Lucene search
K

1054 matches found

EUVD
EUVD
added 2026/04/06 5:33 p.m.9 views

EUVD-2026-19412

Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...

8.8CVSS5.9AI score0.00708EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 5:33 p.m.3 views

CVE-2026-35164

Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...

8.8CVSS5.9AI score0.00708EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/06 5:33 p.m.20 views

CVE-2026-35164 Brave CMS Sffected by Unrestricted File Upload via CKEditor Endpoint

Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...

8.8CVSS0.00708EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 5:33 p.m.3 views

CVE-2026-35164 Brave CMS Sffected by Unrestricted File Upload via CKEditor Endpoint

Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...

8.8CVSS5.9AI score0.00708EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 5:33 p.m.14 views

CVE-2026-35164

CVE-2026-35164 affects Brave CMS prior to 2.0.6. An unrestricted file upload vulnerability exists in the CKEditor upload endpoint, specifically in app/Http/Controllers/Dashboard/CkEditorController.php (ckupload method). The vulnerability allows an authenticated user to bypass file type validation...

8.8CVSS5.9AI score0.00708EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/06 5:25 p.m.40 views

CVE-2026-35047 Brave CMS has Unrestricted File Upload in BraveCMS via CKEditor Endpoint

Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution RCE on the server, potentially resulting in full system compromise,...

9.3CVSS0.00554EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/06 5:25 p.m.13 views

EUVD-2026-19392

Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution RCE on the server, potentially resulting in full system compromise,...

9.3CVSS6.1AI score0.00554EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/06 5:25 p.m.2 views

CVE-2026-35047 Brave CMS has Unrestricted File Upload in BraveCMS via CKEditor Endpoint

Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution RCE on the server, potentially resulting in full system compromise,...

9.3CVSS6.1AI score0.00554EPSS
Exploits0References3
CVE
CVE
added 2026/04/06 5:25 p.m.20 views

CVE-2026-35047

Brave CMS (open-source) is affected by an Unrestricted File Upload in the CKEditor endpoint prior to version 2.0.6. The vulnerability allows uploading arbitrary files, including executable scripts, which can lead to Remote Code Execution on the server and potentially full system compromise, data ...

9.8CVSS6.1AI score0.00554EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.9 views

Brave CMS 代码问题漏洞

Brave CMS is a blog and news content management system developed by Razvan Zamfir, based on Laravel. Versions of Brave CMS prior to 2.0.6 had code vulnerabilities; these vulnerabilities stemmed from unrestricted file uploads via the CKEditor endpoint, which could lead to remote code execution...

9.8CVSS6.2AI score0.00554EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.10 views

Brave CMS 代码问题漏洞

Brave CMS is a blog and news content management system developed by Razvan Zamfir, based on Laravel. Versions of Brave CMS prior to 2.0.6 contained code vulnerabilities. These vulnerabilities stemmed from the CKEditor upload feature not verifying file types, which could lead to remote code...

8.8CVSS6.2AI score0.00708EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.9 views

PT-2026-30686

Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution RCE on the server, potentially resulting in full system compromise,...

9.3CVSS6.1AI score0.00554EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.11 views

PT-2026-30688

Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...

8.8CVSS5.9AI score0.00708EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/03/31 11:2 p.m.9 views

org.webjars.npm:angular-tree-component (>=3.2.3 <=3.7.2), org.webjars.npm:chevrotain (>=11.0.3 <=11.1.2) +72 more potentially affected by CVE-2025-13465 +1 more via org.webjars.npm:lodash-es (>=4.17.21 <=4.17.4)

org.webjars.npm:lodash-es MAVEN version =4.17.21, =3.2.3, =11.0.3, =11.0.3, =11.0.3, =39.0.1, =39.0.1, =39.0.1, =39.0.1, =39.0.1, =39.0.1, =39.0.1, =44.1.0, =39.0.1, =44.3.0 and more Source cves: CVE-2025-13465, CVE-2026-2950 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15869624...

8.2CVSS6.4AI score0.01535EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/18 5:26 p.m.7 views

@ckeditor/ckeditor-cloud-services-collaboration (>=23.0.0 <=29.0.0), @ckeditor/ckeditor5-real-time-collaboration (>=29.1.0 <=33.0.0) +2 more potentially affected by CVE-2026-33151 via socket.io-parser (=3.4.1)

socket.io-parser NPM version =3.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on socket.io-parser and may be impacted: - @ckeditor/ckeditor-cloud-services-collaboration =23.0.0, =29.1.0, =29.0.0, =1.5.3, =2.1.0 Source cves: CVE-2026-33151 Source...

8.7CVSS5.8AI score0.00514EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/17 3:5 p.m.8 views

@ckeditor/ckeditor-cloud-services-collaboration (>=23.0.0 <=29.0.0), @ckeditor/ckeditor5-real-time-collaboration (>=29.1.0 <=33.0.0) +2 more potentially affected by CVE-2026-33151 via socket.io-parser (=3.4.1)

socket.io-parser NPM version =3.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on socket.io-parser and may be impacted: - @ckeditor/ckeditor-cloud-services-collaboration =23.0.0, =29.1.0, =29.0.0, =1.5.3, =2.1.0 Source cves: CVE-2026-33151 Source...

8.7CVSS5.8AI score0.00514EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/12 12:0 a.m.4 views

CKEditor < 47.6.0 XSS

The version of CKEditor included on the remote web host prior to 47.6.0. It may, therefore, be affected by a cross-site scripting XSS vulnerability. - CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Prior to version 47.6.0, a cross-site scripting XSS vulnerability has...

6.4CVSS5.7AI score0.00268EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/09 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-28343

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS...

6.4CVSS5.1AI score0.00268EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/05 9:49 p.m.9 views

CVE-2026-28343

A flaw was found in CKEditor. This cross-site scripting XSS vulnerability in the General HTML Support feature allows an attacker to execute unauthorized JavaScript code. This can occur by inserting specially crafted markup if the editor instance is configured with unsafe General HTML Support...

6.4CVSS5.8AI score0.00268EPSS
Exploits0References2
NVD
NVD
added 2026/03/05 8:16 p.m.17 views

CVE-2026-28343

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...

6.4CVSS0.00268EPSS
Exploits0References3
Rows per page
Query Builder