Vulnerabilities > Cerebrate Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-05 | CVE-2023-41908 | Missing Authorization vulnerability in Cerebrate-Project Cerebrate Cerebrate before 1.15 lacks the Secure attribute for the session cookie. | 5.3 |
| 2023-08-29 | CVE-2023-41363 | Unspecified vulnerability in Cerebrate-Project Cerebrate 1.14 In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users. | 4.3 |
| 2023-03-27 | CVE-2023-28883 | SQL Injection vulnerability in Cerebrate-Project Cerebrate 1.13 In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint. | 9.8 |
| 2023-02-24 | CVE-2023-26468 | Unspecified vulnerability in Cerebrate-Project Cerebrate 1.12 Cerebrate 1.12 does not properly consider organisation_id during creation of API keys. | 9.1 |
| 2022-02-18 | CVE-2022-25317 | Cross-site Scripting vulnerability in Cerebrate-Project Cerebrate An issue was discovered in Cerebrate through 1.4. | 6.1 |
| 2022-02-18 | CVE-2022-25318 | Incorrect Authorization vulnerability in Cerebrate-Project Cerebrate An issue was discovered in Cerebrate through 1.4. | 4.3 |
| 2022-02-18 | CVE-2022-25319 | Unspecified vulnerability in Cerebrate-Project Cerebrate An issue was discovered in Cerebrate through 1.4. | 5.3 |
| 2022-02-18 | CVE-2022-25320 | Unspecified vulnerability in Cerebrate-Project Cerebrate An issue was discovered in Cerebrate through 1.4. | 5.3 |
| 2022-02-18 | CVE-2022-25321 | Cross-site Scripting vulnerability in Cerebrate-Project Cerebrate An issue was discovered in Cerebrate through 1.4. | 6.1 |