CVE-2026-35183
- EPSS 0.03%
- Veröffentlicht 06.04.2026 19:11:28
- Zuletzt bearbeitet 14.04.2026 15:50:08
Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage metho...
CVE-2026-35182
- EPSS 0.04%
- Veröffentlicht 06.04.2026 19:10:28
- Zuletzt bearbeitet 14.04.2026 15:50:57
Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/{id} lacks the checkUserPermissions:assign-user-roles mid...
CVE-2026-35164
- EPSS 0.23%
- Veröffentlicht 06.04.2026 17:33:33
- Zuletzt bearbeitet 14.04.2026 15:51:15
Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails ...
CVE-2026-35047
- EPSS 0.33%
- Veröffentlicht 06.04.2026 17:25:39
- Zuletzt bearbeitet 10.04.2026 18:30:16
Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution (RCE) on the server, ...