DELTA OBSCURA

We are the team behind Mission Vector Zero, an ongoing cybersecurity mission that has already protected 2.5+ billion users globally.

Our Partners
Our Services

Vulnerability DB Entries

Total CVEs
52
Disclosed
Affected Assets
85129013
Digital assets impacted
Affected Users
4531058040
Users impacted
Elite Contributor
AlasdairGorniak
with 6 CVEs
Proficient Contributor
Viralvaghela
with 1 CVEs
Competent Contributor
oblivionsage
with 3 CVEs
Title CVE ID Author Credit Severity Post Date Action
Frappe LMS 2.40.0 – Access to Unpublished Courses via Predictable Slugs - 0xhamy High 2025-12-14
Apache Druid - v35.0.0 - Use of Cryptographically Weak PRNG CVE-2025-59390 daeda1us Critical 2025-11-28
ProjectSend - vr1720 - Stored XSS CVE-2025-13232 xoriath High 2025-11-23
Vvveb 1.0.7.2 - File Upload to Full Server Compromise CVE-2025-11027 KhanMarshai, 0xhamy Critical 2025-10-27
Vvveb 1.0.7.2 - cross-site request forgery CVE-2025-11029 KhanMarshai, 0xhamy High 2025-10-23
Vvveb 1.0.7.2 - Image information disclosure CVE-2025-11028 KhanMarshai, 0xhamy Medium 2025-10-23
Vvveb 1.0.7.2 - Configuration File information disclosure CVE-2025-11026 KhanMarshai, 0xhamy High 2025-10-23
Academico Current - Unrestricted File Upload to RCE CVE-2025-10763 KhanMarshai Critical 2025-10-23
Mentingo learn-v2025.08.27 - Content-Type unrestricted upload CVE-2025-10755 KhanMarshai Medium 2025-10-23
OpenCart - v4.1.0.4 - Cross-Site Scripting via SVG upload CVE-2025-45893 AlasdairGorniak,0xhamy High 2025-10-22
OpenCart - v4.1.0.4 - Cross-Site Scripting via blog editor CVE-2025-45892 AlasdairGorniak,0xhamy High 2025-10-22
EspoCRM - v9.0.7 - HTML injection CVE-2025-32390 xoriath High 2025-10-22
Rallly - v3.11.2 - Insufficient login token entropy CVE-2025-47781 xoriath Critical 2025-10-22
Apache JSPWiki - v2.12.3-git-04 - Cross-Site Scripting CVE-2025-24854 0xhamy High 2025-10-22
Vvveb - v1.0.5 - Cross-Site Scripting via posts & pages CVE-2025-8975 0xhamy High 2025-10-22
Vvveb - v1.0.5 - Cross-Site Scripting via SVG CVE-2025-8976 0xhamy High 2025-10-22
Vvveb - v1.0.5 - Cross-Site Scripting via navbar CVE-2025-8521 0xhamy High 2025-10-22
EasyAppointments - v1.5.0 - Password Brute Force CVE-2024-57602 0xhamy Critical 2025-10-22
EasyAppointments - v1.5.0 - Cross-Site Scripting CVE-2024-57601 0xhamy High 2025-10-22
OnlyOffice Community Server - v12.7.0 - Cross-Site Scripting (cross-origin) CVE-2025-10255 0xhamy,daeda1us Low 2025-10-22
« 1 2 3 »

Contributor Ranking System

Composite Score

The contributor ranking prioritizes real-world impact (affected users and digital assets) over the sheer quantity of CVEs, with CVE count as a tiebreaker.

Factors we consider

  • Affected users and assets: Maximum values per unique product to avoid overcounting across multiple vulnerabilities on the same product.
  • Total impact: Sum of max affected users and max affected assets across products.
  • CVE count: Number of CVEs credited, used as tiebreaker.
  • Sorting: Primarily by total impact (descending), then by CVE count (descending).