

Vulnerability DB Entries

Total CVEs
51
Disclosed
Affected Assets
85083026
Digital assets impacted
Affected Users
4505598180
Users impacted
Elite Contributor
AlasdairGorniak
with 5 CVEs
Proficient Contributor
Viralvaghela
with 1 CVEs
Competent Contributor
oblivionsage
with 3 CVEs
Title CVE ID Author Credit Severity Post Date Action
QEMU < 10.2.1 - Heap Buffer Over-Read in VMDK Compressed Grain Parsing CVE-2026-2243 oblivionsage Low 2026-03-13
InstantCMS - v2.18.0 - Cross-Site Request Forgery CVE-2026-28281 0xhamy High 2026-03-13
Arbitrary File Write via Path Traversal CVE-2026-27606 Viralvaghela Critical 2026-03-10
Microsoft Notepad - RCE via command injection CVE-2026-20841 AlasdairGorniak High 2026-02-28
Microsoft Powerapps - RCE via Command Injection CVE-2026-20960 AlasdairGorniak High 2026-02-19
RBC Mobile Banking App - Improper Input Validation in Mobile Remote Deposit Capture - 0xhamy High 2026-02-17
Grafana v12.3.1 - Public Dashboards time range restriction on annotations can be bypassed CVE-2026-21722 KhanMarshai Medium 2026-02-15
MongoDB - Integer Overflow in GridFS chunkSize Leading to Heap Allocation Failure CVE-2025-14911 oblivionsage Low 2026-02-12
KuWFi 4G LTE Router AC900 - vFirmware V1.0.13 - Stack-Based Buffer Overflow CVE-2025-68706 Actuator Critical 2026-01-02
OpenCart v4.1.0.3 - Race Condition in Checkout Allows Coupon Limit Bypass and Inventory Overselling CVE-2025-15116 KhanMarshai High 2025-12-27
Video Downloader Pro & Browser - v≤ 1.0.42 - Cross Site Scripting (XSS) CVE-2024-46966 Actuator High 2025-12-22
Color Phone: Call Screen Theme - v21.1.9 - Escalation of Privilege CVE-2024-53932 Actuator Critical 2025-12-22
Authenticated RCE in SOPlanning Version 1.53.00 CVE-2024-57169 mcsam Critical 2025-12-22
Node.js - v20.x, 22.x, 24.x - Path Traversal via Windows Device Names in path.normalize() CVE-2025-27210 oblivionsage High 2025-12-21
Xibo CMS - version <4.3.1 - Remote Code Execution via Server Side Template Injection CVE-2025-62369 cristibtz High 2025-12-19
Frappe LMS 2.40.0 – Public Access to Instructor Media in Course Details and Quizzes - 0xhamy High 2025-12-14
Frappe LMS 2.40.0 – Access to Unpublished Courses via Predictable Slugs - 0xhamy High 2025-12-14
Apache Druid - v35.0.0 - Use of Cryptographically Weak PRNG CVE-2025-59390 daeda1us Critical 2025-11-28
ProjectSend - vr1720 - Stored XSS CVE-2025-13232 xoriath High 2025-11-23
Vvveb 1.0.7.2 - File Upload to Full Server Compromise CVE-2025-11027 KhanMarshai, 0xhamy Critical 2025-10-27
1 2 3 »

Contributor Ranking System

Composite Score

The contributor ranking prioritizes real-world impact (affected users and digital assets) over the sheer quantity of CVEs, with CVE count as a tiebreaker.

Factors we consider

  • Affected users and assets: Maximum values per unique product to avoid overcounting across multiple vulnerabilities on the same product.
  • Total impact: Sum of max affected users and max affected assets across products.
  • CVE count: Number of CVEs credited, used as tiebreaker.
  • Sorting: Primarily by total impact (descending), then by CVE count (descending).