📦 Gokapi

This vulnerability allows authenticated attackers to upload malicious SVG files and create hotlinks that execute stored cross-site scripting (XSS) attacks. Users of Gokapi file sharing servers running...

CVE-2026-29084 is a Cross-Site Request Forgery (CSRF) vulnerability in Gokapi self-hosted file sharing server that allows attackers to trick authenticated users into performing unintended login action...

In Gokapi versions before 2.2.3, registered users without proper privileges can create short-lived API keys with elevated permissions to create or modify file requests. This affects all Gokapi instanc...

This vulnerability in Gokapi's upload status SSE implementation allows authenticated users to see global upload state and file IDs from other users. It affects all Gokapi instances running versions be...

This CVE describes a stored cross-site scripting (XSS) vulnerability in Gokapi file sharing server where authenticated users can inject JavaScript into API key names. The injected code executes when o...