2 matches found
CVE-2026-34429
creationtimestamp| type| source ---|---|--- 2026-04-20 15:57:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjwtha6toy2e...
CVE-2026-34429 Vvveb < 1.0.8.1 Stored XSS via Media Upload and Rename
Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by bypassing MIME type validation and renaming uploaded files to executable extensions. Attackers can prepend a GIF8...