Vendor CVEs
Givanz
All CVEs
42 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39918 | Cri | 0.57 | 9.8 | 0.01 | Apr 20, 2026 | Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the… | ||
| CVE-2026-6257 | Cri | 0.52 | 9.1 | 0.01 | Apr 20, 2026 | Vvveb CMS v1.0.8.2 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htaccess. Attackers can exploit this… | ||
| CVE-2026-45800 | Hig | 0.50 | — | 0.00 | May 15, 2026 | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access… | ||
| CVE-2026-41934 | Hig | 0.50 | 8.8 | 0.01 | May 6, 2026 | Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable… | ||
| CVE-2026-6249 | Hig | 0.50 | 8.8 | 0.01 | Apr 20, 2026 | Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass the extension deny-list and… | ||
| CVE-2026-34427 | Hig | 0.50 | 8.8 | 0.01 | Apr 20, 2026 | Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save requests to escalate to Super… | ||
| CVE-2026-46407 | Hig | 0.46 | 8.1 | 0.00 | May 15, 2026 | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator to load another administrator's REST API token list by supplying that user's… | ||
| CVE-2026-41936 | Hig | 0.46 | 8.1 | 0.00 | May 6, 2026 | Vvveb before version 1.0.8.2 contains an XML external entity (XXE) injection vulnerability in the admin Tools/Import feature that allows authenticated site_admin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in… | ||
| CVE-2026-34428 | Hig | 0.43 | 7.7 | 0.00 | Apr 20, 2026 | Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl() via curl without scheme or destination validation. Authenticated backend users can supply… | ||
| CVE-2026-46408 | Hig | 0.42 | 7.6 | 0.00 | May 15, 2026 | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter the payment flow without verifying cart ownership. A logged-in attacker can… | ||
| CVE-2026-44826 | Hig | 0.42 | 7.5 | 0.00 | May 15, 2026 | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated… | ||
| CVE-2025-9397 | Med | 0.41 | 6.3 | 0.00 | Aug 24, 2025 | A weakness has been identified in givanz Vvveb up to 1.0.7.2. Affected is an unknown function of the file /system/traits/media.php. Executing manipulation of the argument files[] can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made… | ||
| CVE-2025-8517 | Med | 0.41 | 6.3 | 0.01 | Aug 4, 2025 | A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted is an unknown function. The manipulation results in session fixiation. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to version 1.0.7 is recommended to address this issue.… | ||
| CVE-2026-41937 | Hig | 0.40 | 7.2 | 0.00 | May 14, 2026 | Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super_admin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header… | ||
| CVE-2026-41935 | Hig | 0.39 | 7.1 | 0.00 | May 14, 2026 | Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base::init() repeatedly invokes permission() on error handlers, causing infinite recursion until PHP memory limits are exhausted. Attackers can send sustained… | ||
| CVE-2025-12203 | Med | 0.34 | 6.3 | 0.00 | Oct 27, 2025 | A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing a manipulation of the argument File can lead to path traversal. The attack can be launched… | ||
| CVE-2025-8518 | Med | 0.34 | 4.7 | 0.01 | Aug 4, 2025 | A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection. The attack may be launched remotely.… | ||
| CVE-2026-44366 | Med | 0.33 | 6.1 | 0.00 | May 15, 2026 | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Vvveb CMS comment submission flow. The author field is submitted by an unauthenticated user… | ||
| CVE-2026-41932 | Med | 0.33 | 6.1 | 0.00 | May 14, 2026 | Vvveb before 1.0.8.3 contains a stored cross-site scripting vulnerability in the customer signup flow where the Signup::addUser() controller copies raw POST username values into the display_name field before sanitization occurs. Attackers can submit HTML and script markup in the… | ||
| CVE-2026-41929 | Med | 0.33 | 6.1 | 0.00 | May 7, 2026 | Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and _component_ajax POST parameter. Attackers can craft… | ||
| CVE-2025-8522 | Med | 0.33 | 5.0 | 0.00 | Aug 4, 2025 | A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Affected is an unknown function of the file /save.php of the component node.js. The manipulation of the argument File leads to path traversal. It is possible to launch the attack… | ||
| CVE-2025-8520 | Med | 0.31 | 4.7 | 0.00 | Aug 4, 2025 | A vulnerability classified as critical was found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to server-side request forgery.… | ||
| CVE-2026-34429 | Med | 0.28 | 5.4 | 0.00 | Apr 20, 2026 | Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by bypassing MIME type validation and renaming uploaded files to executable extensions. Attackers… | ||
| CVE-2025-11029 | Med | 0.28 | 4.3 | 0.00 | Sep 26, 2025 | A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.… | ||
| CVE-2026-45622 | Med | 0.27 | — | 0.00 | May 15, 2026 | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting (XSS) issue in the public product return form in Vvveb CMS. The customer_order_id POST parameter… | ||
| CVE-2026-41933 | Med | 0.27 | 5.3 | 0.00 | May 14, 2026 | Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such… | ||
| CVE-2026-41928 | Med | 0.27 | 5.3 | 0.00 | May 7, 2026 | Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access the cron controller without authentication and retrieve the exposed secret key… | ||
| CVE-2026-45616 | Med | 0.26 | — | 0.00 | May 15, 2026 | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, This vulnerability is fixed in 1.0.8.3. | ||
| CVE-2025-11944 | Med | 0.24 | 4.7 | 0.01 | Oct 19, 2025 | A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL Handler. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been… | ||
| CVE-2025-11026 | Low | 0.23 | 3.5 | 0.00 | Sep 26, 2025 | A vulnerability was determined in givanz Vvveb up to 1.0.7.2. Affected by this vulnerability is an unknown functionality of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been… | ||
| CVE-2025-8976 | Low | 0.23 | 3.5 | 0.00 | Aug 14, 2025 | A vulnerability has been found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/index.php?module=content/post&type=post of the component Endpoint. The manipulation leads to cross site scripting. The attack can be initiated remotely. The… | ||
| CVE-2025-8975 | Low | 0.23 | 3.5 | 0.00 | Aug 14, 2025 | A vulnerability was identified in givanz Vvveb up to 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been… | ||
| CVE-2026-5615 | Med | 0.21 | 4.3 | 0.01 | Apr 6, 2026 | A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argument uploadAllowExtensions causes cross site scripting. Remote exploitation of the… | ||
| CVE-2025-8519 | Low | 0.18 | 2.7 | 0.00 | Aug 4, 2025 | A vulnerability classified as problematic has been found in givanz Vvveb up to 1.0.5. This affects an unknown part of the file /vadmin123/index.php?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to information disclosure.… | ||
| CVE-2025-11027 | Low | 0.16 | 2.4 | 0.00 | Sep 26, 2025 | A vulnerability was identified in givanz Vvveb up to 1.0.7.2. Affected by this issue is some unknown functionality of the component SVG File Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might… | ||
| CVE-2025-8521 | Low | 0.16 | 2.4 | 0.00 | Aug 4, 2025 | A vulnerability, which was classified as problematic, has been found in givanz Vvveb up to 1.0.5. This issue affects some unknown processing of the file /vadmin123/index.php?module=settings/post-types of the component Add Type Handler. The manipulation leads to cross site… | ||
| CVE-2024-25182 | 0.00 | — | 0.00 | Dec 29, 2025 | givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php. | |||
| CVE-2024-25183 | 0.00 | — | 0.01 | Dec 29, 2025 | givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php. | |||
| CVE-2024-25181 | 0.00 | — | 0.00 | Dec 29, 2025 | A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery (SSRF) and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "file_get_contents" function within the "save.php"… | |||
| CVE-2024-27480 | 0.00 | — | 0.00 | Dec 29, 2025 | givanz VvvebJs 1.7.2 is vulnerable to Insecure File Upload. | |||
| CVE-2025-11028 | 0.00 | — | 0.01 | Sep 26, 2025 | A security flaw has been discovered in givanz Vvveb up to 1.0.7.2. This affects an unknown part of the component Image Handler. Performing manipulation results in information disclosure. Remote exploitation of the attack is possible. The exploit has been released to the public… | |||
| CVE-2025-9728 | 0.00 | — | 0.00 | Aug 31, 2025 | A security vulnerability has been detected in givanz Vvveb 1.0.7.2. This affects an unknown part of the file app/template/user/login.tpl. Such manipulation of the argument Email/Password leads to cross site scripting. The attack can be executed remotely. The name of the patch is… |
- risk 0.57cvss 9.8epss 0.01
Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the…
- risk 0.52cvss 9.1epss 0.01
Vvveb CMS v1.0.8.2 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htaccess. Attackers can exploit this…
- risk 0.50cvss —epss 0.00
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access…
- risk 0.50cvss 8.8epss 0.01
Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable…
- risk 0.50cvss 8.8epss 0.01
Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass the extension deny-list and…
- risk 0.50cvss 8.8epss 0.01
Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save requests to escalate to Super…
- risk 0.46cvss 8.1epss 0.00
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator to load another administrator's REST API token list by supplying that user's…
- risk 0.46cvss 8.1epss 0.00
Vvveb before version 1.0.8.2 contains an XML external entity (XXE) injection vulnerability in the admin Tools/Import feature that allows authenticated site_admin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in…
- risk 0.43cvss 7.7epss 0.00
Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl() via curl without scheme or destination validation. Authenticated backend users can supply…
- risk 0.42cvss 7.6epss 0.00
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter the payment flow without verifying cart ownership. A logged-in attacker can…
- risk 0.42cvss 7.5epss 0.00
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated…
- risk 0.41cvss 6.3epss 0.00
A weakness has been identified in givanz Vvveb up to 1.0.7.2. Affected is an unknown function of the file /system/traits/media.php. Executing manipulation of the argument files[] can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made…
- risk 0.41cvss 6.3epss 0.01
A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted is an unknown function. The manipulation results in session fixiation. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to version 1.0.7 is recommended to address this issue.…
- risk 0.40cvss 7.2epss 0.00
Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super_admin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header…
- risk 0.39cvss 7.1epss 0.00
Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base::init() repeatedly invokes permission() on error handlers, causing infinite recursion until PHP memory limits are exhausted. Attackers can send sustained…
- risk 0.34cvss 6.3epss 0.00
A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing a manipulation of the argument File can lead to path traversal. The attack can be launched…
- risk 0.34cvss 4.7epss 0.01
A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection. The attack may be launched remotely.…
- risk 0.33cvss 6.1epss 0.00
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Vvveb CMS comment submission flow. The author field is submitted by an unauthenticated user…
- risk 0.33cvss 6.1epss 0.00
Vvveb before 1.0.8.3 contains a stored cross-site scripting vulnerability in the customer signup flow where the Signup::addUser() controller copies raw POST username values into the display_name field before sanitization occurs. Attackers can submit HTML and script markup in the…
- risk 0.33cvss 6.1epss 0.00
Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and _component_ajax POST parameter. Attackers can craft…
- risk 0.33cvss 5.0epss 0.00
A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Affected is an unknown function of the file /save.php of the component node.js. The manipulation of the argument File leads to path traversal. It is possible to launch the attack…
- risk 0.31cvss 4.7epss 0.00
A vulnerability classified as critical was found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to server-side request forgery.…
- risk 0.28cvss 5.4epss 0.00
Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by bypassing MIME type validation and renaming uploaded files to executable extensions. Attackers…
- risk 0.28cvss 4.3epss 0.00
A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.…
- risk 0.27cvss —epss 0.00
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting (XSS) issue in the public product return form in Vvveb CMS. The customer_order_id POST parameter…
- risk 0.27cvss 5.3epss 0.00
Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such…
- risk 0.27cvss 5.3epss 0.00
Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access the cron controller without authentication and retrieve the exposed secret key…
- risk 0.26cvss —epss 0.00
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, This vulnerability is fixed in 1.0.8.3.
- risk 0.24cvss 4.7epss 0.01
A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL Handler. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was determined in givanz Vvveb up to 1.0.7.2. Affected by this vulnerability is an unknown functionality of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been…
- risk 0.23cvss 3.5epss 0.00
A vulnerability has been found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/index.php?module=content/post&type=post of the component Endpoint. The manipulation leads to cross site scripting. The attack can be initiated remotely. The…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was identified in givanz Vvveb up to 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been…
- risk 0.21cvss 4.3epss 0.01
A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argument uploadAllowExtensions causes cross site scripting. Remote exploitation of the…
- risk 0.18cvss 2.7epss 0.00
A vulnerability classified as problematic has been found in givanz Vvveb up to 1.0.5. This affects an unknown part of the file /vadmin123/index.php?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to information disclosure.…
- risk 0.16cvss 2.4epss 0.00
A vulnerability was identified in givanz Vvveb up to 1.0.7.2. Affected by this issue is some unknown functionality of the component SVG File Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might…
- risk 0.16cvss 2.4epss 0.00
A vulnerability, which was classified as problematic, has been found in givanz Vvveb up to 1.0.5. This issue affects some unknown processing of the file /vadmin123/index.php?module=settings/post-types of the component Add Type Handler. The manipulation leads to cross site…
- CVE-2024-25182Dec 29, 2025risk 0.00cvss —epss 0.00
givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php.
- CVE-2024-25183Dec 29, 2025risk 0.00cvss —epss 0.01
givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php.
- CVE-2024-25181Dec 29, 2025risk 0.00cvss —epss 0.00
A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery (SSRF) and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "file_get_contents" function within the "save.php"…
- CVE-2024-27480Dec 29, 2025risk 0.00cvss —epss 0.00
givanz VvvebJs 1.7.2 is vulnerable to Insecure File Upload.
- CVE-2025-11028Sep 26, 2025risk 0.00cvss —epss 0.01
A security flaw has been discovered in givanz Vvveb up to 1.0.7.2. This affects an unknown part of the component Image Handler. Performing manipulation results in information disclosure. Remote exploitation of the attack is possible. The exploit has been released to the public…
- CVE-2025-9728Aug 31, 2025risk 0.00cvss —epss 0.00
A security vulnerability has been detected in givanz Vvveb 1.0.7.2. This affects an unknown part of the file app/template/user/login.tpl. Such manipulation of the argument Email/Password leads to cross site scripting. The attack can be executed remotely. The name of the patch is…