CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

OSV•added 2026/05/20 7:7 p.m.•2 views

GO-2026-4991 Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change in github.com/daptin/daptin

Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change in github.com/daptin/daptin...

5.8AI score

Exploits0References1

Positive Technologies•added 2026/05/20 12:0 a.m.•4 views

PT-2026-42376

Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change in github.com/daptin/daptin...

5.8AI score

Exploits0References2

NVD•added 2026/05/07 3:16 p.m.•7 views

CVE-2026-44349

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resourcefindallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.Lfmt.Sprintf"LOWER%s LIKE ?", prefix+col raw SQL with no...

7.1CVSS0.00017EPSS

Exploits0References2

NVD•added 2026/05/07 3:16 p.m.•7 views

CVE-2026-41422

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, the /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L — a raw SQL literal expression builder — without any validation. This bypassed all parameterization and allowed...

8.3CVSS0.00019EPSS

Exploits0References2

Vulnrichment•added 2026/05/07 1:57 p.m.•4 views

CVE-2026-44349 Daptin fuzzy search injects unvalidated column name into raw SQL

7.1CVSS5.8AI score0.00017EPSS

Exploits0References2

CVE•added 2026/05/07 1:57 p.m.•8 views

CVE-2026-44349

Daptin CVE-2026-44349: The fuzzy search path on /api/ accepts a user-supplied column list and interpolates it into raw SQL without a column whitelist, enabling an authenticated user to read the entire database on vulnerable versions. Affected component: processFuzzySearch in server/resource/resou...

7.1CVSS5.8AI score0.00017EPSS

Exploits0References2

Cvelist•added 2026/05/07 1:57 p.m.•31 views

CVE-2026-44349 Daptin fuzzy search injects unvalidated column name into raw SQL

7.1CVSS0.00017EPSS

Exploits0References2

ATTACKERKB•added 2026/05/07 1:56 p.m.•2 views

CVE-2026-41422

8.3CVSS5.9AI score0.00019EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/07 1:56 p.m.•4 views

CVE-2026-41422 Daptin vulnerable to SQL injection via unvalidated goqu.L() calls in aggregate API

8.3CVSS5.9AI score0.00019EPSS

Exploits0References2

CVE•added 2026/05/07 1:56 p.m.•5 views

CVE-2026-41422

Daptin (CVE-2026-41422) exposes SQL injection in the /aggregate/:typename endpoint via unvalidated user input passed to goqu.L() in server/resource/resource_aggregate.go. Root cause: user-controlled column/group parameters were inserted directly into SQL without validation, bypassing parameteriza...

8.3CVSS5.9AI score0.00019EPSS

Exploits0References2

Cvelist•added 2026/05/07 1:56 p.m.•27 views

CVE-2026-41422 Daptin vulnerable to SQL injection via unvalidated goqu.L() calls in aggregate API

8.3CVSS0.00019EPSS

Exploits0References2

CNNVD•added 2026/05/07 12:0 a.m.•4 views

daptin SQL注入漏洞

Daptin is an open-source content management system developed by Daptin developers. Versions of Daptin prior to 0.11.5 had a SQL injection vulnerability. This vulnerability stemmed from the processFuzzySearch function, which splits the column parameters provided by the user using commas and insert...

7.1CVSS5.9AI score0.00017EPSS

Exploits0References2

CNNVD•added 2026/05/07 12:0 a.m.•3 views

daptin SQL注入漏洞

Daptin is an open-source content management system developed by Daptin developers. Versions of Daptin prior to 0.11.4 contained a SQL injection vulnerability. This vulnerability stemmed from the /aggregate/:typename endpoint, which did not validate the column and query parameters. As a result,...

8.3CVSS6AI score0.00019EPSS

Exploits0References1

RedhatCVE•added 2026/01/03 6:5 p.m.•5 views

CVE-2025-15439

A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resourceaggregate.go of the component Aggregate API. The manipulation of the argument column/group/order leads to sql injection. The attack may be initiated remotely...

6.5CVSS7.1AI score0.0002EPSS

Exploits0References1

NVD•added 2026/01/02 5:15 p.m.•2 views

CVE-2025-15439

6.5CVSS0.0002EPSS

Exploits0References5

EUVD•added 2026/01/02 5:2 p.m.•2 views

EUVD-2026-0654

6.5CVSS6.5AI score0.0002EPSS

Exploits0References6

CVE•added 2026/01/02 5:2 p.m.•6 views

CVE-2025-15439

The CVE-2025-15439 entry concerns Daptin 0.10.3 where the goqu.L call in server/resource/resource_aggregate.go (Aggregate API) is vulnerable to SQL injection via manipulated arguments column/group/order. The issue is exploitable remotely and publicly demonstrated; multiple sources (NVD, Red Hat, ...

6.5CVSS6.7AI score0.0002EPSS

Exploits0References5

Vulnrichment•added 2026/01/02 5:2 p.m.•4 views

CVE-2025-15439 Daptin Aggregate API resource_aggregate.go goqu.L sql injection

6.5CVSS6.7AI score0.0002EPSS

Exploits0References5

Cvelist•added 2026/01/02 5:2 p.m.•22 views

CVE-2025-15439 Daptin Aggregate API resource_aggregate.go goqu.L sql injection

6.5CVSS0.0002EPSS

Exploits0References5

Positive Technologies•added 2026/01/02 12:0 a.m.•2 views

PT-2026-1108

Name of the Vulnerable Software and Affected Versions Daptin version 0.10.3 Description A flaw exists in Daptin version 0.10.3 within the Aggregate API component. Specifically, the goqu.L function in the server/resource/resource aggregate.go file is susceptible to SQL injection. The issue arises...

6.5CVSS7AI score0.0002EPSS

Exploits0References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by