Chetan Kashyap

3 exploits Active since Jun 2025
CVE-2024-46452 WRITEUP MEDIUM WRITEUP
VigyBag Open Source Online Shop <commit 3f0e21b - SSRF
A Host Header injection vulnerability in the password reset function of VigyBag Open Source Online Shop commit 3f0e21b allows attackers to redirect victim users to a malicious site via a crafted URL.
CVSS 6.1
CVE-2025-45001 WRITEUP HIGH WRITEUP
react-native-keys 0.7.11 - Cleartext Storage of Sensitive Information in Compiled Native Binary
react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools.
CVSS 7.5
CVE-2025-45002 WRITEUP MEDIUM WRITEUP
vigybag < 1.0 - Cross-Site Scripting via Profile Picture Upload
Vigybag v1.0 and before is vulnerable to Cross Site Scripting (XSS) via the upload profile picture function under my profile.
CVSS 5.4