632 matches found
CVE-2026-35182 Missing Authorization Privilege Escalation
Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...
CVE-2026-35182
Brave CMS (open-source) before version 2.0.6 contains a missing authorization check in the POST /rights/update-role/{id} endpoint (routes/web.php). The update-role action lacked the checkUserPermissions:assign-user-roles middleware, allowing any authenticated user to change account roles and prom...
CVE-2026-35164
Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...
EUVD-2026-19412
Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...
CVE-2026-35164
Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...
CVE-2026-35164 Brave CMS Sffected by Unrestricted File Upload via CKEditor Endpoint
Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...
CVE-2026-35164
CVE-2026-35164 affects Brave CMS prior to 2.0.6. An unrestricted file upload vulnerability exists in the CKEditor upload endpoint, specifically in app/Http/Controllers/Dashboard/CkEditorController.php (ckupload method). The vulnerability allows an authenticated user to bypass file type validation...
CVE-2026-35164 Brave CMS Sffected by Unrestricted File Upload via CKEditor Endpoint
Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...
CVE-2026-35047 Brave CMS has Unrestricted File Upload in BraveCMS via CKEditor Endpoint
Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution RCE on the server, potentially resulting in full system compromise,...
CVE-2026-35047
Brave CMS (open-source) is affected by an Unrestricted File Upload in the CKEditor endpoint prior to version 2.0.6. The vulnerability allows uploading arbitrary files, including executable scripts, which can lead to Remote Code Execution on the server and potentially full system compromise, data ...
EUVD-2026-19392
Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution RCE on the server, potentially resulting in full system compromise,...
CVE-2026-35047 Brave CMS has Unrestricted File Upload in BraveCMS via CKEditor Endpoint
Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution RCE on the server, potentially resulting in full system compromise,...
Brave CMS 安全漏洞
Brave CMS is a blog and news content management system developed by Razvan Zamfir. Versions of Brave CMS prior to 2.0.6 contained security vulnerabilities. These vulnerabilities stemmed from insufficient authorization checks during role updates, which could allow any authenticated user to escalat...
PT-2026-30715
Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference IDOR vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a filename from the URL b...
Brave CMS 代码问题漏洞
Brave CMS is a blog and news content management system developed by Razvan Zamfir, based on Laravel. Versions of Brave CMS prior to 2.0.6 had code vulnerabilities; these vulnerabilities stemmed from unrestricted file uploads via the CKEditor endpoint, which could lead to remote code execution...
PT-2026-30686
Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution RCE on the server, potentially resulting in full system compromise,...
Brave CMS 安全漏洞
Brave CMS is a blog and news content management system developed by Razvan Zamfir. Versions of Brave CMS prior to 2.0.6 contained security vulnerabilities. These vulnerabilities stemmed from an insecure direct object reference in the article image deletion function, which could allow authenticate...
PT-2026-30714
Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...
Brave CMS 代码问题漏洞
Brave CMS is a blog and news content management system developed by Razvan Zamfir, based on Laravel. Versions of Brave CMS prior to 2.0.6 contained code vulnerabilities. These vulnerabilities stemmed from the CKEditor upload feature not verifying file types, which could lead to remote code...
PT-2026-30688
Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...