77 matches found
CVE-2025-0741
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to write messages into other users chat by changing the parameter "chatid" of the POST request "/embedai/chats/sendmessage"...
CVE-2025-0740
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the “CHATID” of the endpoint "/embedai/chats/loadmessages?chatid="...
CVE-2025-0739
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing the "SUSCBRIPTIONID" param of the endpoint "/demos/embedai/subscriptions/show/"...
CVE-2025-0742 Improper Access Control vulnerability in EmbedAI
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain files stored by others users by changing the "FILEID" of the endpoint "/embedai/files/show/"...
CVE-2025-0742
CVE-2025-0742 describes an Improper Access Control vulnerability in EmbedAI 2.1 and earlier. An authenticated attacker can access other users’ files by altering the FILE_ID in the endpoint /embedai/files/show/, exposing confidential data and reducing confidentiality. Reported impact in sources in...
CVE-2025-0742 Improper Access Control vulnerability in EmbedAI
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain files stored by others users by changing the "FILEID" of the endpoint "/embedai/files/show/"...
CVE-2025-0741 Improper Access Control vulnerability in EmbedAI
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to write messages into other users chat by changing the parameter "chatid" of the POST request "/embedai/chats/sendmessage"...
CVE-2025-0741
EmbedAI versions 2.1 and below are affected by an improper access control vulnerability that lets an authenticated attacker write messages into other users’ chats by altering the chat_id parameter in the POST /embedai/chats/send_message endpoint. Affected component: EmbedAI chat messages API. Roo...
CVE-2025-0741 Improper Access Control vulnerability in EmbedAI
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to write messages into other users chat by changing the parameter "chatid" of the POST request "/embedai/chats/sendmessage"...
CVE-2025-0740 Improper Access Control vulnerability in EmbedAI
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the “CHATID” of the endpoint "/embedai/chats/loadmessages?chatid="...
CVE-2025-0740 Improper Access Control vulnerability in EmbedAI
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the “CHATID” of the endpoint "/embedai/chats/loadmessages?chatid="...
CVE-2025-0740
CVE-2025-0740 concerns an improper access control in EmbedAI (versions 2.1 and below). An authenticated attacker can access other users’ chat messages by altering the chat_id parameter in the endpoint /embedai/chats/load_messages?chat_id=. Documents consistently describe the vulnerability as an a...
CVE-2025-0739 Improper Access Control vulnerability in EmbedAI
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing the "SUSCBRIPTIONID" param of the endpoint "/demos/embedai/subscriptions/show/"...
CVE-2025-0739
CVE-2025-0739 affects EmbedAI 2.1 and earlier. The issue is an improper access control that allows an authenticated attacker to disclose subscription information of other users by altering the SUSCBRIPTION_ID parameter in the endpoint /demos/embedai/subscriptions/show/. Affected component: the /d...
CVE-2025-0739 Improper Access Control vulnerability in EmbedAI
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing the "SUSCBRIPTIONID" param of the endpoint "/demos/embedai/subscriptions/show/"...
PT-2025-4033 · Embedai · Embedai
Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and below Description: An Improper Access Control issue has been found, allowing an authenticated attacker to change their subscription plan without paying. This is achieved by making a POST request to the...
PT-2025-4034 · Embedai · Embedai
Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and earlier Description: An issue with inadequate access control has been identified, allowing an authenticated attacker to obtain database backups by requesting the "/embedai/app/uploads/database/" endpoint. This endpoin...
PT-2025-4032 · Embedai · Embedai
Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and earlier Description: A control access issue has been identified, allowing an authenticated attacker to exploit the "/embedai/visits/show/" endpoint to obtain information about visits made by other users. The informati...
PT-2025-4028 · Embedai · Embedai
Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and below Description: An Improper Access Control issue allows an authenticated attacker to show subscription's information of other users by modifying the SUSCBRIPTION ID parameter of the endpoint...
EmbedAI 访问控制错误漏洞
EmbedAI is a platform from EmbedAI that enables users to use their data to create AI chatbots powered by ChatGPT. An access control error vulnerability exists in EmbedAI version 2.1 and prior versions that stems from improper access control...