Lucene search
K

12 matches found

NVD
NVD
added 2026/06/11 10:16 a.m.12 views

CVE-2026-53911

Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...

6.3CVSS0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 7:31 a.m.30 views

CVE-2026-53901 Cerebrate before v1.37 allows mass assignment of record identifiers during object creation

Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add handler attempted to remove an attacker-supplied id from $params before normalizing the request through massageInput. Because the normalized $input could still contain an id field, a user...

8.7CVSS0.00312EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.13 views

Cerebrate 信息泄露漏洞

Cerebrate is an open-source platform developed by Cerebrate. It aims to act as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there was a vulnerability involving information leakage, which stemmed from exposing...

5.1CVSS5.3AI score0.00242EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.12 views

Cerebrate 输入验证错误漏洞

Cerebrate is an open-source platform developed by Cerebrate. It serves as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there was a vulnerability related to input validation errors. This vulnerability stemmed...

8.7CVSS5.3AI score0.00312EPSS
Exploits0References1
CVE
CVE
added 2025/11/28 12:0 a.m.15 views

CVE-2025-66385

CVE-2025-66385 affects Cerebrate prior to version 1.30. The issue arises in UsersController::edit where an authenticated, non-privileged user can escalate privileges by supplying or modifying role_id or organisation_id in the user-edit endpoint. Affected is the ability to obtain higher roles (e.g...

9.4CVSS6.6AI score0.00368EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/28 12:0 a.m.6 views

Cerebrate 安全漏洞

Cerebrate is an open source platform from Cerebrate Open Source. Designed to act as an interconnect coordinator for trusted contact information providers and other security tools. A security vulnerability exists in versions of Cerebrate prior to 1.30, which stems from the possibility that an...

9.4CVSS6.3AI score0.00368EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 4:35 a.m.7 views

CVE-2023-41363

In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users...

4.3CVSS6.6AI score0.00331EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 12:5 a.m.7 views

CVE-2022-25317

An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description...

6.1CVSS6AI score0.00617EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:5 a.m.5 views

CVE-2022-25320

An issue was discovered in Cerebrate through 1.4. Username enumeration could occur...

5.3CVSS6.9AI score0.00919EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:47 p.m.7 views

CVE-2022-25319

An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled...

5.3CVSS6.8AI score0.01307EPSS
Exploits1References1
NVD
NVD
added 2023/08/29 5:15 a.m.18 views

CVE-2023-41363

In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users...

4.3CVSS4.5AI score0.00331EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/02/18 12:0 a.m.4 views

Cerebrate 安全漏洞

Cerebrate is an open source platform. Designed to act as an interconnection orchestrator for trusted contact information providers and other security tools, a security vulnerability exists in Cerebrate 1.4 that stems from the fact that endpoints can be opened even if they are not enabled. No...

5.3CVSS5.6AI score0.01307EPSS
Exploits1References5
Rows per page
Query Builder