Vulnerabilities > Cerebrate Project > Cerebrate > 1.13
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-05 | CVE-2023-41908 | Missing Authorization vulnerability in Cerebrate-Project Cerebrate Cerebrate before 1.15 lacks the Secure attribute for the session cookie. | 5.3 |
| 2023-03-27 | CVE-2023-28883 | SQL Injection vulnerability in Cerebrate-Project Cerebrate 1.13 In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint. | 9.8 |