Lucene search
K

14 matches found

Cvelist
Cvelist
โ€ขadded 2026/05/15 6:44 p.m.โ€ข33 views

CVE-2026-45800 Vvveb: Authenticated SQL injection in /user/orders via order_by and direction

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access /user/orders. The orderby and...

8.7CVSS0.00011EPSS
Exploits0References1
Vulnrichment
Vulnrichment
โ€ขadded 2026/05/15 6:42 p.m.โ€ข5 views

CVE-2026-45622 Vvveb: Unauthenticated reflected XSS in public product return form via customer_order_id

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting XSS issue in the public product return form in Vvveb CMS. The customerorderid POST parameter is inserted into the...

5.3CVSS5.6AI score0.00062EPSS
Exploits0References1
Cvelist
Cvelist
โ€ขadded 2026/05/15 6:33 p.m.โ€ข31 views

CVE-2026-44366 Vvveb: Stored XSS via Comment Author Field

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting XSS vulnerability exists in the Vvveb CMS comment submission flow. The author field is submitted by an unauthenticated user on any public post...

6.1CVSS0.00019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
โ€ขadded 2026/05/15 6:33 p.m.โ€ข6 views

CVE-2026-44366 Vvveb: Stored XSS via Comment Author Field

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting XSS vulnerability exists in the Vvveb CMS comment submission flow. The author field is submitted by an unauthenticated user on any public post...

6.1CVSS5.8AI score0.00019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2026/05/07 2:20 a.m.โ€ข5 views

CVE-2026-6249

Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass the extension deny-list and upload malicious...

8.8CVSS6.7AI score0.0004EPSS
Exploits0References1
EUVD
EUVD
โ€ขadded 2026/04/20 9:31 p.m.โ€ข1 views

EUVD-2026-23942

Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htaccess. Attackers can exploit this logic flaw by first...

9.2CVSS6.7AI score0.00118EPSS
Exploits0References3
Vulnrichment
Vulnrichment
โ€ขadded 2026/04/20 7:57 p.m.โ€ข0 views

CVE-2026-6249 Vvveb CMS 1.0.8.2 Remote Code Execution via Media Upload

Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass the extension deny-list and upload malicious...

8.8CVSS6.7AI score0.0004EPSS
Exploits0References2
EUVD
EUVD
โ€ขadded 2025/10/03 8:7 p.m.โ€ข2 views

EUVD-2025-14303

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.04541EPSS
Exploits1References4
GithubExploit
GithubExploit
โ€ขadded 2025/08/22 3:1 a.m.โ€ข100 views

Exploit for CVE-2025-9728

Reflected XSS in Login Form Email & Password Fields Vvveb CM...

5.3CVSS6.3AI score0.00097EPSS
Exploits2
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/14 12:41 a.m.โ€ข13 views

CVE-2025-44022

An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism...

9.8CVSS7.9AI score0.04541EPSS
Exploits1References1
NVD
NVD
โ€ขadded 2025/05/12 4:15 p.m.โ€ข15 views

CVE-2025-44022

An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism...

9.8CVSS0.04541EPSS
Exploits1References3
Cvelist
Cvelist
โ€ขadded 2025/05/12 12:0 a.m.โ€ข9 views

CVE-2025-44022

An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism...

0.04541EPSS
Exploits1References3
Vulnrichment
Vulnrichment
โ€ขadded 2025/05/12 12:0 a.m.โ€ข6 views

CVE-2025-44022

An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism...

9.7AI score0.04541EPSS
Exploits1References3
Positive Technologies
Positive Technologies
โ€ขadded 2025/05/12 12:0 a.m.โ€ข3 views

PT-2025-20707 ยท Vvveb Cms ยท Vvveb Cms

Name of the Vulnerable Software and Affected Versions: vvveb CMS version 1.0.6 Description: An issue in vvveb CMS allows a remote attacker to execute arbitrary code via the Plugin mechanism. Recommendations: For vvveb CMS version 1.0.6, consider disabling the Plugin mechanism until a patch is...

9.8CVSS7.2AI score0.04541EPSS
Exploits1References11
Rows per page
Query Builder