Filtered by vendor Thesamur
Subscriptions
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0739 | 1 Thesamur | 1 Embedai | 2025-10-10 | 8.6 High |
| An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing the "SUSCBRIPTION_ID" param of the endpoint "/demos/embedai/subscriptions/show/<SUSCBRIPTION_ID>". | ||||
| CVE-2025-0740 | 1 Thesamur | 1 Embedai | 2025-10-10 | 8.6 High |
| An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the “CHAT_ID” of the endpoint "/embedai/chats/load_messages?chat_id=<CHAT_ID>". | ||||
| CVE-2025-0741 | 1 Thesamur | 1 Embedai | 2025-10-10 | 5.8 Medium |
| An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to write messages into other users chat by changing the parameter "chat_id" of the POST request "/embedai/chats/send_message". | ||||
| CVE-2025-0742 | 1 Thesamur | 1 Embedai | 2025-10-08 | 5.8 Medium |
| An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain files stored by others users by changing the "FILE_ID" of the endpoint "/embedai/files/show/<FILE_ID>". | ||||
| CVE-2025-0743 | 1 Thesamur | 1 Embedai | 2025-10-08 | 5.3 Medium |
| An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to leverage the endpoint "/embedai/visits/show/<VISIT_ID>" to obtain information about the visits made by other users. The information provided by this endpoint includes IP address, userAgent and location of the user that visited the web page. | ||||
| CVE-2025-0744 | 1 Thesamur | 1 Embedai | 2025-10-08 | 7.5 High |
| an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker change his subscription plan without paying by making a POST request changing the parameters of the "/demos/embedai/pmt_cash_on_delivery/pay" endpoint. | ||||
| CVE-2025-0745 | 1 Thesamur | 1 Embedai | 2025-10-08 | 7.5 High |
| An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai/app/uploads/database/<SQL_FILE>" endpoint. | ||||
| CVE-2025-0746 | 1 Thesamur | 1 Embedai | 2025-10-08 | 6.1 Medium |
| A Reflected Cross-Site Scripting vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to craft a malicious URL leveraging the"/embedai/users/show/<SCRIPT>" endpoint to inject the malicious JavaScript code. This JavaScript code will be executed when a user opens the malicious URL. | ||||
| CVE-2025-0747 | 1 Thesamur | 1 Embedai | 2025-10-08 | 8.6 High |
| A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. This vulnerability allows an authenticated attacker to inject a malicious JavaScript code into a message that will be executed when a user opens the chat. | ||||
Page 1 of 1.