25 matches found
EUVD-2025-1848
Malicious code in bioql PyPI...
EUVD-2025-1844
Malicious code in bioql PyPI...
EUVD-2025-1850
Malicious code in bioql PyPI...
CVE-2025-0746
A Reflected Cross-Site Scripting vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to craft a malicious URL leveraging the"/embedai/users/show/" endpoint to inject the malicious JavaScript code. This JavaScript code will be executed when a...
CVE-2025-0747
A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. This vulnerability allows an authenticated attacker to inject a malicious JavaScript code into a message that will be executed when a user opens the chat...
CVE-2025-0742
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain files stored by others users by changing the "FILEID" of the endpoint "/embedai/files/show/"...
CVE-2025-0743
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to leverage the endpoint "/embedai/visits/show/" to obtain information about the visits made by other users. The information provided by this endpoint includes IP...
CVE-2025-0745
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai/app/uploads/database/" endpoint...
CVE-2025-0745
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai/app/uploads/database/" endpoint...
CVE-2025-0747 Stored Cross-Site vulnerability in EmbedAI
A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. This vulnerability allows an authenticated attacker to inject a malicious JavaScript code into a message that will be executed when a user opens the chat...
CVE-2025-0747
CVE-2025-0747 concerns a stored cross-site scripting vulnerability in EmbedAI. According to the sources, an authenticated attacker can inject malicious JavaScript into a chat message, which is executed when a user opens the chat. Documents from NVD/CVE lists describe the vulnerability and impact ...
CVE-2025-0746
CVE-2025-0746 concerns EmbedAI (≤2.1). A reflected XSS flaw exists in the /embedai/users/show/ endpoint, enabling an authenticated attacker to craft a malicious URL that injects JavaScript executed when the target user opens it. Affected products: EmbedAI versions 2.1 and earlier. The provided so...
CVE-2025-0746 Reflected Cross-Site Scripting vulnerability in EmbedAI
A Reflected Cross-Site Scripting vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to craft a malicious URL leveraging the"/embedai/users/show/" endpoint to inject the malicious JavaScript code. This JavaScript code will be executed when a...
CVE-2025-0746 Reflected Cross-Site Scripting vulnerability in EmbedAI
A Reflected Cross-Site Scripting vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to craft a malicious URL leveraging the"/embedai/users/show/" endpoint to inject the malicious JavaScript code. This JavaScript code will be executed when a...
CVE-2025-0745
CVE-2025-0745 affects EmbedAI 2.1 and earlier. The issue is inadequate access control that allows an authenticated attacker to retrieve database backups by requesting the endpoint /embedai/app/uploads/database/. This can lead to exposure of sensitive data stored in backups. The connected PT-2025-...
CVE-2025-0745 Improper Access Control vulnerability in EmbedAI
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai/app/uploads/database/" endpoint...
CVE-2025-0744 Improper Access Control vulnerability in EmbedAI
an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker change his subscription plan without paying by making a POST request changing the parameters of the "/demos/embedai/pmtcashondelivery/pay" endpoint...
CVE-2025-0744 Improper Access Control vulnerability in EmbedAI
an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker change his subscription plan without paying by making a POST request changing the parameters of the "/demos/embedai/pmtcashondelivery/pay" endpoint...
CVE-2025-0744
EmbedAI, version 2.1 and earlier, is exposed to an Improper Access Control vulnerability. An authenticated attacker can change their subscription plan without paying by issuing a POST to the payment endpoint (/demos/embedai/pmt_cash_on_delivery/pay or with spacing as described in sources). Root c...
CVE-2025-0743 Improper Access Control vulnerability in EmbedAI
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to leverage the endpoint "/embedai/visits/show/" to obtain information about the visits made by other users. The information provided by this endpoint includes IP...