VYPR

Vvveb

by Vvveb

Source repositories

CVEs (23)

  • CVE-2026-41930CriMay 6, 2026
    risk 0.57cvss 9.8epss 0.00

    Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the…

  • CVE-2026-41938HigMay 6, 2026
    risk 0.50cvss 8.8epss 0.01

    Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler.…

  • CVE-2026-41936HigMay 6, 2026
    risk 0.46cvss 8.1epss 0.00

    Vvveb before version 1.0.8.2 contains an XML external entity (XXE) injection vulnerability in the admin Tools/Import feature that allows authenticated site_admin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in…

  • CVE-2025-9397MedAug 24, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in givanz Vvveb up to 1.0.7.2. Affected is an unknown function of the file /system/traits/media.php. Executing manipulation of the argument files[] can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made…

  • CVE-2025-8517MedAug 4, 2025
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted is an unknown function. The manipulation results in session fixiation. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to version 1.0.7 is recommended to address this issue.…

  • CVE-2026-41937HigMay 14, 2026
    risk 0.40cvss 7.2epss 0.00

    Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super_admin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header…

  • CVE-2026-41935HigMay 14, 2026
    risk 0.39cvss 7.1epss 0.00

    Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base::init() repeatedly invokes permission() on error handlers, causing infinite recursion until PHP memory limits are exhausted. Attackers can send sustained…

  • CVE-2025-12203MedOct 27, 2025
    risk 0.34cvss 6.3epss 0.00

    A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing a manipulation of the argument File can lead to path traversal. The attack can be launched…

  • CVE-2025-8518MedAug 4, 2025
    risk 0.34cvss 4.7epss 0.01

    A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection. The attack may be launched remotely.…

  • CVE-2026-41932MedMay 14, 2026
    risk 0.33cvss 6.1epss 0.00

    Vvveb before 1.0.8.3 contains a stored cross-site scripting vulnerability in the customer signup flow where the Signup::addUser() controller copies raw POST username values into the display_name field before sanitization occurs. Attackers can submit HTML and script markup in the…

  • CVE-2025-8520MedAug 4, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability classified as critical was found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to server-side request forgery.…

  • CVE-2025-11029MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.…

  • CVE-2026-41933MedMay 14, 2026
    risk 0.27cvss 5.3epss 0.00

    Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such…

  • CVE-2026-41928MedMay 7, 2026
    risk 0.27cvss 5.3epss 0.00

    Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access the cron controller without authentication and retrieve the exposed secret key…

  • CVE-2026-41931MedMay 6, 2026
    risk 0.27cvss 5.3epss 0.00

    Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to…

  • CVE-2025-11944MedOct 19, 2025
    risk 0.24cvss 4.7epss 0.01

    A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL Handler. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been…

  • CVE-2025-11026LowSep 26, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was determined in givanz Vvveb up to 1.0.7.2. Affected by this vulnerability is an unknown functionality of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been…

  • CVE-2025-8976LowAug 14, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability has been found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/index.php?module=content/post&type=post of the component Endpoint. The manipulation leads to cross site scripting. The attack can be initiated remotely. The…

  • CVE-2025-8975LowAug 14, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was identified in givanz Vvveb up to 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been…

  • CVE-2025-8519LowAug 4, 2025
    risk 0.18cvss 2.7epss 0.00

    A vulnerability classified as problematic has been found in givanz Vvveb up to 1.0.5. This affects an unknown part of the file /vadmin123/index.php?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to information disclosure.…

Page 1 of 2