CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0846 |
Description: A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/AdminLogin.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in 1000 Projects Employee Task Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/AdminLogin.php. Dank Manipulation des Arguments email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 0.16%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0834 |
Description: Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. This vulnerability could allow an attacker to escalate privileges by replacing the binary ‘C:\ProgramData\Wondershare\wsServices\ElevationService.exe’ with a malicious binary. This binary will be executed by SYSTEM automatically.
CVSS: HIGH (7.8) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0747 |
Description: A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. This vulnerability allows an authenticated attacker to inject a malicious JavaScript code into a message that will be executed when a user opens the chat.
CVSS: HIGH (8.6) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0746 |
Description: A Reflected Cross-Site Scripting vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to craft a malicious URL leveraging the"/embedai/users/show/" endpoint to inject the malicious JavaScript code. This JavaScript code will be executed when a user opens the malicious URL.
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0745 |
Description: An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai/app/uploads/database/" endpoint.
CVSS: HIGH (7.5) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0744 |
Description: an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker change his subscription plan without paying by making a POST request changing the parameters of the "/demos/embedai/pmt_cash_on_delivery/pay" endpoint.
CVSS: HIGH (7.5) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0743 |
Description: An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to leverage the endpoint "/embedai/visits/show/" to obtain information about the visits made by other users. The information provided by this endpoint includes IP address, userAgent and location of the user that visited the web page.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0742 |
Description: An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain files stored by others users by changing the "FILE_ID" of the endpoint "/embedai/files/show/".
CVSS: MEDIUM (5.8) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0741 |
Description: An Improper Access Control vulnerability has been found in EmbedAI
2.1 and below. This vulnerability allows an authenticated attacker to write messages into other users chat by changing the parameter "chat_id" of the POST request "/embedai/chats/send_message".
CVSS: MEDIUM (5.8) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0740 |
Description: An Improper Access Control vulnerability has been found in EmbedAI
2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the “CHAT_ID” of the endpoint "/embedai/chats/load_messages?chat_id=".
CVSS: HIGH (8.6) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|