From DHS/US-CERT’s National Vulnerability Database CVE-2020-27986
** DISPUTED ** SonarQube 22.214.171.124762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor’s position is "it is the administrator’s responsibility to configure it."
Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form.
Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template.