Lucene search
K

632 matches found

Vulnrichment
Vulnrichment
added 2026/04/06 7:10 p.m.4 views

CVE-2026-35182 Missing Authorization Privilege Escalation

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 7:10 p.m.13 views

CVE-2026-35182

Brave CMS (open-source) before version 2.0.6 contains a missing authorization check in the POST /rights/update-role/{id} endpoint (routes/web.php). The update-role action lacked the checkUserPermissions:assign-user-roles middleware, allowing any authenticated user to change account roles and prom...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/04/06 6:16 p.m.8 views

CVE-2026-35164

Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...

8.8CVSS0.00708EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/06 5:33 p.m.9 views

EUVD-2026-19412

Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...

8.8CVSS5.9AI score0.00708EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 5:33 p.m.3 views

CVE-2026-35164

Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...

8.8CVSS5.9AI score0.00708EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/06 5:33 p.m.3 views

CVE-2026-35164 Brave CMS Sffected by Unrestricted File Upload via CKEditor Endpoint

Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...

8.8CVSS5.9AI score0.00708EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 5:33 p.m.14 views

CVE-2026-35164

CVE-2026-35164 affects Brave CMS prior to 2.0.6. An unrestricted file upload vulnerability exists in the CKEditor upload endpoint, specifically in app/Http/Controllers/Dashboard/CkEditorController.php (ckupload method). The vulnerability allows an authenticated user to bypass file type validation...

8.8CVSS5.9AI score0.00708EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/06 5:33 p.m.21 views

CVE-2026-35164 Brave CMS Sffected by Unrestricted File Upload via CKEditor Endpoint

Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...

8.8CVSS0.00708EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/06 5:25 p.m.40 views

CVE-2026-35047 Brave CMS has Unrestricted File Upload in BraveCMS via CKEditor Endpoint

Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution RCE on the server, potentially resulting in full system compromise,...

9.3CVSS0.00554EPSS
Exploits0References3
CVE
CVE
added 2026/04/06 5:25 p.m.20 views

CVE-2026-35047

Brave CMS (open-source) is affected by an Unrestricted File Upload in the CKEditor endpoint prior to version 2.0.6. The vulnerability allows uploading arbitrary files, including executable scripts, which can lead to Remote Code Execution on the server and potentially full system compromise, data ...

9.8CVSS6.1AI score0.00554EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/06 5:25 p.m.13 views

EUVD-2026-19392

Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution RCE on the server, potentially resulting in full system compromise,...

9.3CVSS6.1AI score0.00554EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/06 5:25 p.m.2 views

CVE-2026-35047 Brave CMS has Unrestricted File Upload in BraveCMS via CKEditor Endpoint

Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution RCE on the server, potentially resulting in full system compromise,...

9.3CVSS6.1AI score0.00554EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.12 views

Brave CMS 安全漏洞

Brave CMS is a blog and news content management system developed by Razvan Zamfir. Versions of Brave CMS prior to 2.0.6 contained security vulnerabilities. These vulnerabilities stemmed from insufficient authorization checks during role updates, which could allow any authenticated user to escalat...

8.8CVSS5.8AI score0.00336EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.11 views

PT-2026-30715

Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference IDOR vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a filename from the URL b...

7.1CVSS5.9AI score0.00201EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.9 views

Brave CMS 代码问题漏洞

Brave CMS is a blog and news content management system developed by Razvan Zamfir, based on Laravel. Versions of Brave CMS prior to 2.0.6 had code vulnerabilities; these vulnerabilities stemmed from unrestricted file uploads via the CKEditor endpoint, which could lead to remote code execution...

9.8CVSS6.2AI score0.00554EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.9 views

PT-2026-30686

Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution RCE on the server, potentially resulting in full system compromise,...

9.3CVSS6.1AI score0.00554EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.10 views

Brave CMS 安全漏洞

Brave CMS is a blog and news content management system developed by Razvan Zamfir. Versions of Brave CMS prior to 2.0.6 contained security vulnerabilities. These vulnerabilities stemmed from an insecure direct object reference in the article image deletion function, which could allow authenticate...

7.1CVSS5.8AI score0.00201EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.6 views

PT-2026-30714

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.10 views

Brave CMS 代码问题漏洞

Brave CMS is a blog and news content management system developed by Razvan Zamfir, based on Laravel. Versions of Brave CMS prior to 2.0.6 contained code vulnerabilities. These vulnerabilities stemmed from the CKEditor upload feature not verifying file types, which could lead to remote code...

8.8CVSS6.2AI score0.00708EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.11 views

PT-2026-30688

Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...

8.8CVSS5.9AI score0.00708EPSS
Exploits1References2
Rows per page
Query Builder