DELTA OBSCURA

We are the team behind Mission Cyber Sentinel, a mission dedicated to securing 446,000 digital assets globally.

Our Partners

Vulnerability DB Entries

Total CVEs
38
Disclosed
Affected Assets
599779
Digital assets impacted
Affected Users
1352257900
Users impacted
Elite Contributor
AlasdairGorniak
with 3 CVEs
Proficient Contributor
daeda1us
with 4 CVEs
Competent Contributor
0xhamy
with 28 CVEs
Title CVE ID Author Credit Severity Post Date Action
Remote code execution as the web server user abusing server-side template injection in Xibo CMS module templates CVE-2025-62369 cristibtz High 2025-12-19
Frappe LMS 2.40.0 – Public Access to Instructor Media in Course Details and Quizzes - 0xhamy High 2025-12-14
Frappe LMS 2.40.0 – Public Access to Student Community Question Media - 0xhamy Medium 2025-12-14
Frappe LMS 2.40.0 – Public Access to Instructor Comments and Feedback Media - 0xhamy Medium 2025-12-14
Frappe LMS 2.40.0 – Access to Unpublished Courses via Predictable Slugs - 0xhamy High 2025-12-14
Frappe LMS 2.40.0 – Public Access to Instructor Assignment Media - 0xhamy Medium 2025-12-14
Apache Druid - v35.0.0 - Use of Cryptographically Weak PRNG CVE-2025-59390 daeda1us Critical 2025-11-28
ProjectSend - vr1720 - Stored XSS CVE-2025-13232 xoriath High 2025-11-23
Vvveb 1.0.7.2 - File Upload to Full Server Compromise CVE-2025-11027 KhanMarshai, 0xhamy Critical 2025-10-27
Vvveb 1.0.7.2 - cross-site request forgery CVE-2025-11029 KhanMarshai, 0xhamy High 2025-10-23
Vvveb 1.0.7.2 - Image information disclosure CVE-2025-11028 KhanMarshai, 0xhamy Medium 2025-10-23
Vvveb 1.0.7.2 - Configuration File information disclosure CVE-2025-11026 KhanMarshai, 0xhamy High 2025-10-23
Academico Current - Unrestricted File Upload to RCE CVE-2025-10763 KhanMarshai Critical 2025-10-23
Mentingo learn-v2025.08.27 - Content-Type unrestricted upload CVE-2025-10755 KhanMarshai Medium 2025-10-23
OpenCart - v4.1.0.4 - Cross-Site Scripting via SVG upload CVE-2025-45893 AlasdairGorniak,0xhamy High 2025-10-22
OpenCart - v4.1.0.4 - Cross-Site Scripting via blog editor CVE-2025-45892 AlasdairGorniak,0xhamy High 2025-10-22
EspoCRM - v9.0.7 - HTML injection CVE-2025-32390 xoriath High 2025-10-22
Rallly - v3.11.2 - Insufficient login token entropy CVE-2025-47781 xoriath Critical 2025-10-22
Apache JSPWiki - v2.12.3-git-04 - Cross-Site Scripting CVE-2025-24854 0xhamy High 2025-10-22
Vvveb - v1.0.5 - Cross-Site Scripting via posts & pages CVE-2025-8975 0xhamy High 2025-10-22
1 2 3 »

Contributor Ranking System

Composite Score

The contributor ranking prioritizes real-world impact (affected users and digital assets) over the sheer quantity of CVEs, with CVE count as a tiebreaker.

Factors we consider

  • Affected users and assets: Maximum values per unique product to avoid overcounting across multiple vulnerabilities on the same product.
  • Total impact: Sum of max affected users and max affected assets across products.
  • CVE count: Number of CVEs credited, used as tiebreaker.
  • Sorting: Primarily by total impact (descending), then by CVE count (descending).