DELTA OBSCURA

We are the team behind Mission Vector Zero, an ongoing cybersecurity mission that has already protected 2.5+ billion users globally.

Our Partners
Our Services

Vulnerability DB Entries

Total CVEs
48
Disclosed
Affected Assets
3607294
Digital assets impacted
Affected Users
3200830900
Users impacted
Elite Contributor
AlasdairGorniak
with 5 CVEs
Proficient Contributor
oblivionsage
with 2 CVEs
Competent Contributor
daeda1us
with 4 CVEs
Title CVE ID Author Credit Severity Post Date Action
Microsoft Notepad - RCE via command injection CVE-2026-20841 AlasdairGorniak High 2026-02-28
Microsoft Powerapps - RCE via Command Injection CVE-2026-20960 AlasdairGorniak High 2026-02-19
RBC Mobile Banking App - Improper Input Validation in Mobile Remote Deposit Capture - 0xhamy High 2026-02-17
Grafana v12.3.1 - Public Dashboards time range restriction on annotations can be bypassed CVE-2026-21722 KhanMarshai Medium 2026-02-15
MongoDB - Integer Overflow in GridFS chunkSize Leading to Heap Allocation Failure CVE-2025-14911 oblivionsage Medium 2026-02-12
KuWFi 4G LTE Router AC900 - vFirmware V1.0.13 - Stack-Based Buffer Overflow CVE-2025-68706 Actuator Critical 2026-01-02
OpenCart v4.1.0.3 - Race Condition in Checkout Allows Coupon Limit Bypass and Inventory Overselling CVE-2025-15116 KhanMarshai High 2025-12-27
Video Downloader Pro & Browser - v≤ 1.0.42 - Cross Site Scripting (XSS) CVE-2024-46966 Actuator High 2025-12-22
Color Phone: Call Screen Theme - v21.1.9 - Escalation of Privilege CVE-2024-53932 Actuator Critical 2025-12-22
Authenticated RCE in SOPlanning Version 1.53.00 CVE-2024-57169 mcsam Critical 2025-12-22
Node.js - v20.x, 22.x, 24.x - Path Traversal via Windows Device Names in path.normalize() CVE-2025-27210 oblivionsage High 2025-12-21
Xibo CMS - version <4.3.1 - Remote Code Execution via Server Side Template Injection CVE-2025-62369 cristibtz High 2025-12-19
Frappe LMS 2.40.0 – Public Access to Instructor Media in Course Details and Quizzes - 0xhamy High 2025-12-14
Frappe LMS 2.40.0 – Access to Unpublished Courses via Predictable Slugs - 0xhamy High 2025-12-14
Apache Druid - v35.0.0 - Use of Cryptographically Weak PRNG CVE-2025-59390 daeda1us Critical 2025-11-28
ProjectSend - vr1720 - Stored XSS CVE-2025-13232 xoriath High 2025-11-23
Vvveb 1.0.7.2 - File Upload to Full Server Compromise CVE-2025-11027 KhanMarshai, 0xhamy Critical 2025-10-27
Vvveb 1.0.7.2 - cross-site request forgery CVE-2025-11029 KhanMarshai, 0xhamy High 2025-10-23
Vvveb 1.0.7.2 - Image information disclosure CVE-2025-11028 KhanMarshai, 0xhamy Medium 2025-10-23
Vvveb 1.0.7.2 - Configuration File information disclosure CVE-2025-11026 KhanMarshai, 0xhamy High 2025-10-23
1 2 3 »

Contributor Ranking System

Composite Score

The contributor ranking prioritizes real-world impact (affected users and digital assets) over the sheer quantity of CVEs, with CVE count as a tiebreaker.

Factors we consider

  • Affected users and assets: Maximum values per unique product to avoid overcounting across multiple vulnerabilities on the same product.
  • Total impact: Sum of max affected users and max affected assets across products.
  • CVE count: Number of CVEs credited, used as tiebreaker.
  • Sorting: Primarily by total impact (descending), then by CVE count (descending).