2 matches found
CVE-2025-0744
an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker change his subscription plan without paying by making a POST request changing the parameters of the "/demos/embedai/pmtcashondelivery/pay" endpoint...
PT-2025-4033 · Embedai · Embedai
Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and below Description: An Improper Access Control issue has been found, allowing an authenticated attacker to change their subscription plan without paying. This is achieved by making a POST request to the...