Cerebrate-project - Cerebrate CVE - OpenCVE

Filtered by vendor Cerebrate-project Subscriptions

Filtered by product Cerebrate Subscriptions

Total 9 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-28883	1 Cerebrate-project	1 Cerebrate	2024-01-09	9.8 Critical
In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint.
CVE-2022-25320	1 Cerebrate-project	1 Cerebrate	2023-12-21	5.3 Medium
An issue was discovered in Cerebrate through 1.4. Username enumeration could occur.
CVE-2022-25321	1 Cerebrate-project	1 Cerebrate	2023-12-21	6.1 Medium
An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component.
CVE-2022-25319	1 Cerebrate-project	1 Cerebrate	2023-12-21	5.3 Medium
An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled.
CVE-2022-25318	1 Cerebrate-project	1 Cerebrate	2023-11-03	4.3 Medium
An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups.
CVE-2022-25317	1 Cerebrate-project	1 Cerebrate	2023-09-28	6.1 Medium
An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.
CVE-2023-41908	1 Cerebrate-project	1 Cerebrate	2023-09-08	5.3 Medium
Cerebrate before 1.15 lacks the Secure attribute for the session cookie.
CVE-2023-41363	1 Cerebrate-project	1 Cerebrate	2023-08-31	4.3 Medium
In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users.
CVE-2023-26468	1 Cerebrate-project	1 Cerebrate	2023-03-03	9.1 Critical
Cerebrate 1.12 does not properly consider organisation_id during creation of API keys.

Page 1 of 1.