Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity)

18,588.91

XP

926

Reports

214

Reports, last 90 days

#1

18 Feb, 2026

🇻🇳

Lvl 11

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
FiveStar<= 1.7 Local File Inclusion	24.3	8.1	Nov 29, 2025
Belletrist<= 1.2 Local File Inclusion	24.3	8.1	Nov 29, 2025
PJ \| Life & Business Coaching<= 3.0.0 Local File Inclusion	32.4	8.1	Nov 29, 2025
HealthFirst<= 1.0.1 Local File Inclusion	16.2	8.1	Nov 29, 2025
Struktur<= 2.5.1 Local File Inclusion	32.4	8.1	Nov 29, 2025
Lorem Ipsum \| Books & Media Store<= 1.2.6 PHP Object Injection	19.6	9.8	Nov 29, 2025
Extreme Store<= 1.5.7 PHP Object Injection	19.6	9.8	Nov 29, 2025
FreightCo<= 1.1.7 Local File Inclusion	16.2	8.1	Nov 29, 2025
R&F<= 1.5 Local File Inclusion	16.2	8.1	Nov 29, 2025
Yokoo<= 1.1.11 Local File Inclusion	24.3	8.1	Nov 29, 2025
Cobble<= 1.7 Local File Inclusion	16.2	8.1	Nov 29, 2025
Plank<= 1.7 Local File Inclusion	16.2	8.1	Nov 29, 2025
Tint<= 1.7 Local File Inclusion	16.2	8.1	Nov 29, 2025
Splendour<= 1.23 Local File Inclusion	16.2	8.1	Nov 29, 2025
Gable<= 1.5 Local File Inclusion	16.2	8.1	Nov 29, 2025
SevenHills<= 1.6.2 PHP Object Injection	39.2	9.8	Nov 20, 2025
KindlyCare<= 1.6.1 PHP Object Injection	39.2	9.8	Nov 20, 2025
Capella<= 2.5.5 PHP Object Injection	39.2	9.8	Nov 20, 2025
The Aisle< 2.9.1 Local File Inclusion	32.4	8.1	Oct 28, 2025
Powerlift< 3.2.1 Local File Inclusion	32.4	8.1	Oct 28, 2025
Biagiotti< 3.5.2 Local File Inclusion	32.4	8.1	Oct 24, 2025
Skillate<= 1.2.10 Cross Site Scripting (XSS)	7.1	7.1	Sep 18, 2025
KenthaRadio<= 2.2.0 Cross Site Scripting (XSS)	7.1	7.1	Sep 17, 2025
Auto Repair<= 22.6 Cross Site Scripting (XSS)	10.65	7.1	Sep 17, 2025
OneLife<= 3.9 PHP Object Injection	17.6	8.8	Sep 17, 2025
Miion<= 1.2.7 Arbitrary File Upload	14.85	9.9	Sep 17, 2025
Bajaar - Highly Customizable WooCommerce WordPress Theme<= 2.1.0 Local File Inclusion	16.2	8.1	Sep 18, 2025
Miion<= 1.2.7 Local File Inclusion	7.5	7.5	Sep 17, 2025
Hostme v2<= 7.0 Arbitrary File Deletion	45	7.5	Sep 16, 2025
Restaurt<= 1.0.4 Arbitrary File Upload	14.85	9.9	Sep 16, 2025
Anona<= 8.0 PHP Object Injection	13.2	8.8	Sep 11, 2025
Anona<= 8.0 Arbitrary File Download	33.75	7.5	Sep 11, 2025
Anona<= 8.0 Arbitrary File Deletion	38.7	8.6	Sep 11, 2025
Anon<= 2.2.10 Cross Site Scripting (XSS)	14.2	7.1	Sep 10, 2025
Vivagh<= 2.4 PHP Object Injection	8.8	8.8	Sep 10, 2025
Kids Heaven<= 3.2 PHP Object Injection	17.6	8.8	Sep 10, 2025
Brookside<= 1.4 Cross Site Scripting (XSS)	7.1	7.1	Sep 10, 2025
Consult Aid<= 1.4.3 PHP Object Injection	19.6	9.8	Sep 10, 2025
AutoParts<= 1.5.8 Local File Inclusion	16.2	8.1	Sep 19, 2025
Search & Go<= 2.8 Local File Inclusion	32.4	8.1	Sep 18, 2025
Right Way<= 4.0 Local File Inclusion	16.2	8.1	Sep 18, 2025
Barberry<= 2.9.9.87 Local File Inclusion	32.4	8.1	Sep 16, 2025
Reprizo<= 1.0.8 Local File Inclusion	16.2	8.1	Sep 16, 2025
Promo<= 1.3.0 Local File Inclusion	16.2	8.1	Sep 16, 2025
Melania<= 2.5.0 Local File Inclusion	24.3	8.1	Sep 10, 2025
Mella<= 1.2.29 Local File Inclusion	16.2	8.1	Sep 10, 2025
Myour<= 1.5.1 Local File Inclusion	24.3	8.1	Sep 10, 2025
TheNa<= 1.5.5 Cross Site Scripting (XSS)	10.65	7.1	Sep 9, 2025
Electron<= 1.8.2 Broken Access Control	4.88	6.5	Sep 9, 2025
xSmart<= 1.2.9.4 Broken Access Control	3.25	6.5	Sep 8, 2025
xSmart<= 1.2.9.4 Privilege Escalation	13.2	8.8	Sep 8, 2025
xSmart<= 1.2.9.4 Cross Site Scripting (XSS)	7.1	7.1	Sep 8, 2025
Drone<= 1.40 Cross Site Scripting (XSS)	10.65	7.1	Sep 5, 2025
Energia<= 1.1.2 Arbitrary File Upload	45	10	Sep 7, 2025
Rosebud<= 1.4 Insecure Direct Object References (IDOR)	4.05	5.4	Dec 10, 2025
Anarkali<= 1.0.9 Local File Inclusion	24.3	8.1	Aug 29, 2025
Depot<= 1.16 Local File Inclusion	32.4	8.1	Sep 9, 2025
Amuli<= 2.3.0 Local File Inclusion	24.3	8.1	Sep 7, 2025
Athens<= 1.1.6 Local File Inclusion	16.2	8.1	Sep 5, 2025
VideoPro<= 2.3.8.1 Local File Inclusion	32.4	8.1	Sep 18, 2025
Typify<= 3.0.2 Local File Inclusion	16.2	8.1	Aug 20, 2025
Racquet<= 1.12.0 Local File Inclusion	16.2	8.1	Aug 19, 2025
Mitech<= 2.3.4 Local File Inclusion	32.4	8.1	Aug 19, 2025
Moody<= 2.7.3 Local File Inclusion	24.3	8.1	Aug 19, 2025
Atlas<= 2.1.0 Local File Inclusion	32.4	8.1	Aug 18, 2025
Navian<= 1.5.4 Local File Inclusion	32.4	8.1	Aug 16, 2025
Brook<= 2.9.0 Local File Inclusion	32.4	8.1	Aug 16, 2025
AeroLand<= 1.6.6 Local File Inclusion	24.3	8.1	Aug 16, 2025
OchaHouse<= 2.2.8 Local File Inclusion	16.2	8.1	Aug 11, 2025
Rozy - Flower Shop<= 1.2.25 Local File Inclusion	16.2	8.1	Aug 6, 2025
Hendon< 1.7 Local File Inclusion	32.4	8.1	Oct 24, 2025
Curly< 3.3 Local File Inclusion	32.4	8.1	Oct 24, 2025
Optimize< 2.4 Local File Inclusion	32.4	8.1	Oct 24, 2025
Wellspring< 2.8 Local File Inclusion	32.4	8.1	Oct 24, 2025
Lobo< 2.8.6 SQL Injection	17	8.5	Oct 15, 2025
Neo Ocular< 1.2 Local File Inclusion	16.2	8.1	Oct 15, 2025
Wanderland<= 1.5 Broken Access Control	8.6	4.3	Dec 4, 2025
Don Peppe<= 1.3 Broken Access Control	3.23	4.3	Dec 4, 2025
Prowess<= 1.8.1 Broken Access Control	8.6	4.3	Dec 4, 2025
Verdure<= 1.6 Insecure Direct Object References (IDOR)	4.05	5.4	Dec 3, 2025
Sweet Jane<= 1.2 Insecure Direct Object References (IDOR)	N/A	5.4	Dec 3, 2025
PhotoMe< 5.7.2 Server Side Request Forgery (SSRF)	10.8	5.4	Dec 3, 2025
Grand Blog< 3.1.5 Server Side Request Forgery (SSRF)	10.8	5.4	Dec 3, 2025
Dolcino<= 1.6 Insecure Direct Object References (IDOR)	5.4	5.4	Dec 3, 2025
Justicia<= 1.2 Insecure Direct Object References (IDOR)	4.05	5.4	Dec 3, 2025
Roam<= 2.1.1 Insecure Direct Object References (IDOR)	5.4	5.4	Dec 3, 2025
Overton<= 1.3 Insecure Direct Object References (IDOR)	4.05	5.4	Dec 3, 2025
Innovio<= 1.7 Insecure Direct Object References (IDOR)	5.4	5.4	Dec 3, 2025
Holmes<= 1.7 Insecure Direct Object References (IDOR)	4.05	5.4	Dec 2, 2025
Fleur<= 2.0 Insecure Direct Object References (IDOR)	5.4	5.4	Dec 2, 2025
Fiorello<= 1.0 Insecure Direct Object References (IDOR)	5.4	5.4	Dec 2, 2025
Curly<= 3.3 Insecure Direct Object References (IDOR)	5.4	5.4	Dec 2, 2025
Cocco<= 1.5.1 Insecure Direct Object References (IDOR)	5.4	5.4	Dec 2, 2025
FreeAgent<= 2.1.2 Local File Inclusion	16.2	8.1	Aug 11, 2025
Issabella<= 1.1.2 Local File Inclusion	16.2	8.1	Aug 11, 2025
Frappé<= 1.8 Local File Inclusion	16.2	8.1	Aug 9, 2025
Hope<= 3.0.0 Local File Inclusion	37.26	8.1	Aug 8, 2025
Gecko<= 1.9.8 Local File Inclusion	32.4	8.1	Aug 8, 2025
Genemy<= 1.6.6 Server Side Request Forgery (SSRF)	3.68	4.9	Oct 28, 2025
Arlo<= 6.0.3 Cross Site Scripting (XSS)	14.2	7.1	Aug 8, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending