CVE-2026-41430

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. Redirect parameter on login page is vulnerable to reflected XSS. The patch in commit 16d1b6ca2559f858a1de77bcb03fd7f1b81671c6 fixes the issue by restricting...

CVE-2025-70963

Summary: CVE-2025-70963 affects Gophish prior to 0.12.1. The admin dashboard exposes each user’s long‑lived API key directly in the rendered HTML/JavaScript on login, enabling access to permanent API credentials from browser scripts. This is an Incorrect Access Control vulnerability with HIGH imp...

Linux Distros Unpatched Vulnerability : CVE-2018-20806

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Phamm aka PHP LDAP Virtual Hosting Manager 0.6.8 allows XSS via the login page the /public/main.php action parameter. CVE-2018-20806 Note that Nessus relies on...

CVE-2023-50870

In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible...

PT-2023-19604 · Jenkins · Jenkins Openid Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenID Plugin versions 2.4 and earlier Description: The issue arises because the plugin does not invalidate the previous session on login. Recommendations: For Jenkins OpenID Plugin versions 2.4 and earlier, update to a version later...

UBUNTU-CVE-2017-3312

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Packaging. Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure...