12 matches found
CVE-2026-53911
Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...
CVE-2026-53901 Cerebrate before v1.37 allows mass assignment of record identifiers during object creation
Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add handler attempted to remove an attacker-supplied id from $params before normalizing the request through massageInput. Because the normalized $input could still contain an id field, a user...
Cerebrate 信息泄露漏洞
Cerebrate is an open-source platform developed by Cerebrate. It aims to act as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there was a vulnerability involving information leakage, which stemmed from exposing...
Cerebrate 输入验证错误漏洞
Cerebrate is an open-source platform developed by Cerebrate. It serves as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there was a vulnerability related to input validation errors. This vulnerability stemmed...
CVE-2025-66385
CVE-2025-66385 affects Cerebrate prior to version 1.30. The issue arises in UsersController::edit where an authenticated, non-privileged user can escalate privileges by supplying or modifying role_id or organisation_id in the user-edit endpoint. Affected is the ability to obtain higher roles (e.g...
Cerebrate 安全漏洞
Cerebrate is an open source platform from Cerebrate Open Source. Designed to act as an interconnect coordinator for trusted contact information providers and other security tools. A security vulnerability exists in versions of Cerebrate prior to 1.30, which stems from the possibility that an...
CVE-2023-41363
In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users...
CVE-2022-25317
An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description...
CVE-2022-25320
An issue was discovered in Cerebrate through 1.4. Username enumeration could occur...
CVE-2022-25319
An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled...
CVE-2023-41363
In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users...
Cerebrate 安全漏洞
Cerebrate is an open source platform. Designed to act as an interconnection orchestrator for trusted contact information providers and other security tools, a security vulnerability exists in Cerebrate 1.4 that stems from the fact that endpoints can be opened even if they are not enabled. No...