Vvvebjs

vvvebjs

Vendor: Vvveb • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-27480 1Vvveb 1Vvvebjs Jan 2, 2026 Dec 29, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 givanz VvvebJs 1.7.2 is vulnerable to Insecure File Upload.
CVE-2024-25183 1Vvveb 1Vvvebjs Jan 2, 2026 Dec 29, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php.
CVE-2024-25182 1Vvveb 1Vvvebjs Jan 2, 2026 Dec 29, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php.
CVE-2024-25181 1Vvveb 1Vvvebjs Jan 7, 2026 Dec 29, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery (SSRF) and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs...Show more A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery (SSRF) and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "file_get_contents" function within the "save.php" file.Show less
CVE-2025-8522 1Vvveb 1Vvvebjs Apr 29, 2026 Aug 4, 2025 1.3 LOW· v4 5.0 MEDIUM· v3 4.6 MEDIUM· v2 A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Affected is an unknown function of the file /save.php of the component node.js. The manipulation of the argument File leads to p...Show more A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Affected is an unknown function of the file /save.php of the component node.js. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-29272 1Vvveb 1Vvvebjs May 28, 2025 Mar 22, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php.
CVE-2024-29271 1Vvveb 1Vvvebjs May 28, 2025 Mar 22, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php.