Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity)

15495.5

XP

793

Reports

173

Reports, last 90 days

#7

17 Jan, 2026

Lvl 10

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Biagiotti< 3.5.2 Local File Inclusion	32.4	8.1	Oct 24, 2025
Skillate<= 1.2.10 Cross Site Scripting (XSS)	7.1	7.1	Sep 18, 2025
KenthaRadio<= 2.2.0 Cross Site Scripting (XSS)	7.1	7.1	Sep 17, 2025
Auto Repair<= 22.6 Cross Site Scripting (XSS)	10.65	7.1	Sep 17, 2025
OneLife<= 3.9 PHP Object Injection	17.6	8.8	Sep 17, 2025
Miion<= 1.2.7 Arbitrary File Upload	14.85	9.9	Sep 17, 2025
Bajaar - Highly Customizable WooCommerce WordPress Theme<= 2.1.0 Local File Inclusion	16.2	8.1	Sep 18, 2025
Miion<= 1.2.7 Local File Inclusion	7.5	7.5	Sep 17, 2025
Hostme v2<= 7.0 Arbitrary File Deletion	45	7.5	Sep 16, 2025
Restaurt<= 1.0.4 Arbitrary File Upload	14.85	9.9	Sep 16, 2025
Anona<= 8.0 PHP Object Injection	13.2	8.8	Sep 11, 2025
Anona<= 8.0 Arbitrary File Download	33.75	7.5	Sep 11, 2025
Anona<= 8.0 Arbitrary File Deletion	38.7	8.6	Sep 11, 2025
Anon<= 2.2.10 Cross Site Scripting (XSS)	14.2	7.1	Sep 10, 2025
Vivagh<= 2.4 PHP Object Injection	8.8	8.8	Sep 10, 2025
Kids Heaven<= 3.2 PHP Object Injection	17.6	8.8	Sep 10, 2025
Brookside<= 1.4 Cross Site Scripting (XSS)	7.1	7.1	Sep 10, 2025
Consult Aid<= 1.4.3 PHP Object Injection	19.6	9.8	Sep 10, 2025
AutoParts<= 1.5.8 Local File Inclusion	16.2	8.1	Sep 19, 2025
Search & Go<= 2.8 Local File Inclusion	32.4	8.1	Sep 18, 2025
Right Way<= 4.0 Local File Inclusion	16.2	8.1	Sep 18, 2025
Barberry<= 2.9.9.87 Local File Inclusion	32.4	8.1	Sep 16, 2025
Reprizo<= 1.0.8 Local File Inclusion	16.2	8.1	Sep 16, 2025
Promo<= 1.3.0 Local File Inclusion	16.2	8.1	Sep 16, 2025
Melania<= 2.5.0 Local File Inclusion	24.3	8.1	Sep 10, 2025
Mella<= 1.2.29 Local File Inclusion	16.2	8.1	Sep 10, 2025
Myour<= 1.5.1 Local File Inclusion	24.3	8.1	Sep 10, 2025
TheNa<= 1.5.5 Cross Site Scripting (XSS)	10.65	7.1	Sep 9, 2025
Electron<= 1.8.2 Broken Access Control	4.88	6.5	Sep 9, 2025
xSmart<= 1.2.9.4 Broken Access Control	3.25	6.5	Sep 8, 2025
xSmart<= 1.2.9.4 Privilege Escalation	13.2	8.8	Sep 8, 2025
xSmart<= 1.2.9.4 Cross Site Scripting (XSS)	7.1	7.1	Sep 8, 2025
Drone<= 1.40 Cross Site Scripting (XSS)	10.65	7.1	Sep 5, 2025
Energia<= 1.1.2 Arbitrary File Upload	45	10	Sep 7, 2025
Anarkali<= 1.0.9 Local File Inclusion	24.3	8.1	Aug 29, 2025
Depot<= 1.16 Local File Inclusion	32.4	8.1	Sep 9, 2025
Amuli<= 2.3.0 Local File Inclusion	24.3	8.1	Sep 7, 2025
Athens<= 1.1.6 Local File Inclusion	16.2	8.1	Sep 5, 2025
VideoPro<= 2.3.8.1 Local File Inclusion	32.4	8.1	Sep 18, 2025
Typify<= 3.0.2 Local File Inclusion	16.2	8.1	Aug 20, 2025
Racquet<= 1.12.0 Local File Inclusion	16.2	8.1	Aug 19, 2025
Mitech<= 2.3.4 Local File Inclusion	32.4	8.1	Aug 19, 2025
Moody<= 2.7.3 Local File Inclusion	24.3	8.1	Aug 19, 2025
Atlas<= 2.1.0 Local File Inclusion	32.4	8.1	Aug 18, 2025
Navian<= 1.5.4 Local File Inclusion	32.4	8.1	Aug 16, 2025
Brook<= 2.9.0 Local File Inclusion	32.4	8.1	Aug 16, 2025
AeroLand<= 1.6.6 Local File Inclusion	24.3	8.1	Aug 16, 2025
OchaHouse<= 2.2.8 Local File Inclusion	16.2	8.1	Aug 11, 2025
Rozy - Flower Shop<= 1.2.25 Local File Inclusion	16.2	8.1	Aug 6, 2025
Hendon< 1.7 Local File Inclusion	32.4	8.1	Oct 24, 2025
Curly< 3.3 Local File Inclusion	32.4	8.1	Oct 24, 2025
Optimize< 2.4 Local File Inclusion	32.4	8.1	Oct 24, 2025
Wellspring< 2.8 Local File Inclusion	32.4	8.1	Oct 24, 2025
Lobo< 2.8.6 SQL Injection	17	8.5	Oct 15, 2025
Neo Ocular< 1.2 Local File Inclusion	16.2	8.1	Oct 15, 2025
Wanderland<= 1.5 Broken Access Control	8.6	4.3	Dec 4, 2025
Don Peppe<= 1.3 Broken Access Control	3.23	4.3	Dec 4, 2025
Prowess<= 1.8.1 Broken Access Control	8.6	4.3	Dec 4, 2025
Verdure<= 1.6 Insecure Direct Object References (IDOR)	4.05	5.4	Dec 3, 2025
Sweet Jane<= 1.2 Insecure Direct Object References (IDOR)	N/A	5.4	Dec 3, 2025
Dolcino<= 1.6 Insecure Direct Object References (IDOR)	5.4	5.4	Dec 3, 2025
Justicia<= 1.2 Insecure Direct Object References (IDOR)	4.05	5.4	Dec 3, 2025
Roam<= 2.1.1 Insecure Direct Object References (IDOR)	5.4	5.4	Dec 3, 2025
Overton<= 1.3 Insecure Direct Object References (IDOR)	4.05	5.4	Dec 3, 2025
Innovio<= 1.7 Insecure Direct Object References (IDOR)	5.4	5.4	Dec 3, 2025
Holmes<= 1.7 Insecure Direct Object References (IDOR)	4.05	5.4	Dec 2, 2025
Fleur<= 2.0 Insecure Direct Object References (IDOR)	5.4	5.4	Dec 2, 2025
Fiorello<= 1.0 Insecure Direct Object References (IDOR)	5.4	5.4	Dec 2, 2025
Curly<= 3.3 Insecure Direct Object References (IDOR)	5.4	5.4	Dec 2, 2025
Cocco<= 1.5.1 Insecure Direct Object References (IDOR)	5.4	5.4	Dec 2, 2025
FreeAgent<= 2.1.2 Local File Inclusion	16.2	8.1	Aug 11, 2025
Issabella<= 1.1.2 Local File Inclusion	16.2	8.1	Aug 11, 2025
Frappé<= 1.8 Local File Inclusion	16.2	8.1	Aug 9, 2025
Hope<= 3.0.0 Local File Inclusion	37.26	8.1	Aug 8, 2025
Gecko<= 1.9.8 Local File Inclusion	32.4	8.1	Aug 8, 2025
Genemy<= 1.6.6 Server Side Request Forgery (SSRF)	3.68	4.9	Oct 28, 2025
Arlo<= 6.0.3 Cross Site Scripting (XSS)	14.2	7.1	Aug 8, 2025
Sound \| Musical Instruments Online Store<= 1.6.9 Deserialization of untrusted data	45.08	9.8	Aug 8, 2025
ListingPro Reviews<= 1.7 Cross Site Scripting (XSS)	28.4	7.1	Jun 11, 2025
PawFriends - Pet Shop and Veterinary WordPress Theme<= 1.3 Cross Site Request Forgery (CSRF)	0.51	5.4	Nov 30, 2025
SearchAzon<= 1.4 Cross Site Request Forgery (CSRF)	N/A	4.3	Nov 30, 2025
Wordpress Movies Bulk Importer<= 1.0 Cross Site Request Forgery (CSRF)	N/A	4.3	Nov 30, 2025
FooEvents for WooCommerce<= 1.20.4 SQL Injection	17	8.5	May 19, 2025
FiveStar<= 1.7 Insecure Direct Object References (IDOR)	4.05	5.4	Nov 29, 2025
Arcane<= 3.6.6 Broken Access Control	10.6	5.3	Nov 29, 2025
Backpack Traveler<= 2.10.3 Insecure Direct Object References (IDOR)	5.4	5.4	Nov 29, 2025
Struktur<= 2.5.1 Insecure Direct Object References (IDOR)	5.4	5.4	Nov 29, 2025
Pool Services<= 3.3 Server Side Request Forgery (SSRF)	10.8	5.4	Oct 28, 2025
The Aisle<= 2.9 Broken Access Control	4.3	4.3	Oct 28, 2025
Powerlift< 3.2.1 Broken Access Control	4.3	4.3	Oct 28, 2025
Lobo<= 2.8.6 Broken Access Control	4.3	4.3	Oct 15, 2025
Bard<= 1.6 Cross Site Request Forgery (CSRF)	0.68	5.4	Sep 21, 2025
Savory<= 2.5 Local File Inclusion	32.4	8.1	Sep 18, 2025
Revolution< 2.5.8 Local File Inclusion	15	7.5	Sep 18, 2025
Search & Go<= 2.7 Broken Authentication	58.8	9.8	Sep 18, 2025
Sale! Immigration law, Visa services support, Migration Agent Consulting<= 1.5.8 Privilege Escalation	19.8	8.8	Sep 17, 2025
Academist< 1.3 Local File Inclusion	32.4	8.1	Sep 16, 2025
Tuturn< 3.6 Broken Authentication	29.4	9.8	Sep 15, 2025
Tuturn< 3.6 Arbitrary File Download	9.75	6.5	Sep 15, 2025
GoStore< 1.6.4 Cross Site Scripting (XSS)	14.2	7.1	Sep 15, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending