Forceu Vulnerabilities
Comprehensive security vulnerability database for Forceu products
2
0
0
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2025-48495 | 4.8 | This vulnerability allows an attacker to inject malicious JavaScript into the API key overview, which can then execute when another user views that section. It affects all authenticated users before version 2.0.0, as there were no permissions to restrict access, but if a user is the only one using Gokapi, they are not at risk. | forceugokapi | Theoretical | 10 months agoJun 2, 2025 |
| CVE-2025-48494 | 4.8 | An attacker can exploit a flaw in Gokapi to upload a file with malicious JavaScript in its name, which runs every time the upload list is viewed, potentially allowing them to execute harmful actions on the server. This vulnerability primarily affects systems before version 2.0.0, where all authenticated users could access and modify all files, making it easier for an attacker if multiple users are present. | forceugokapi | Theoretical | 10 months agoJun 2, 2025 |
About Forceu Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Forceu products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.