VYPR
Vendor

Ajax30

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2026-35182HigApr 6, 2026
    risk 0.57cvss 8.8epss 0.00

    Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/{id} lacks the checkUserPermissions:assign-user-roles middleware. This allows any…

  • CVE-2026-35164HigApr 6, 2026
    risk 0.57cvss 8.8epss 0.01

    Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file…

  • CVE-2026-35047CriApr 6, 2026
    risk 0.57cvss 9.8epss 0.01

    Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution (RCE) on the server, potentially resulting in full…

  • CVE-2026-35183HigApr 6, 2026
    risk 0.46cvss 7.1epss 0.00

    Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a…