11 matches found
CVE-2026-41928
Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access the cron controller without authentication and retrieve the exposed secret key from the response,...
EUVD-2026-28458
Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access the cron controller without authentication and retrieve the exposed secret key from the response,...
CVE-2026-41928
CVE-2026-41928 affects Vvveb before 1.0.8.2. Affected: cron controller component which exposes an information disclosure vulnerability. Root cause: unauthenticated access allows retrieval of the application’s secret cron key from the cron controller response, enabling potential misuse to trigger ...
CVE-2026-41928 Vvveb < 1.0.8.2 Information Disclosure via Cron Controller
Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access the cron controller without authentication and retrieve the exposed secret key from the response,...
CVE-2026-41928 Vvveb < 1.0.8.2 Information Disclosure via Cron Controller
Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access the cron controller without authentication and retrieve the exposed secret key from the response,...
Vvveb 安全漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s developers, used for building websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.2 contained security vulnerabilities. These vulnerabilities stemmed from information leaks in the cron controller, which could allow...
CVE-2025-12177
The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired and clearTempDataCPCron functions in all versions up to, and including, 3.3.30. This makes it possible for unauthenticated attackers to trigger these cron jobs...
EUVD-2025-38361
The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired and clearTempDataCPCron functions in all versions up to, and including, 3.3.30. This makes it possible for unauthenticated attackers to trigger these cron jobs...
CVE-2025-12177
The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired and clearTempDataCPCron functions in all versions up to, and including, 3.3.30. This makes it possible for unauthenticated attackers to trigger these cron jobs...
CVE-2025-12177 Download Manager <= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key
The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired and clearTempDataCPCron functions in all versions up to, and including, 3.3.30. This makes it possible for unauthenticated attackers to trigger these cron jobs...
PT-2025-45551
Name of the Vulnerable Software and Affected Versions WordPress Download Manager plugin versions prior to 3.3.31 Description The WordPress Download Manager plugin contains a flaw due to a hardcoded Cron key used in the deleteExpired and clearTempDataCPCron functions. This allows unauthenticated...