CVE-2026-55237

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions prior to 0.6.62 have a DOM-based Cross-Site Scripting XSS vulnerability in AutoGPT's signup page. The application improperly trusts a URL parameter next, which is...

CVE-2026-41932

Vvveb before 1.0.8.3 contains a stored cross-site scripting vulnerability in the customer signup flow where the Signup::addUser controller copies raw POST username values into the displayname field before sanitization occurs. Attackers can submit HTML and script markup in the username field durin...

PT-2026-39283

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.1.124 Description An improper authorization control exists where the API fails to validate if a user possesses an authorized role of user or admin. When the platform is configured to allow new sign-ups, new...

CVE-2026-34528

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin. The Execu...

CVE-2026-34528 File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin. The Execu...

GHSA-5GG9-5G7W-HM73 File Browser Signup Grants Admin When Default Permissions Include Admin

Summary Any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the default user permissions have perm.admin = true. The signup handler blindly applies all default settings - including Perm.Admin - to the new user without any...

Code-Projects Student Web Portal SQL注入漏洞

Code-Projects Student Web Portal is an open-source student portal developed by Code-Projects. Version 1.0 of Code-Projects Student Web Portal has a SQL injection vulnerability, which stems from the handling of the regpasswd parameter in the signup.php file, potentially leading to SQL injection...

CVE-2026-25956 Frappe Affected by XSS and Open Redirect in Sign Up

Frappe is a full-stack web application framework. Prior to 14.99.14 and 15.94.0, an attacker could craft a malicious signup URL for a frappe site which could lead to an open redirect or reflected XSS, depending on the crafted payload when a user signs up. This vulnerability is fixed in 14.99.14 a...

CVE-2026-25956

Frappe is a full-stack web application framework. Prior to 14.99.14 and 15.94.0, an attacker could craft a malicious signup URL for a frappe site which could lead to an open redirect or reflected XSS, depending on the crafted payload when a user signs up. This vulnerability is fixed in 14.99.14 a...

CVE_choco_2

DESCRIPTION - During the security assessment of "STUDENT WEB...

CVE-2021-47750 YouPHPTube <= 7.8 - Cross-Site Scripting

YouPHPTube = 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when they...

Restaurant Brands International assistant platform multiple vulnerabilities

RISK EVALUATION Restaurant Brands International assistant platform is used to manage restaurants owned by RBI. Multiple vulnerabilities were found in the assistant platform. The most severe vulnerabilities chained together could allow a remote, unauthenticated attacker to create an account and...

E-commerce 安全漏洞

E-commerce is a dynamic e-commerce website by the individual developer Bhabishya Ghimire. A security vulnerability exists in E-commerce version 1.0 that stems from the signup.inc.php endpoint not cleaning up user input, which could lead to SQL injection attacks and authentication bypass...

CVE-2025-11113 CodeAstro Online Leave Application signup.php sql injection

A vulnerability was detected in CodeAstro Online Leave Application 1.0. Affected is an unknown function of the file /signup.php. Performing manipulation of the argument city results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. Other parameters...

PHPGurukul Beauty Parlour Management System 安全漏洞

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally-entered SQL statements in t...

CVE-2025-9759 Campcodes/SourceCodester Courier Management System ajax.php signup sql injection

A security flaw has been discovered in Campcodes/SourceCodester Courier Management System 1.0. Affected by this issue is the function Signup of the file /ajax.php. Performing manipulation of the argument lastname results in sql injection. It is possible to initiate the attack remotely. The exploi...

CVE-2024-0773

A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. Affected by this vulnerability is an unknown functionality of the file pagesclientsignup.php. The manipulation of the argument Client Full Name leads to cross site scripting. The attack can be launched...

GHSA-969W-GQQR-G6J3 MLflow Cross-Site Request Forgery (CSRF) vulnerability

A Cross-Site Request Forgery CSRF vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user...

CVE-2024-54921

A SQL Injection was found in /studentsignup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and classid parameters...

CVE-2024-9039

A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=signup. The manipulation of the argument firstname/lastname/email leads to sql injection...