Vulnerabilities > Cerebrate Project > Cerebrate > 1.14
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-05 | CVE-2023-41908 | Missing Authorization vulnerability in Cerebrate-Project Cerebrate Cerebrate before 1.15 lacks the Secure attribute for the session cookie. | 5.3 |
| 2023-08-29 | CVE-2023-41363 | Unspecified vulnerability in Cerebrate-Project Cerebrate 1.14 In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users. | 4.3 |