CVE-2022-43781

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...

CVE-2022-29172

Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before 11.33.0, when the “additional signup fields” feature is configured, a malicious actor can inject invalidated HTML code...

CVE-2022-29727

Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting XSS vulnerability in the Signup parameter...

CVE-2022-3735

A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability...

CVE-2021-43441

An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form...

CVE-2021-4402

The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the muaddrolesinsignupmeta and muaddrolesinsignupmetarecently functions. This makes it possible for unauthenticated...

CVE-2021-39138

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to signup users and also allow users to login anonymously. Prior to version 4.5.1, when an anonymous user is first signed up using REST, the server creates sessi...

CVE-2020-29205

XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field...

CVE-2020-21180

Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page...

CVE-2018-21252

An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups...

CVE-2005-4712

CRLF injection vulnerability in processsignup.php in PHP Handicapper allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the login parameter. NOTE: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well...

CVE-2025-4456

A vulnerability classified as critical has been found in Project Worlds Car Rental Project 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to t...

Projectworlds Car Rental Project 注入漏洞

Projectworlds Car Rental Project is a car rental project by Projectworlds India. An injection vulnerability exists in Projectworlds Car Rental Project version 1.0, which stems from the mishandling of the fname parameter in the /signup.php file, which could lead to an SQL injection attack...

CVE-2025-32378 Shopware's default newsletter opt-in settings allow for mass sign-up abuse

Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registere...

CVE-2025-3151

A vulnerability was found in SourceCodester Gym Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /signup.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit ha...

Cross-Site Request Forgery (CSRF)

mlflow is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to lack of proper protection mechanisms in the Signup feature, allowing an attacker to craft malicious requests to create an account and perform unauthorized actions...

Cross-site Request Forgery (CSRF)

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the Signup feature. An...

GHSA-969W-GQQR-G6J3 MLflow Cross-Site Request Forgery (CSRF) vulnerability

A Cross-Site Request Forgery CSRF vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user...

CVE-2025-27102 Agate vulnerable to HTML injection in user signup - Administrator phishing risk

Agate is central authentication server software for OBiBa epidemiology applications. Prior to version 3.3.0, when registering for an Agate account, arbitrary HTML code can be injected into a user's first and last name. This HTML is then rendered in the email sent to administrative users. The Agat...

CVE-2025-27102 Agate vulnerable to HTML injection in user signup - Administrator phishing risk

Agate is central authentication server software for OBiBa epidemiology applications. Prior to version 3.3.0, when registering for an Agate account, arbitrary HTML code can be injected into a user's first and last name. This HTML is then rendered in the email sent to administrative users. The Agat...