VYPR
Vendor

EmbedAI

Products
1
CVEs
10
Across products
10
Status
Private

Products

1

Recent CVEs

10
  • CVE-2025-0747HigJan 30, 2025
    risk 0.56cvss 8.6epss 0.00

    A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. This vulnerability allows an authenticated attacker to inject a malicious JavaScript code into a message that will be executed when a user opens the chat.

  • CVE-2025-0740HigJan 30, 2025
    risk 0.56cvss 8.6epss 0.00

    An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the “CHAT_ID” of the endpoint "/embedai/chats/load_messages?chat_id=<CHAT_ID>".

  • CVE-2025-0739HigJan 30, 2025
    risk 0.56cvss 8.6epss 0.00

    An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing the "SUSCBRIPTION_ID" param of the endpoint "/demos/embedai/subscriptions/show/<SUS…

  • CVE-2025-0745HigJan 30, 2025
    risk 0.49cvss 7.5epss 0.00

    An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai/app/uploads/database/<SQL_FILE>" endpoint.

  • CVE-2025-0744HigJan 30, 2025
    risk 0.49cvss 7.5epss 0.00

    an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker change his subscription plan without paying by making a POST request changing the parameters of the "/demos/embedai/pmt_cash_on_delivery/pay"…

  • CVE-2024-5185HigMay 29, 2024
    risk 0.47cvss 7.3epss 0.00

    The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result in the application becoming compromised, leading to unauthorized entries or data poisoning attacks, which are delivered by a CSRF vulnerability due to the…

  • CVE-2025-0746MedJan 30, 2025
    risk 0.40cvss 6.1epss 0.00

    A Reflected Cross-Site Scripting vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to craft a malicious URL leveraging the"/embedai/users/show/" endpoint to inject the malicious JavaScript code. This JavaScript…

  • CVE-2025-0742MedJan 30, 2025
    risk 0.38cvss 5.8epss 0.00

    An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain files stored by others users by changing the "FILE_ID" of the endpoint "/embedai/files/show/<FILE_ID>".

  • CVE-2025-0741MedJan 30, 2025
    risk 0.38cvss 5.8epss 0.00

    An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to write messages into other users chat by changing the parameter "chat_id" of the POST request "/embedai/chats/send_message".

  • CVE-2025-0743MedJan 30, 2025
    risk 0.34cvss 5.3epss 0.00

    An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to leverage the endpoint "/embedai/visits/show/<VISIT_ID>" to obtain information about the visits made by other users. The information provided…