DELTA OBSCURA

We are the team behind Mission Vector Zero, an ongoing cybersecurity mission that has already protected 2.5+ billion users globally.

Our Partners
Our Services

Vulnerability DB Entries

Total CVEs
52
Disclosed
Affected Assets
85133013
Digital assets impacted
Affected Users
4561058040
Users impacted
Elite Contributor
AlasdairGorniak
with 6 CVEs
Proficient Contributor
Viralvaghela
with 1 CVEs
Competent Contributor
oblivionsage
with 3 CVEs
Title CVE ID Author Credit Severity Post Date Action
Canvas LMS - vrelease_2026-05-20.143 - URL Redirection to Untrusted Site - 0xhamy High 2026-05-06
Canvas LMS - vrelease_2026-05-20.143 - Authorization Bypass Through User-Controlled Key - 0xhamy High 2026-05-06
Canvas LMS - vrelease_2026-05-20.143 - Account Takeover - 0xhamy Critical 2026-05-06
Canvas LMS - vrelease_2026-05-20.143 - Improper Access Control - 0xhamy Medium 2026-05-06
Canvas LMS - vrelease_2026-05-20.143 - CORS Misconfiguration - 0xhamy Critical 2026-05-06
Persistent Blind SSRF via Moodle RSS Client Block (Teacher Role) - 0xhamy Medium 2026-04-26
Persistent Blind SSRF via Moodle Calendar Subscription (Any Authenticated User) - 0xhamy High 2026-04-26
Server-Side Request Forgery in Moodle Grade-Import-XML Endpoint - 0xhamy High 2026-04-26
Microsoft Power Apps Security Feature Bypass CVE-2026-26149 AlasdairGorniak Critical 2026-04-14
QEMU < 10.2.1 - Heap Buffer Over-Read in VMDK Compressed Grain Parsing CVE-2026-2243 oblivionsage Low 2026-03-13
InstantCMS - v2.18.0 - Cross-Site Request Forgery CVE-2026-28281 0xhamy High 2026-03-13
Arbitrary File Write via Path Traversal CVE-2026-27606 Viralvaghela Critical 2026-03-10
Microsoft Notepad - RCE via command injection CVE-2026-20841 AlasdairGorniak High 2026-02-28
Microsoft Powerapps - RCE via Command Injection CVE-2026-20960 AlasdairGorniak High 2026-02-19
RBC Mobile Banking App - Improper Input Validation in Mobile Remote Deposit Capture - 0xhamy High 2026-02-17
Grafana v12.3.1 - Public Dashboards time range restriction on annotations can be bypassed CVE-2026-21722 KhanMarshai Medium 2026-02-15
MongoDB - Integer Overflow in GridFS chunkSize Leading to Heap Allocation Failure CVE-2025-14911 oblivionsage Low 2026-02-12
KuWFi 4G LTE Router AC900 - vFirmware V1.0.13 - Stack-Based Buffer Overflow CVE-2025-68706 Actuator Critical 2026-01-02
OpenCart v4.1.0.3 - Race Condition in Checkout Allows Coupon Limit Bypass and Inventory Overselling CVE-2025-15116 KhanMarshai High 2025-12-27
Video Downloader Pro & Browser - v≤ 1.0.42 - Cross Site Scripting (XSS) CVE-2024-46966 Actuator High 2025-12-22
1 2 3 4 »

Contributor Ranking System

Composite Score

The contributor ranking prioritizes real-world impact (affected users and digital assets) over the sheer quantity of CVEs, with CVE count as a tiebreaker.

Factors we consider

  • Affected users and assets: Maximum values per unique product to avoid overcounting across multiple vulnerabilities on the same product.
  • Total impact: Sum of max affected users and max affected assets across products.
  • CVE count: Number of CVEs credited, used as tiebreaker.
  • Sorting: Primarily by total impact (descending), then by CVE count (descending).