{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81156?format=json","vulnerability_id":"VCID-zmcu-fsmj-1yhc","summary":"Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal error caused by a missing namespace import, which exposes the absolute server file path, internal class namespaces, line numbers, and source code excerpts through the debug exception handler rendered to unauthenticated requests.","aliases":[{"alias":"CVE-2026-41931"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41931","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11746","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41931"},{"reference_url":"https://github.com/givanz/Vvveb/releases/tag/1.0.8.2","reference_id":"1.0.8.2","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-06T19:40:49Z/"}],"url":"https://github.com/givanz/Vvveb/releases/tag/1.0.8.2"},{"reference_url":"https://github.com/givanz/Vvveb/security/advisories/GHSA-xgvg-r47g-786r","reference_id":"GHSA-xgvg-r47g-786r","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-06T19:40:49Z/"}],"url":"https://github.com/givanz/Vvveb/security/advisories/GHSA-xgvg-r47g-786r"},{"reference_url":"https://www.vulncheck.com/advisories/vvveb-information-disclosure-via-debug-exception-handler","reference_id":"vvveb-information-disclosure-via-debug-exception-handler","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-06T19:40:49Z/"}],"url":"https://www.vulncheck.com/advisories/vvveb-information-disclosure-via-debug-exception-handler"}],"weaknesses":[{"cwe_id":209,"name":"Generation of Error Message Containing Sensitive Information","description":"The product generates an error message that includes sensitive information about its environment, users, or associated data."},{"cwe_id":1188,"name":"Initialization of a Resource with an Insecure Default","description":"The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure."}],"exploits":[],"severity_range_score":"5.3 - 6.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zmcu-fsmj-1yhc"}