Ajax30 Bravecms-2.0
6 CVEs affecting Ajax30 Bravecms-2.0. Latest disclosed: 2026-05-08. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-35182 | High | 8.8 | 2026-04-06 | Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The P… |
CVE-2026-35164 | High | 8.8 | 2026-04-06 | Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http… |
CVE-2026-41524 | High | 8.7 | 2026-05-08 | Brave CMS is an open-source CMS. Prior to commit 6c56603, page and article body content entered through the CKEditor rich-text editor is stored verbatim in the… |
CVE-2026-41576 | High | 7.1 | 2026-05-08 | Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible (no authentication required). User-supplied message text is p… |
CVE-2026-35183 | High | 7.1 | 2026-04-06 | Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the article image deletion feature. It is l… |
CVE-2026-35047 | | 2026-04-06 | Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files… |