Gophish

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-70963 HIGH POC PATCH This Week

Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. [CVSS 7.6 HIGH]

Authentication Bypass Information Disclosure Gophish Suse

NVD GitHub

CVSS 3.1

7.6

EPSS

0.0%

CVE-2025-70963

EPSS 0% CVSS 7.6

HIGH POC PATCH This Week

Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. [CVSS 7.6 HIGH]

Authentication Bypass Information Disclosure Gophish +1

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy