Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity)

19,104.26

XP

947

Reports

141

Reports, last 90 days

#4

3 Apr, 2026

🇻🇳

Lvl 12

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Sanzo< 2.4.3 Cross Site Scripting (XSS)	3.25	6.5	15/01/2026
Meloo< 2.8.2 PHP Object Injection	13.2	8.8	15/01/2026
Jaroti< 1.4.8 Cross Site Scripting (XSS)	14.2	7.1	15/01/2026
Loobek< 1.5.2 Cross Site Scripting (XSS)	14.2	7.1	15/01/2026
Miti< 1.5.3 Cross Site Scripting (XSS)	7.1	7.1	15/01/2026
MyMedi< 1.7.7 Cross Site Scripting (XSS)	14.2	7.1	15/01/2026
Yobazar< 1.6.7 Cross Site Scripting (XSS)	14.2	7.1	15/01/2026
Reebox< 1.4.8 Cross Site Scripting (XSS)	10.65	7.1	15/01/2026
Nooni< 1.5.1 Cross Site Scripting (XSS)	14.2	7.1	15/01/2026
MyDecor< 1.5.9 Cross Site Scripting (XSS)	14.2	7.1	15/01/2026
Riode< 1.6.29 Cross Site Scripting (XSS)	14.2	7.1	29/01/2026
Pendulum< 3.1.5 PHP Object Injection	17.6	8.8	15/01/2026
Vex< 1.2.9 PHP Object Injection	8.8	8.8	15/01/2026
Molla< 1.5.19 Cross Site Scripting (XSS)	14.2	7.1	29/01/2026
Scape< 1.5.16 Arbitrary File Deletion	51.6	8.6	05/02/2026
The League<= 4.4.1 Broken Access Control	6.5	6.5	20/12/2025
Mixtape<= 2.1 Local File Inclusion	32.4	8.1	19/12/2025
Moments<= 2.2 Local File Inclusion	32.4	8.1	19/12/2025
Visionary Core<= 1.4.9 Cross Site Scripting (XSS)	14.2	7.1	14/12/2025
Jobica Core<= 1.4.1 Cross Site Scripting (XSS)	14.2	7.1	14/12/2025
The Aisle Core<= 2.0.5 Local File Inclusion	32.4	8.1	14/12/2025
Visionary Core<= 1.4.9 PHP Object Injection	17.6	8.8	14/12/2025
Jobica Core<= 1.4.1 PHP Object Injection	17.6	8.8	14/12/2025
Jobica Core<= 1.4.2 Broken Authentication	58.8	9.8	14/12/2025
Curly Core<= 2.1.6 Local File Inclusion	32.4	8.1	14/12/2025
Organici Library<= 2.1.2 SQL Injection	17	8.5	14/12/2025
Organici Library<= 2.1.2 PHP Object Injection	17.6	8.8	14/12/2025
Organici Library<= 2.1.2 Cross Site Scripting (XSS)	14.2	7.1	14/12/2025
CitiLights<= 3.7.1 PHP Object Injection	17.6	8.8	14/12/2025
CitiLights<= 3.7.1 Cross Site Scripting (XSS)	14.2	7.1	14/12/2025
Golo<= 1.7.0 Privilege Escalation	58.8	9.8	13/12/2025
Love Story<= 1.3.12 PHP Object Injection	29.4	9.8	10/12/2025
Work & Travel Company<= 1.2 PHP Object Injection	39.2	9.8	10/12/2025
Buisson<= 1.1.11 PHP Object Injection	39.2	9.8	10/12/2025
Belfort<= 1.0 Local File Inclusion	32.4	8.1	10/12/2025
LuxeDrive<= 1.0 Local File Inclusion	24.3	8.1	10/12/2025
MultiOffice<= 1.2 Local File Inclusion	32.4	8.1	10/12/2025
Amfissa<= 1.1 Local File Inclusion	32.4	8.1	10/12/2025
Deston<= 1.0 Local File Inclusion	32.4	8.1	10/12/2025
Emaurri<= 1.0.1 Local File Inclusion	32.4	8.1	10/12/2025
Rosebud<= 1.4 Local File Inclusion	24.3	8.1	10/12/2025
Melody<= 1.6.3 PHP Object Injection	32.4	8.1	08/12/2025
Beelove<= 1.2.6 PHP Object Injection	29.4	9.8	08/12/2025
Wizor's<= 2.12 Local File Inclusion	32.4	8.1	08/12/2025
VegaDays<= 1.2.0 Local File Inclusion	16.2	8.1	08/12/2025
Unica<= 1.4.1 Local File Inclusion	24.3	8.1	08/12/2025
Roisin<= 1.2.1 Local File Inclusion	24.3	8.1	08/12/2025
NeoBeat<= 1.2 Local File Inclusion	32.4	8.1	08/12/2025
Amoli<= 1.0 Local File Inclusion	16.2	8.1	08/12/2025
Morning Records<= 1.2 PHP Object Injection	16.2	8.1	08/12/2025
m2 \| Construction and Tools Store<= 1.1.2 PHP Object Injection	19.6	9.8	08/12/2025
Tripgo< 1.5.6 Local File Inclusion	24.3	8.1	08/12/2025
Triompher<= 1.1.0 Local File Inclusion	16.2	8.1	08/12/2025
Gioia<= 1.4 Local File Inclusion	32.4	8.1	08/12/2025
Dentalux<= 3.3 Local File Inclusion	32.4	8.1	08/12/2025
ProLingua<= 1.1.12 Local File Inclusion	24.3	8.1	08/12/2025
Nelson<= 1.2.0 Local File Inclusion	24.3	8.1	08/12/2025
Mr. Cobbler<= 1.1.9 Local File Inclusion	16.2	8.1	08/12/2025
Lella<= 1.2 Local File Inclusion	16.2	8.1	08/12/2025
Laurent<= 3.1 Local File Inclusion	32.4	8.1	08/12/2025
Hypnotherapy<= 1.2.10 Local File Inclusion	32.4	8.1	08/12/2025
Greenville<= 1.3.2 Local File Inclusion	16.2	8.1	08/12/2025
Good Homes<= 1.3.13 Local File Inclusion	16.2	8.1	08/12/2025
Gaspard<= 1.3 Local File Inclusion	16.2	8.1	08/12/2025
Mounthood<= 1.3.2 PHP Object Injection	19.6	9.8	08/12/2025
Jardi<= 1.7.2 PHP Object Injection	29.4	9.8	08/12/2025
Estate<= 1.3.4 PHP Object Injection	29.4	9.8	07/12/2025
Equestrian Centre<= 1.5 PHP Object Injection	29.4	9.8	07/12/2025
Dental Clinic<= 3.7 PHP Object Injection	17.6	8.8	07/12/2025
ColorFolio - Freelance Designer WordPress Theme<= 1.3 Deserialization of untrusted data	8.1	8.1	07/12/2025
Etchy<= 1.0 Local File Inclusion	16.2	8.1	07/12/2025
FindAll<= 1.4 Local File Inclusion	16.2	8.1	07/12/2025
Felizia<= 1.3.4 Local File Inclusion	16.2	8.1	07/12/2025
CasaMia \| Property Rental Real Estate WordPress Theme<= 1.1.2 Local File Inclusion	32.4	8.1	07/12/2025
Au Pair Agency - Babysitting & Nanny Theme<= 1.2.2 Deserialization of untrusted data	16.2	8.1	07/12/2025
AC Services \| HVAC, Air Conditioning & Heating Company WordPress Theme<= 1.2.5 Local File Inclusion	32.4	8.1	07/12/2025
Agrofood< 1.4.0 Cross Site Scripting (XSS)	10.65	7.1	04/12/2025
Thebe<= 1.3.0 Cross Site Scripting (XSS)	7.1	7.1	04/12/2025
Solaris<= 2.5 PHP Object Injection	19.6	9.8	04/12/2025
Pets Club<= 2.3 PHP Object Injection	29.4	9.8	04/12/2025
Handyman<= 1.4.7 PHP Object Injection	29.4	9.8	04/12/2025
Cookiteer<= 1.4.8 Local File Inclusion	8.1	8.1	04/12/2025
Classter<= 2.5 PHP Object Injection	19.6	9.8	04/12/2025
Wanderland<= 1.5 Local File Inclusion	32.4	8.1	04/12/2025
Askka<= 1.0 Local File Inclusion	32.4	8.1	04/12/2025
Remons<= 1.3.4 Local File Inclusion	16.2	8.1	04/12/2025
Hoverex<= 1.5.10 Local File Inclusion	32.4	8.1	04/12/2025
Don Peppe<= 1.3 Local File Inclusion	24.3	8.1	04/12/2025
Berger<= 1.1.1 Local File Inclusion	24.3	8.1	04/12/2025
Prowess<= 1.8.1 Local File Inclusion	32.4	8.1	04/12/2025
Thecs<= 1.4.7 Cross Site Scripting (XSS)	10.65	7.1	03/12/2025
TheBi<= 1.0.5 Cross Site Scripting (XSS)	7.1	7.1	03/12/2025
Nutrie< 2.0.1 Arbitrary File Upload	14.85	9.9	03/12/2025
Lendiz< 2.0.1 Arbitrary File Upload	14.85	9.9	03/12/2025
Keenarch< 2.0.1 Arbitrary File Upload	14.85	9.9	03/12/2025
Grand Wedding<= 3.1.0 PHP Object Injection	19.6	9.8	03/12/2025
Charety< 2.0.2 Arbitrary File Upload	29.7	9.9	03/12/2025
Car Zone<= 3.7 Deserialization of untrusted data	17.6	8.8	03/12/2025
Ratatouille<= 1.2.6 Server Side Request Forgery (SSRF)	6.4	6.4	29/09/2025
Global Logistics<= 3.20 Local File Inclusion	37.26	8.1	30/09/2025

Report vulnerabilities to earn bounties and rewards!

Include pending