Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Positive Technologies
Positive Technologiesadded 2026/05/08 12:0 a.m.6 views

PT-2026-39138

Name of the Vulnerable Software and Affected Versions Brave CMS versions prior to commit 6c56603 Description Page and article body content entered through the CKEditor rich-text editor is stored verbatim in the database and rendered using Laravel Blade's unescaped output directive !! !!. This...

8.7CVSS5.8AI score0.00033EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/04/06 7:11 p.m.13 views

CVE-2026-35183 Brave CMS has an Insecure Direct Object Reference in Article Image Deletion

Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference IDOR vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a filename from the URL b...

7.1CVSS0.00039EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/06 7:10 p.m.1 views

EUVD-2026-19458

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS5.9AI score0.00043EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/04/06 12:0 a.m.2 views

PT-2026-30714

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS5.9AI score0.00043EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/04/06 12:0 a.m.4 views

Brave CMS 安全漏洞

Brave CMS is a blog and news content management system developed by Razvan Zamfir. Versions of Brave CMS prior to 2.0.6 contained security vulnerabilities. These vulnerabilities stemmed from insufficient authorization checks during role updates, which could allow any authenticated user to escalat...

8.8CVSS5.8AI score0.00043EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/04/06 12:0 a.m.0 views

PT-2026-30686

Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution RCE on the server, potentially resulting in full system compromise,...

9.3CVSS6.1AI score0.0036EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/04/06 12:0 a.m.3 views

Brave CMS 代码问题漏洞

Brave CMS is a blog and news content management system developed by Razvan Zamfir, based on Laravel. Versions of Brave CMS prior to 2.0.6 had code vulnerabilities; these vulnerabilities stemmed from unrestricted file uploads via the CKEditor endpoint, which could lead to remote code execution...

9.8CVSS6.2AI score0.0036EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/04/06 12:0 a.m.1 views

PT-2026-30715

Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference IDOR vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a filename from the URL b...

7.1CVSS5.9AI score0.00039EPSS
Exploits1References2
Rows per page
Query Builder