DELTA OBSCURA

We are the team behind Mission Vector Zero, an ongoing cybersecurity mission that has already protected 2.5+ billion users globally.

Our Partners
Our Services

Vulnerability DB Entries

Total CVEs
48
Disclosed
Affected Assets
3607294
Digital assets impacted
Affected Users
3200830900
Users impacted
Elite Contributor
AlasdairGorniak
with 5 CVEs
Proficient Contributor
oblivionsage
with 2 CVEs
Competent Contributor
daeda1us
with 4 CVEs
Title CVE ID Author Credit Severity Post Date Action
Academico Current - Unrestricted File Upload to RCE CVE-2025-10763 KhanMarshai Critical 2025-10-23
Mentingo learn-v2025.08.27 - Content-Type unrestricted upload CVE-2025-10755 KhanMarshai Medium 2025-10-23
OpenCart - v4.1.0.4 - Cross-Site Scripting via SVG upload CVE-2025-45893 AlasdairGorniak,0xhamy High 2025-10-22
OpenCart - v4.1.0.4 - Cross-Site Scripting via blog editor CVE-2025-45892 AlasdairGorniak,0xhamy High 2025-10-22
EspoCRM - v9.0.7 - HTML injection CVE-2025-32390 xoriath High 2025-10-22
Rallly - v3.11.2 - Insufficient login token entropy CVE-2025-47781 xoriath Critical 2025-10-22
Apache JSPWiki - v2.12.3-git-04 - Cross-Site Scripting CVE-2025-24854 0xhamy High 2025-10-22
Vvveb - v1.0.5 - Cross-Site Scripting via posts & pages CVE-2025-8975 0xhamy High 2025-10-22
Vvveb - v1.0.5 - Cross-Site Scripting via SVG CVE-2025-8976 0xhamy High 2025-10-22
Vvveb - v1.0.5 - Cross-Site Scripting via navbar CVE-2025-8521 0xhamy High 2025-10-22
EasyAppointments - v1.5.0 - Password Brute Force CVE-2024-57602 0xhamy Critical 2025-10-22
EasyAppointments - v1.5.0 - Cross-Site Scripting CVE-2024-57601 0xhamy High 2025-10-22
OnlyOffice Community Server - v12.7.0 - Cross-Site Scripting (cross-origin) CVE-2025-10255 0xhamy,daeda1us Low 2025-10-22
OnlyOffice Community Server - v12.7.0 - Cross-Site Scripting CVE-2025-10254 0xhamy,daeda1us High 2025-10-22
Lemon OS - vnightly-2024-07-12 - Remote stack overflow CVE-2025-9001 0xhamy High 2025-10-22
Apache Answer - v1.4.1 - Externally referenced images can leak user privacy CVE-2025-29868 0xhamy,daeda1us Medium 2025-10-22
Mentingo - File Upload to XSS CVE-2025-10741 KhanMarshai Medium 2025-10-16
Frappe LMS - v2.35.0 - Improper Access Controls CVE-2025-11281 0xhamy,KhanMarshai Medium 2025-10-14
Frappe LMS - v2.35.0 - Improper Access Controls (unauthenticated) CVE-2025-11280 0xhamy,KhanMarshai High 2025-10-14
Frappe LMS - v2.35.0 - Cross-Site Scripting as student CVE-2025-11282 0xhamy,KhanMarshai High 2025-10-14
« 1 2 3 »

Contributor Ranking System

Composite Score

The contributor ranking prioritizes real-world impact (affected users and digital assets) over the sheer quantity of CVEs, with CVE count as a tiebreaker.

Factors we consider

  • Affected users and assets: Maximum values per unique product to avoid overcounting across multiple vulnerabilities on the same product.
  • Total impact: Sum of max affected users and max affected assets across products.
  • CVE count: Number of CVEs credited, used as tiebreaker.
  • Sorting: Primarily by total impact (descending), then by CVE count (descending).