Every CVE whose affected-product data names Ajax30 Bravecms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2026-35047 — CVSS 9.8 (critical): Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to…
CVE-2026-35164 — CVSS 8.8 (high): Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It…
CVE-2026-35182 — CVSS 8.8 (high): Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at…
CVE-2026-35183 — CVSS 7.1 (high): Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the article image…