Browse all 4 CVE security advisories affecting vran-dev. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Vran-dev develops security-focused software with a core use case in vulnerability assessment and penetration testing tools. Historically, the project has been associated with multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues in its web interfaces and API endpoints. While no major public security incidents have been documented, the four CVEs on record indicate consistent security challenges, particularly in input validation and access control. The project's codebase appears to prioritize functionality over security hardening, resulting in recurring issues that require remediation. Security researchers have noted that vran-dev's tools, while useful for defensive purposes, could potentially be misused due to these underlying vulnerabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-31196 | Server-Side Request Forgery (SSRF) vulnerability in Databasir — databasirCWE-918 | 7.6 | High | 2022-09-02 |
| CVE-2022-24862 | Server-Side Request Forgery in Databasir — databasirCWE-918 | 7.7 | High | 2022-04-20 |
| CVE-2022-24861 | Remote Code Execution in Databasir — databasirCWE-20 | 9.9 | Critical | 2022-04-20 |
| CVE-2022-24860 | Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. — databasirCWE-321 | 7.4 | High | 2022-04-19 |
This page lists every published CVE security advisory associated with vran-dev. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.