Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

155 matches found

SUSE CVE
SUSE CVEadded 2026/03/05 6:54 a.m.0 views

SUSE CVE-2025-70963

Gophish =0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user's long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

7.6CVSS5.8AI score0.00017EPSS
Exploits1References3
OSV
OSVadded 2026/02/17 6:9 p.m.1 views

GO-2026-4455 Gophish is vulnerable to Incorrect Access Control in github.com/gophish/gophish

Gophish is vulnerable to Incorrect Access Control in github.com/gophish/gophish...

7.6CVSS5.5AI score0.00017EPSS
Exploits1References3
OSV
OSVadded 2026/02/06 6:30 p.m.4 views

GHSA-9F8M-9547-2GQM Gophish is vulnerable to Incorrect Access Control

Gophish = 0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

8.5CVSS5.4AI score0.00017EPSS
Exploits1References3
Github Security Blog
Github Security Blogadded 2026/02/06 6:30 p.m.4 views

Gophish is vulnerable to Incorrect Access Control

Gophish = 0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

7.6CVSS5.4AI score0.00017EPSS
Exploits1References3Affected Software1
NVD
NVDadded 2026/02/06 6:15 p.m.3 views

CVE-2025-70963

Gophish =0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

7.6CVSS0.00017EPSS
Exploits1References1
OSV
OSVadded 2026/02/06 6:15 p.m.1 views

CVE-2025-70963

Gophish =0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

7.6CVSS5.5AI score
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/02/06 12:0 a.m.4 views

PT-2026-6752

Name of the Vulnerable Software and Affected Versions Gophish versions prior to 0.12.1 Description The administrative dashboard reveals each user’s long-lived API key within the HTML and JavaScript code on every login. This exposes permanent API credentials to any script operating within the...

9.9CVSS5.5AI score0.00733EPSS
Exploits44References114
ATTACKERKB
ATTACKERKBadded 2026/02/06 12:0 a.m.3 views

CVE-2025-70963

Gophish =0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

7.6CVSS5.4AI score0.00017EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/02/06 12:0 a.m.22 views

CVE-2025-70963

Gophish =0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

0.00017EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/02/06 12:0 a.m.3 views

CVE-2025-70963

Gophish =0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

5.4AI score0.00017EPSS
Exploits1References1
CVE
CVEadded 2026/02/06 12:0 a.m.6 views

CVE-2025-70963

Summary: CVE-2025-70963 affects Gophish prior to 0.12.1. The admin dashboard exposes each user’s long‑lived API key directly in the rendered HTML/JavaScript on login, enabling access to permanent API credentials from browser scripts. This is an Incorrect Access Control vulnerability with HIGH imp...

7.6CVSS5.4AI score0.00017EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/02/06 12:0 a.m.3 views

PT-2026-6855

Gophish = 0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

8.5CVSS5.5AI score0.00017EPSS
Exploits1References4
EUVD
EUVDadded 2026/02/06 12:0 a.m.3 views

EUVD-2025-206883

Gophish =0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

7.6CVSS5.3AI score0.00017EPSS
Exploits1References1
CNNVD
CNNVDadded 2026/02/06 12:0 a.m.3 views

GoPhish 安全漏洞

GoPhish is an open-source phishing framework developed by GoPhish. Versions of GoPhish 0.12.1 and earlier contain security vulnerabilities. These vulnerabilities stem from improper access control mechanisms. In these versions, the management panel exposes the user’s long-term API keys directly in...

7.6CVSS5.8AI score0.00017EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:50 a.m.3 views

CVE-2020-24711

The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack...

6.5CVSS6.7AI score0.00486EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:50 a.m.3 views

CVE-2020-24713

Gophish through 0.10.1 does not invalidate the gophish cookie upon logout...

7.5CVSS7AI score0.0036EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:50 a.m.6 views

CVE-2020-24708

Cross Site Scripting XSS vulnerability in Gophish before 0.11.0 via the Host field on the send profile form...

5.4CVSS6AI score0.00281EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:49 a.m.2 views

CVE-2020-24709

Cross Site Scripting XSS vulnerability in Gophish through 0.10.1 via a crafted landing page or email template...

5.4CVSS5.9AI score0.00206EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:49 a.m.5 views

CVE-2020-24710

Gophish before 0.11.0 allows SSRF attacks...

5.3CVSS6.8AI score0.00457EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/07 9:31 a.m.4 views

CVE-2019-16146

Gophish through 0.8.0 allows XSS via a username...

4.8CVSS5.7AI score0.00235EPSS
Exploits0References1
Rows per page
Query Builder