106 matches found
CVE-2025-66385
UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...
EUVD-2025-199868
UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...
CVE-2025-66385
CVE-2025-66385 affects Cerebrate prior to version 1.30. The issue arises in UsersController::edit where an authenticated, non-privileged user can escalate privileges by supplying or modifying role_id or organisation_id in the user-edit endpoint. Affected is the ability to obtain higher roles (e.g...
CVE-2025-66385
UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...
CVE-2025-66385
UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...
PT-2025-48317
Name of the Vulnerable Software and Affected Versions Cerebrate versions prior to 1.30 Description The UsersController::edit function in Cerebrate allows an authenticated, non-privileged user to escalate their privileges, potentially obtaining a higher role such as administrator. This is achieved...
Cerebrate 安全漏洞
Cerebrate is an open source platform from Cerebrate Open Source. Designed to act as an interconnect coordinator for trusted contact information providers and other security tools. A security vulnerability exists in versions of Cerebrate prior to 1.30, which stems from the possibility that an...
EUVD-2023-30287
Malicious code in bioql PyPI...
EUVD-2023-32503
Malicious code in bioql PyPI...
EUVD-2022-30000
Malicious code in bioql PyPI...
EUVD-2023-45866
Malicious code in bioql PyPI...
EUVD-2022-30001
Malicious code in bioql PyPI...
CVE-2023-26468
Cerebrate 1.12 does not properly consider organisationid during creation of API keys...
CVE-2023-41363
In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users...
CVE-2023-41908
Cerebrate before 1.15 lacks the Secure attribute for the session cookie...
CVE-2023-28883
In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint...
CVE-2022-25321
An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component...
CVE-2022-25317
An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description...
CVE-2022-25320
An issue was discovered in Cerebrate through 1.4. Username enumeration could occur...
CVE-2022-29532
An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it...