CVE-2026-41933
published 2026-05-14CVE-2026-41933: Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories…
PriorityP431medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.25%
15.8th percentile
Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such as admin asset paths, plugins, themes, and media folders to view filenames, file sizes, modification timestamps, and unrendered admin templates containing sensitive route maps.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| givanz | vvveb | < 1.0.8.3 | 1.0.8.3 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f8fj-4vvj-89gh: Vvveb before 1
ghsa_unreviewed·2026-05-14
CVE-2026-41933 [MEDIUM] CWE-548 GHSA-f8fj-4vvj-89gh: Vvveb before 1
Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such as admin asset paths, plugins, themes, and media folders to view filenames, file sizes, modification timestamps, and unrendered admin templates containing sensitive route maps.
VulDB
givanz Vvveb up to 1.0.8.2 Directory Listing exposure of information through directory listing
vuldb·2026-05-14·CVSS 6.9
CVE-2026-41933 [MEDIUM] givanz Vvveb up to 1.0.8.2 Directory Listing exposure of information through directory listing
A vulnerability classified as problematic has been found in givanz Vvveb up to 1.0.8.2. Affected is an unknown function of the component Directory Listing Handler. This manipulation causes exposure of information through directory listing.
This vulnerability is handled as CVE-2026-41933. The attack can be initiated remotely. There is not any exploit available.
It is recommended to upgrade the affected component.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-14
Published