PT-2026-6752

Name of the Vulnerable Software and Affected Versions Gophish versions prior to 0.12.1 Description The administrative dashboard reveals each user’s long-lived API key within the HTML and JavaScript code on every login. This exposes permanent API credentials to any script operating within the...

CVE-2025-70963

Gophish =0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

GoPhish 安全漏洞

GoPhish is an open-source phishing framework developed by GoPhish. Versions of GoPhish 0.12.1 and earlier contain security vulnerabilities. These vulnerabilities stem from improper access control mechanisms. In these versions, the management panel exposes the user’s long-term API keys directly in...

Envoy 安全漏洞

Envoy is an open source distributed proxy server. Envoy suffers from a security vulnerability that stems from the ability of a malicious client to construct permanently valid credentials in certain specific scenarios...