Givanz Vvveb
37 CVEs affecting Givanz Vvveb. Latest disclosed: 2026-05-15. Critical: 2, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-41930 | Critical | 9.8 | 2026-05-06 | Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attack… |
CVE-2026-39918 | Critical | 9.8 | 2026-04-20 | Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env… |
CVE-2026-41938 | High | 8.8 | 2026-05-06 | Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload p… |
CVE-2026-41934 | High | 8.8 | 2026-05-06 | Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated use… |
CVE-2026-34427 | High | 8.8 | 2026-04-20 | Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileg… |
CVE-2026-46407 | High | 8.1 | 2026-05-15 | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint… |
CVE-2026-41936 | High | 8.1 | 2026-05-06 | Vvveb before version 1.0.8.2 contains an XML external entity (XXE) injection vulnerability in the admin Tools/Import feature that allows authenticated site_adm… |
CVE-2026-34428 | High | 7.7 | 2026-04-20 | Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is pa… |
CVE-2026-46408 | High | 7.6 | 2026-05-15 | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-… |
CVE-2026-44826 | High | 7.5 | 2026-05-15 | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign… |
CVE-2026-41937 | High | 7.2 | 2026-05-14 | Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super_admin users to execute arbitrary PHP co… |
CVE-2026-41935 | High | 7.1 | 2026-05-14 | Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base::init() repeatedly invokes permission()… |
CVE-2025-12203 | Medium | 6.3 | 2025-10-27 | A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the componen… |
CVE-2025-9397 | Medium | 6.3 | 2025-08-24 | A weakness has been identified in givanz Vvveb up to 1.0.7.2. Affected is an unknown function of the file /system/traits/media.php. Executing manipulation of t… |
CVE-2025-8517 | Medium | 6.3 | 2025-08-04 | A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted is an unknown function. The manipulation results in session fixiation. The attack can be launche… |
CVE-2026-44366 | Medium | 6.1 | 2026-05-15 | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting (XSS) v… |
CVE-2026-41932 | Medium | 6.1 | 2026-05-14 | Vvveb before 1.0.8.3 contains a stored cross-site scripting vulnerability in the customer signup flow where the Signup::addUser() controller copies raw POST us… |
CVE-2026-41929 | Medium | 6.1 | 2026-05-07 | Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to ex… |
CVE-2026-34429 | Medium | 5.4 | 2026-04-20 | Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute… |
CVE-2026-41933 | Medium | 5.3 | 2026-05-14 | Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories… |