1033 matches found
CVE-2026-24780 AutoGPT is Vulnerable to RCE via Disabled Block Execution
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, AutoGPT Platform's block execution endpoints both main web API and external API allow executing blocks by UUID...
CVE-2021-47750
YouPHPTube = 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when they...
CVE-2021-47750
YouPHPTube = 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when they...
CVE-2021-47750 YouPHPTube <= 7.8 - Cross-Site Scripting
YouPHPTube = 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when they...
CVE-2021-47750 YouPHPTube <= 7.8 - Cross-Site Scripting
YouPHPTube = 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when they...
CVE-2021-47750
YouPHPTube versions up to 7.8 contain a cross-site scripting (XSS) vulnerability in the redirectUri parameter of the signup page, allowing an attacker to craft signups that execute arbitrary JavaScript in victims’ browsers. The root cause is improper handling of the redirectUri in the signup flow...
YouPHPTube 跨站脚本漏洞
YouPHPTube is a PHP-based video website system. A cross-site scripting vulnerability exists in YouPHPTube 7.8 and earlier versions, which stems from a cross-site scripting vulnerability in the redirectUri parameter in the signup page, which could lead to the execution of arbitrary JavaScript...
PT-2026-2359
Name of the Vulnerable Software and Affected Versions YouPHPTube versions prior to 7.9 Description The software contains a cross-site scripting issue that allows attackers to inject malicious scripts. This is achieved by manipulating the redirectUri parameter within the signup page. Successful...
CVE-2019-18933
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication e.g., GitHub or Google SSO in an organization that also allows password authentication could have their personal API key stolen by an...
CVE-2020-12870
RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page...
Siemens Ruggedcom ROX Improper Input Validation (CVE-2023-27043)
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...
CVE-2026-0643
A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The...
CVE-2026-0643
A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The...
CVE-2026-0643
A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The...
House Rental and Property Listing 安全漏洞
House Rental and Property Listing is a system developed in PHP, JavaScript, Bootstrap, CSS and MySQL database. It makes it easy for users to find the right house or property for rent. A security vulnerability exists in House Rental and Property Listing version 1.0, which stems from incorrect...
CVE-2026-0643 projectworlds House Rental and Property Listing Signup register.php unrestricted upload
A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The...
CVE-2026-0643
The connected PT-2026-1547 advisory confirms a vulnerability in projectworlds House Rental and Property Listing v1.0, specifically in the Signup component’s /app/register.php?action=reg endpoint. An attacker can manipulate the image parameter to cause unrestricted file upload, enabling remote exp...
PT-2026-1547
Name of the Vulnerable Software and Affected Versions projectworlds House Rental and Property Listing version 1.0 Description A flaw exists in projectworlds House Rental and Property Listing that allows for unrestricted file upload through manipulation of the image argument in the file...
EUVD-2025-205735
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Inboxify Inboxify Sign Up Form inboxify-sign-up-form allows Stored XSS.This issue affects Inboxify Sign Up Form: from n/a through = 1.0.4...
CVE-2025-68568
Missing Authorization vulnerability in Claspo Popup Builders Claspo – Popups, Spin the Wheel & Email Capture claspo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Claspo – Popups, Spin the Wheel & Email Capture: from n/a through = 1.0.7...