CVE-2024-25181
- EPSS 0.07%
- Veröffentlicht 29.12.2025 00:00:00
- Zuletzt bearbeitet 07.01.2026 14:50:45
A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery (SSRF) and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "file_get_contents" fun...
CVE-2024-25183
- EPSS 1.03%
- Veröffentlicht 29.12.2025 00:00:00
- Zuletzt bearbeitet 02.01.2026 14:05:50
givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php.
CVE-2024-27480
- EPSS 0.11%
- Veröffentlicht 29.12.2025 00:00:00
- Zuletzt bearbeitet 02.01.2026 22:15:43
givanz VvvebJs 1.7.2 is vulnerable to Insecure File Upload.
CVE-2024-25182
- EPSS 0.11%
- Veröffentlicht 29.12.2025 00:00:00
- Zuletzt bearbeitet 02.01.2026 22:15:43
givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php.
- EPSS 0.08%
- Veröffentlicht 04.08.2025 19:02:05
- Zuletzt bearbeitet 27.08.2025 16:21:28
A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Affected is an unknown function of the file /save.php of the component node.js. The manipulation of the argument File leads to path traversal. It is possible ...
CVE-2024-29271
- EPSS 0.13%
- Veröffentlicht 22.03.2024 04:15:11
- Zuletzt bearbeitet 28.05.2025 18:44:18
Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php.
CVE-2024-29272
- EPSS 89.64%
- Veröffentlicht 22.03.2024 04:15:11
- Zuletzt bearbeitet 28.05.2025 19:00:50
Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php.