EUVD-2026-28459

Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...

CVE-2026-41930 Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...

CVE-2026-39918

Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the string context in t...

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS from Givan Personal Developers for building websites, blogs or e-commerce stores. A security vulnerability exists in Vvveb version v1.0.6, which stems from a flaw in the plugin mechanism that could lead to the execution of arbitrary code...