2
0
0
0
Vulnerability Timeline
2 vulnerabilities discovered over time for Gokapi
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2025-48495 | 4.8 | This vulnerability allows an attacker to inject malicious JavaScript into the API key overview, which can then execute when another user views that section. It affects all authenticated users before version 2.0.0, as there were no permissions to restrict access, but if a user is the only one using Gokapi, they are not at risk. | forceugokapi | Theoretical | 10 months agoJun 2, 2025 |
| CVE-2025-48494 | 4.8 | An attacker can exploit a flaw in Gokapi to upload a file with malicious JavaScript in its name, which runs every time the upload list is viewed, potentially allowing them to execute harmful actions on the server. This vulnerability primarily affects systems before version 2.0.0, where all authenticated users could access and modify all files, making it easier for an attacker if multiple users are present. | forceugokapi | Theoretical | 10 months agoJun 2, 2025 |
About Forceu Gokapi Security
This page provides comprehensive security vulnerability tracking for Forceu Gokapi. Our database includes all CVEs affecting this product, updated in real-time from official sources.
Each vulnerability listing includes detailed CVSS severity analysis, exploit availability status, AI-generated explanations, and direct links to official security patches and vendor advisories.
Security Recommendations
- • Always keep Gokapi updated to the latest version
- • Subscribe to security advisories from Forceu
- • Monitor this page for new vulnerabilities affecting your version
- • Prioritize patching critical and high severity issues immediately