Lucene search
K

1188 matches found

Vulnrichment
Vulnrichment
added 2026/05/06 6:42 p.m.11 views

CVE-2026-41938 Vvveb < 1.0.8.2 RCE via Media Upload Handler

Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can uploa...

8.8CVSS6.6AI score0.00541EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:42 p.m.7 views

CVE-2026-41938

Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can uploa...

8.8CVSS6.6AI score0.00541EPSS
Exploits0References5
CVE
CVE
added 2026/05/06 6:42 p.m.10 views

CVE-2026-41938

Vvveb

8.8CVSS6.6AI score0.00541EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/06 6:42 p.m.11 views

EUVD-2026-27893

Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can uploa...

8.8CVSS6.5AI score0.00541EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/06 6:34 p.m.36 views

CVE-2026-41934 Vvveb < 1.0.8.2 Authenticated RCE via Code Editor

Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...

8.8CVSS0.00545EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/06 6:34 p.m.17 views

EUVD-2026-27889

Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code by exploiting insufficient file extension restrictions. Attackers with editor, author, contributor, or...

8.8CVSS6.6AI score0.00545EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:34 p.m.8 views

CVE-2026-41934

Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...

8.8CVSS6.7AI score0.00545EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/06 6:34 p.m.11 views

CVE-2026-41934 Vvveb < 1.0.8.2 Authenticated RCE via Code Editor

Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...

8.8CVSS6.7AI score0.00545EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.9 views

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.2 contained security vulnerabilities. These vulnerabilities stemmed from insufficient file extension restrictions in the...

8.8CVSS6.2AI score0.00545EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.12 views

Vvveb 代码问题漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.2 had code vulnerabilities. These vulnerabilities stemmed from insufficient file upload restrictions in the media upload...

8.8CVSS6.2AI score0.00541EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-38221

Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code by exploiting insufficient file extension restrictions. Attackers with editor, author, contributor, or site...

8.8CVSS6.6AI score0.00545EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.7 views

PT-2026-38223

Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can uploa...

8.8CVSS6.5AI score0.00541EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/05/05 6:48 p.m.254 views

Exploit for Improper Privilege Management in Apache Http_Server

CVE-2026-24072: Apache HTTP Server modrewrite Privilege Escal...

8.8CVSS6AI score0.00654EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2026/05/05 1:46 a.m.11 views

SUSE CVE-2026-24072

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

7.3CVSS5.8AI score0.00654EPSS
Exploits1References7
OSV
OSV
added 2026/05/04 1:16 p.m.4 views

DEBIAN-CVE-2026-24072

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

8.8CVSS5.8AI score0.00654EPSS
Exploits1References1
NVD
NVD
added 2026/05/04 1:16 p.m.20 views

CVE-2026-24072

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

8.8CVSS0.00654EPSS
Exploits1References2
OSV
OSV
added 2026/05/04 1:16 p.m.9 views

ALPINE-CVE-2026-24072

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

8.8CVSS5.8AI score0.00654EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 12:37 p.m.13 views

CVE-2026-24072

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.8AI score0.00654EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/04 12:37 p.m.30 views

EUVD-2026-26944

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

8.8CVSS5.8AI score0.00654EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/04 12:37 p.m.7 views

CVE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.8AI score0.00654EPSS
Exploits1References1
Rows per page
Query Builder