CVE-2026-53912 is a medium-severity vulnerability (CVSS Score: 5.1) affecting Cerebrate versions prior to 1.37. The issue involves the self-registration workflow, which stored hashed passwords in inbox message data payloads. These payloads were returned unredacted through various outputs and written to audit log entries. An authenticated user with sufficient privileges could retrieve password hashes assoc [truncated]
CVE-2026-53911 is a medium-severity vulnerability in Cerebrate, a software application, that allows an authenticated attacker to modify records due to a mass-assignment issue. The vulnerability has a CVSS score of 6.3 and was published on 2026-06-11T10:16:21.757Z. The issue was fixed in Cerebrate version 1.37.
CVE-2026-53901 is a high-severity vulnerability in Cerebrate, a mass-assignment issue allowing attackers to create objects with chosen identifiers. The vulnerability exists in the generic CRUD add path of Cerebrate before version 1.37. The add() handler attempted to remove an attacker-supplied id from $params before normalizing the request through __massageInput(). However, the normalized $input could sti [truncated]
