Lucene search
K

24 matches found

SUSE CVE
SUSE CVE
added 2026/03/05 6:54 a.m.7 views

SUSE CVE-2025-70963

Gophish =0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user's long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

7.6CVSS5.8AI score0.00267EPSS
Exploits1References3
OSV
OSV
added 2026/02/06 6:30 p.m.6 views

GHSA-9F8M-9547-2GQM Gophish is vulnerable to Incorrect Access Control

Gophish = 0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

8.5CVSS5.4AI score0.00267EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.11 views

PT-2026-6752

Name of the Vulnerable Software and Affected Versions Gophish versions prior to 0.12.1 Description The administrative dashboard reveals each user’s long-lived API key within the HTML and JavaScript code on every login. This exposes permanent API credentials to any script operating within the...

9.9CVSS5.5AI score0.27661EPSS
Exploits45References114
RedhatCVE
RedhatCVE
added 2026/01/09 9:50 a.m.7 views

CVE-2020-24711

The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack...

6.5CVSS6.7AI score0.01546EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:50 a.m.9 views

CVE-2020-24708

Cross Site Scripting XSS vulnerability in Gophish before 0.11.0 via the Host field on the send profile form...

5.4CVSS6AI score0.00617EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:49 a.m.9 views

CVE-2020-24710

Gophish before 0.11.0 allows SSRF attacks...

5.3CVSS6.8AI score0.01322EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:31 a.m.8 views

CVE-2019-16146

Gophish through 0.8.0 allows XSS via a username...

4.8CVSS5.7AI score0.00657EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-17424

Malware in sbrugna...

6.5CVSS6.5AI score0.01546EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-17421

Malware in sbrugna...

9.3CVSS7.6AI score0.01313EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-3349

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.01322EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-3612

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00358EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-0875

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00595EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 6:27 a.m.9 views

CVE-2024-55196

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...

7.5CVSS6.7AI score0.00358EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:15 a.m.8 views

CVE-2022-45003

Gophish through 0.12.1 allows attackers to cause a Denial of Service DoS via a crafted payload involving autofocus...

7.5CVSS6.6AI score0.01036EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:43 p.m.10 views

CVE-2022-45004

Gophish through 0.12.1 was discovered to contain a cross-site scripting XSS vulnerability via a crafted landing page...

6.1CVSS6AI score0.00595EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:21 p.m.9 views

CVE-2020-24712

Cross Site Scripting XSS vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page...

5.4CVSS6AI score0.00851EPSS
Exploits1
Veracode
Veracode
added 2025/01/07 6:17 a.m.10 views

Insufficiently Protected Credentials

GoPhish is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to improper handling of mail server credentials due to storing cleartext passwords for the configured IMAP and SMTP servers, exposing sensitive information to attackers...

7.5CVSS6.4AI score0.00358EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/19 12:0 a.m.11 views

CVE-2024-55196

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...

7.1AI score0.00358EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/19 12:0 a.m.45 views

CVE-2024-55196

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...

0.00358EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 11:15 a.m.6 views

CVE-2024-2211

Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu...

6.1CVSS5.9AI score
Exploits0References1
Rows per page
Query Builder