Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.4 views

CVE-2026-35182

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References1
NVD
NVD
added 2026/04/06 8:16 p.m.7 views

CVE-2026-35182

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS0.00336EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 7:10 p.m.2 views

CVE-2026-35182 Missing Authorization Privilege Escalation

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 7:10 p.m.3 views

CVE-2026-35182

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/06 7:10 p.m.12 views

CVE-2026-35182

Brave CMS (open-source) before version 2.0.6 contains a missing authorization check in the POST /rights/update-role/{id} endpoint (routes/web.php). The update-role action lacked the checkUserPermissions:assign-user-roles middleware, allowing any authenticated user to change account roles and prom...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/06 7:10 p.m.15 views

CVE-2026-35182 Missing Authorization Privilege Escalation

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS0.00336EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/06 7:10 p.m.4 views

EUVD-2026-19458

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.4 views

PT-2026-30714

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References2
Rows per page
Query Builder