Lucene search
Cerebrate-projectCerebrate
4 matches found
CVE-2023-28883
In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint.
9.8CVSS9.7AI score0.00066EPSS
CVE-2023-26468
Cerebrate 1.12 does not properly consider organisation_id during creation of API keys.
9.1CVSS9.1AI score0.00094EPSS
CVE-2023-41363
In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users.
4.3CVSS4.4AI score0.00064EPSS
CVE-2023-41908
Cerebrate before 1.15 lacks the Secure attribute for the session cookie.
5.3CVSS5.3AI score0.00072EPSS