CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

CVE•added 2026/03/06 4:44 a.m.•3 views

CVE-2026-28683

CVE-2026-28683 (Gokapi) : A stored XSS exists in Gokapi prior to v2.2.3 where a malicious authenticated user can upload an SVG and hotlink it, enabling stored XSS. The issue is resolved in v2.2.3. CVSS: 3.1, Privileges Required: Low, User Interaction: Required, Impact on Confidentiality/Integrity...

8.7CVSS5.8AI score0.00011EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-16640

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00077EPSS

Exploits0References4

SUSE CVE•added 2025/07/04 2:37 p.m.•1 views

SUSE CVE-2025-48495

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0,...

5.4CVSS6.5AI score0.00064EPSS

Exploits0References2

Veracode•added 2025/06/05 3:10 a.m.•2 views

Cross-site Scripting (XSS)

github.com/forceu/gokapi is vulnerable to stored cross-site scripting XSS. The vulnerability is due to insufficient sanitization and validation of filenames with embedded JavaScript, allows an attacker to execute malicious JavaScript code in the context of other users’ browsers...

5.4CVSS6AI score0.00077EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2025/06/04 11:20 a.m.•2 views

CVE-2025-48494

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site scripting vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename. After upload and every time someone opens...

4.8CVSS5.9AI score0.00077EPSS

Exploits0References1

OSV•added 2025/06/03 5:57 p.m.•2 views

GO-2025-3737 Gokapi vulnerable to stored XSS via uploading file with malicious file name in github.com/forceu/gokapi

Gokapi vulnerable to stored XSS via uploading file with malicious file name in github.com/forceu/gokapi. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

5.4CVSS5.6AI score0.00077EPSS

Exploits0References4

OSV•added 2025/06/03 6:28 a.m.•2 views

GHSA-95RC-WC32-GM53 Gokapi vulnerable to stored XSS via uploading file with malicious file name

Impact When using end-to-end encryption, a stored XSS vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename. After upload and every time someone opens the upload list, the script is then parsed. With the affected versions v2.0, there was no user permissi...

4.8CVSS6AI score0.00077EPSS

Exploits0References6