Package Instance

reference_id

dsa-5550

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h

reference_url

reference_id

GHSA-hrg9-qqqx-wc4h

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h

reference_url	https://security.gentoo.org/glsa/202412-02
reference_id	GLSA-202412-02
reference_type
scores
url	https://security.gentoo.org/glsa/202412-02

reference_url

https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/

url

https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/

reference_id

WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/

reference_id

WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2023-39515

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-34z4-1zqk-afcm

url VCID-3tqy-g42y-9fef

vulnerability_id VCID-3tqy-g42y-9fef

summary A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25706

reference_id

reference_type

scores

value	0.01458
scoring_system	epss
scoring_elements	0.80772
published_at	2026-04-01T12:55:00Z

value	0.01458
scoring_system	epss
scoring_elements	0.80781
published_at	2026-04-02T12:55:00Z

value	0.01458
scoring_system	epss
scoring_elements	0.80802
published_at	2026-04-04T12:55:00Z

value	0.01458
scoring_system	epss
scoring_elements	0.80799
published_at	2026-04-07T12:55:00Z

value	0.01458
scoring_system	epss
scoring_elements	0.80826
published_at	2026-04-08T12:55:00Z

value	0.01458
scoring_system	epss
scoring_elements	0.80835
published_at	2026-04-09T12:55:00Z

value	0.01458
scoring_system	epss
scoring_elements	0.80851
published_at	2026-04-11T12:55:00Z

value	0.01458
scoring_system	epss
scoring_elements	0.80836
published_at	2026-04-12T12:55:00Z

value	0.01458
scoring_system	epss
scoring_elements	0.80829
published_at	2026-04-13T12:55:00Z

value	0.01458
scoring_system	epss
scoring_elements	0.80866
published_at	2026-04-16T12:55:00Z

value	0.01458
scoring_system	epss
scoring_elements	0.80868
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25706

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2020-25706

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3tqy-g42y-9fef

url VCID-3y7d-ujep-4ydm

vulnerability_id VCID-3y7d-ujep-4ydm

summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-34340

reference_id

reference_type

scores

value	0.00842
scoring_system	epss
scoring_elements	0.74784
published_at	2026-04-18T12:55:00Z

value	0.00842
scoring_system	epss
scoring_elements	0.7477
published_at	2026-04-11T12:55:00Z

value	0.00842
scoring_system	epss
scoring_elements	0.74749
published_at	2026-04-12T12:55:00Z

value	0.00842
scoring_system	epss
scoring_elements	0.74739
published_at	2026-04-13T12:55:00Z

value	0.00842
scoring_system	epss
scoring_elements	0.74776
published_at	2026-04-16T12:55:00Z

value	0.00842
scoring_system	epss
scoring_elements	0.74699
published_at	2026-04-02T12:55:00Z

value	0.00842
scoring_system	epss
scoring_elements	0.74726
published_at	2026-04-04T12:55:00Z

value	0.00842
scoring_system	epss
scoring_elements	0.747
published_at	2026-04-07T12:55:00Z

value	0.00842
scoring_system	epss
scoring_elements	0.74732
published_at	2026-04-08T12:55:00Z

value	0.00842
scoring_system	epss
scoring_elements	0.74747
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-34340

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34340
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34340

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m

reference_id

GHSA-37x7-mfjv-mm7m

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:13:47Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

reference_id

RBEOAFKRARQHTDIYSL723XAFJ2Q6624X

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:13:47Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

reference_url	https://usn.ubuntu.com/6969-1/
reference_id	USN-6969-1
reference_type
scores
url	https://usn.ubuntu.com/6969-1/

fixed_packages

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5

aliases CVE-2024-34340

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3y7d-ujep-4ydm

url VCID-44fx-4w2y-y3dy

vulnerability_id VCID-44fx-4w2y-y3dy

summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-31458

reference_id

reference_type

scores

value	0.06015
scoring_system	epss
scoring_elements	0.90728
published_at	2026-04-18T12:55:00Z

value	0.06015
scoring_system	epss
scoring_elements	0.90714
published_at	2026-04-11T12:55:00Z

value	0.06015
scoring_system	epss
scoring_elements	0.90715
published_at	2026-04-12T12:55:00Z

value	0.06015
scoring_system	epss
scoring_elements	0.90711
published_at	2026-04-13T12:55:00Z

value	0.06015
scoring_system	epss
scoring_elements	0.9073
published_at	2026-04-16T12:55:00Z

value	0.06015
scoring_system	epss
scoring_elements	0.9067
published_at	2026-04-02T12:55:00Z

value	0.06015
scoring_system	epss
scoring_elements	0.9068
published_at	2026-04-04T12:55:00Z

value	0.06015
scoring_system	epss
scoring_elements	0.90689
published_at	2026-04-07T12:55:00Z

value	0.06015
scoring_system	epss
scoring_elements	0.907
published_at	2026-04-08T12:55:00Z

value	0.06015
scoring_system	epss
scoring_elements	0.90705
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-31458

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31458
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31458

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x

reference_id

GHSA-jrxg-8wh8-943x

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:19:29Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

reference_id

RBEOAFKRARQHTDIYSL723XAFJ2Q6624X

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:19:29Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

reference_url	https://usn.ubuntu.com/6969-1/
reference_id	USN-6969-1
reference_type
scores
url	https://usn.ubuntu.com/6969-1/

fixed_packages

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5

aliases CVE-2024-31458

risk_score 2.0

exploitability 0.5

weighted_severity 4.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44fx-4w2y-y3dy

url VCID-4twv-1yys-eban

vulnerability_id VCID-4twv-1yys-eban

summary Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-22604

reference_id

reference_type

scores

value	0.72211
scoring_system	epss
scoring_elements	0.98757
published_at	2026-04-18T12:55:00Z

value	0.72211
scoring_system	epss
scoring_elements	0.9875
published_at	2026-04-09T12:55:00Z

value	0.72211
scoring_system	epss
scoring_elements	0.98753
published_at	2026-04-12T12:55:00Z

value	0.72211
scoring_system	epss
scoring_elements	0.98754
published_at	2026-04-13T12:55:00Z

value	0.72211
scoring_system	epss
scoring_elements	0.98742
published_at	2026-04-02T12:55:00Z

value	0.72211
scoring_system	epss
scoring_elements	0.98746
published_at	2026-04-04T12:55:00Z

value	0.72211
scoring_system	epss
scoring_elements	0.98749
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-22604

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id	1094574
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574

reference_url

https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_id

c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/

url

https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36

reference_id

GHSA-c5j8-jxj3-hh36

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36

fixed_packages

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5

aliases CVE-2025-22604

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4twv-1yys-eban

url VCID-5ykb-6nvx-k3e4

vulnerability_id VCID-5ykb-6nvx-k3e4

summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39362

reference_id

reference_type

scores

value	0.87228
scoring_system	epss
scoring_elements	0.99443
published_at	2026-04-02T12:55:00Z

value	0.87228
scoring_system	epss
scoring_elements	0.99445
published_at	2026-04-04T12:55:00Z

value	0.87228
scoring_system	epss
scoring_elements	0.99446
published_at	2026-04-07T12:55:00Z

value	0.87228
scoring_system	epss
scoring_elements	0.99447
published_at	2026-04-09T12:55:00Z

value	0.87228
scoring_system	epss
scoring_elements	0.99448
published_at	2026-04-11T12:55:00Z

value	0.87228
scoring_system	epss
scoring_elements	0.99449
published_at	2026-04-13T12:55:00Z

value	0.87228
scoring_system	epss
scoring_elements	0.99452
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516

reference_url

http://packetstormsecurity.com/files/175029/Cacti-1.2.24-Command-Injection.html

reference_id

Cacti-1.2.24-Command-Injection.html

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/

url

http://packetstormsecurity.com/files/175029/Cacti-1.2.24-Command-Injection.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/

reference_id

CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51740.txt
reference_id	CVE-2023-39362
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51740.txt

reference_url

reference_id

dsa-5550

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp

reference_url

reference_id

GHSA-g6ff-58cj-x3cp

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp

reference_url	https://security.gentoo.org/glsa/202412-02
reference_id	GLSA-202412-02
reference_type
scores
url	https://security.gentoo.org/glsa/202412-02

reference_url

https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/

url

https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/

reference_id

WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/

reference_id

WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2023-39362

risk_score 10.0

exploitability 2.0

weighted_severity 6.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ykb-6nvx-k3e4

url VCID-6t6n-ws5n-wkay

vulnerability_id VCID-6t6n-ws5n-wkay

summary Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-31443

reference_id

reference_type

scores

value	0.00493
scoring_system	epss
scoring_elements	0.65757
published_at	2026-04-18T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65719
published_at	2026-04-08T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65731
published_at	2026-04-09T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65752
published_at	2026-04-11T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65737
published_at	2026-04-12T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65708
published_at	2026-04-13T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65743
published_at	2026-04-16T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65672
published_at	2026-04-02T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65702
published_at	2026-04-04T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65667
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-31443

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31443
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31443

reference_url

https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf

reference_id

f946fa537d19678f938ddbd784a10e3290d275cf

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/

url

https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3

reference_id

GHSA-rqc8-78cm-85j3

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

reference_id

RBEOAFKRARQHTDIYSL723XAFJ2Q6624X

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

reference_url	https://usn.ubuntu.com/6969-1/
reference_id	USN-6969-1
reference_type
scores
url	https://usn.ubuntu.com/6969-1/

fixed_packages

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5

aliases CVE-2024-31443

risk_score 2.5

exploitability 0.5

weighted_severity 5.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6t6n-ws5n-wkay

url VCID-6ze5-dqdn-ykg3

vulnerability_id VCID-6ze5-dqdn-ykg3

summary Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-45598

reference_id

reference_type

scores

value	0.00063
scoring_system	epss
scoring_elements	0.19758
published_at	2026-04-02T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.1981
published_at	2026-04-04T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19532
published_at	2026-04-07T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19611
published_at	2026-04-08T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19664
published_at	2026-04-09T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19668
published_at	2026-04-11T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24993
published_at	2026-04-12T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24939
published_at	2026-04-13T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24951
published_at	2026-04-16T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24944
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-45598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id	1094574
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574

fixed_packages

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5

aliases CVE-2024-45598

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ze5-dqdn-ykg3

url VCID-7m68-seeq-tuae

vulnerability_id VCID-7m68-seeq-tuae

summary Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-24368

reference_id

reference_type

scores

value	0.00069
scoring_system	epss
scoring_elements	0.2139
published_at	2026-04-04T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21335
published_at	2026-04-02T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29579
published_at	2026-04-18T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29678
published_at	2026-04-09T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.2968
published_at	2026-04-11T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29636
published_at	2026-04-12T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29586
published_at	2026-04-13T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29605
published_at	2026-04-16T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.2964
published_at	2026-04-08T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.34947
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-24368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id	1094574
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574

reference_url

https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_id

c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/

url

https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c

reference_id

GHSA-f9c7-7rc3-574c

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c

fixed_packages

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5

aliases CVE-2025-24368

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7m68-seeq-tuae

url VCID-85gc-u991-z3dw

vulnerability_id VCID-85gc-u991-z3dw

summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-25641

reference_id

reference_type

scores

value	0.88383
scoring_system	epss
scoring_elements	0.99502
published_at	2026-04-18T12:55:00Z

value	0.88383
scoring_system	epss
scoring_elements	0.99491
published_at	2026-04-02T12:55:00Z

value	0.88383
scoring_system	epss
scoring_elements	0.99493
published_at	2026-04-04T12:55:00Z

value	0.88383
scoring_system	epss
scoring_elements	0.99495
published_at	2026-04-07T12:55:00Z

value	0.88383
scoring_system	epss
scoring_elements	0.99496
published_at	2026-04-08T12:55:00Z

value	0.88383
scoring_system	epss
scoring_elements	0.99497
published_at	2026-04-09T12:55:00Z

value	0.88383
scoring_system	epss
scoring_elements	0.99498
published_at	2026-04-13T12:55:00Z

value	0.88383
scoring_system	epss
scoring_elements	0.99501
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-25641

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25641
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25641

reference_url

http://seclists.org/fulldisclosure/2024/May/6

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/

url

http://seclists.org/fulldisclosure/2024/May/6

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52225.txt
reference_id	CVE-2024-25641
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52225.txt

reference_url

https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210

reference_id

eff35b0ff26cc27c82d7880469ed6d5e3bef6210

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/

url

https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88

reference_id

GHSA-7cmj-g5qc-pj88

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

reference_id

RBEOAFKRARQHTDIYSL723XAFJ2Q6624X

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

reference_url	https://usn.ubuntu.com/6969-1/
reference_id	USN-6969-1
reference_type
scores
url	https://usn.ubuntu.com/6969-1/

fixed_packages

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5

aliases CVE-2024-25641

risk_score 10.0

exploitability 2.0

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-85gc-u991-z3dw

url VCID-8nbc-ethb-6kcn

vulnerability_id VCID-8nbc-ethb-6kcn

summary

Multiple vulnerabilities have been found in Cacti, the worst of
    which could lead to the remote execution of arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-17358

reference_id

reference_type

scores

value	0.02298
scoring_system	epss
scoring_elements	0.84657
published_at	2026-04-01T12:55:00Z

value	0.02298
scoring_system	epss
scoring_elements	0.84671
published_at	2026-04-02T12:55:00Z

value	0.02298
scoring_system	epss
scoring_elements	0.84692
published_at	2026-04-04T12:55:00Z

value	0.02298
scoring_system	epss
scoring_elements	0.84694
published_at	2026-04-07T12:55:00Z

value	0.02298
scoring_system	epss
scoring_elements	0.84716
published_at	2026-04-08T12:55:00Z

value	0.02298
scoring_system	epss
scoring_elements	0.84723
published_at	2026-04-09T12:55:00Z

value	0.02298
scoring_system	epss
scoring_elements	0.84741
published_at	2026-04-11T12:55:00Z

value	0.02298
scoring_system	epss
scoring_elements	0.84736
published_at	2026-04-12T12:55:00Z

value	0.02298
scoring_system	epss
scoring_elements	0.8473
published_at	2026-04-13T12:55:00Z

value	0.02298
scoring_system	epss
scoring_elements	0.84751
published_at	2026-04-16T12:55:00Z

value	0.02298
scoring_system	epss
scoring_elements	0.84753
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-17358

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17358
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17358

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947375
reference_id	947375
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947375

reference_url	https://security.gentoo.org/glsa/202003-40
reference_id	GLSA-202003-40
reference_type
scores
url	https://security.gentoo.org/glsa/202003-40

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2019-17358

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8nbc-ethb-6kcn

url VCID-9swv-zvke-ubet

vulnerability_id VCID-9swv-zvke-ubet

summary

Multiple vulnerabilities have been found in Cacti, the worst of
    which could result in the arbitrary execution of code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8813

reference_id

reference_type

scores

value	0.93926
scoring_system	epss
scoring_elements	0.99879
published_at	2026-04-11T12:55:00Z

value	0.93926
scoring_system	epss
scoring_elements	0.9988
published_at	2026-04-13T12:55:00Z

value	0.93926
scoring_system	epss
scoring_elements	0.99881
published_at	2026-04-18T12:55:00Z

value	0.94091
scoring_system	epss
scoring_elements	0.99904
published_at	2026-04-01T12:55:00Z

value	0.94091
scoring_system	epss
scoring_elements	0.99905
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8813

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951832
reference_id	951832
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951832

reference_url	https://github.com/mhaskar/CVE-2020-8813/blob/4877c2b2f378ce5937f56b259b69b02840514d4c/Cacti-postauth-rce.py
reference_id	CVE-2020-8813
reference_type	exploit
scores
url	https://github.com/mhaskar/CVE-2020-8813/blob/4877c2b2f378ce5937f56b259b69b02840514d4c/Cacti-postauth-rce.py

reference_url	https://github.com/mhaskar/CVE-2020-8813/blob/dfb48378f39249ff54ecf24ccd3b89db26971ccf/Cacti-preauth-rce.py
reference_id	CVE-2020-8813
reference_type	exploit
scores
url	https://github.com/mhaskar/CVE-2020-8813/blob/dfb48378f39249ff54ecf24ccd3b89db26971ccf/Cacti-preauth-rce.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/48144.py
reference_id	CVE-2020-8813
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/48144.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/48145.py
reference_id	CVE-2020-8813
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/48145.py

reference_url	https://security.gentoo.org/glsa/202004-16
reference_id	GLSA-202004-16
reference_type
scores
url	https://security.gentoo.org/glsa/202004-16

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2020-8813

risk_score 1.6

exploitability 2.0

weighted_severity 0.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9swv-zvke-ubet

url VCID-a8j1-24bw-gudu

vulnerability_id VCID-a8j1-24bw-gudu

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39364

reference_id

reference_type

scores

value	0.00166
scoring_system	epss
scoring_elements	0.3773
published_at	2026-04-02T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37755
published_at	2026-04-04T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37633
published_at	2026-04-07T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37684
published_at	2026-04-08T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37697
published_at	2026-04-09T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37711
published_at	2026-04-11T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37676
published_at	2026-04-12T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37648
published_at	2026-04-13T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37695
published_at	2026-04-16T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37678
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39364

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2023-39364

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a8j1-24bw-gudu

url VCID-akj7-kh8f-97ct

vulnerability_id VCID-akj7-kh8f-97ct

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49088

reference_id

reference_type

scores

value	0.0102
scoring_system	epss
scoring_elements	0.77167
published_at	2026-04-02T12:55:00Z

value	0.0102
scoring_system	epss
scoring_elements	0.77196
published_at	2026-04-04T12:55:00Z

value	0.0102
scoring_system	epss
scoring_elements	0.77177
published_at	2026-04-07T12:55:00Z

value	0.0102
scoring_system	epss
scoring_elements	0.7721
published_at	2026-04-08T12:55:00Z

value	0.0102
scoring_system	epss
scoring_elements	0.77218
published_at	2026-04-09T12:55:00Z

value	0.0102
scoring_system	epss
scoring_elements	0.77246
published_at	2026-04-11T12:55:00Z

value	0.0102
scoring_system	epss
scoring_elements	0.77225
published_at	2026-04-12T12:55:00Z

value	0.0102
scoring_system	epss
scoring_elements	0.77221
published_at	2026-04-13T12:55:00Z

value	0.0102
scoring_system	epss
scoring_elements	0.77261
published_at	2026-04-16T12:55:00Z

value	0.0102
scoring_system	epss
scoring_elements	0.77262
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49088

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088

reference_url

https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php

reference_id

data_debug.php

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/

url

https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h

reference_id

GHSA-hrg9-qqqx-wc4h

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x

reference_id

GHSA-q7g7-gcf6-wh4x

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x

reference_url

https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/

url

https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

reference_id

RBEOAFKRARQHTDIYSL723XAFJ2Q6624X

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2023-49088

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-akj7-kh8f-97ct

url VCID-ay5a-nkmf-5yar

vulnerability_id VCID-ay5a-nkmf-5yar

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49086

reference_id

reference_type

scores

value	0.00949
scoring_system	epss
scoring_elements	0.76305
published_at	2026-04-02T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76335
published_at	2026-04-04T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76314
published_at	2026-04-07T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76347
published_at	2026-04-08T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76361
published_at	2026-04-09T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76387
published_at	2026-04-11T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76365
published_at	2026-04-12T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.7636
published_at	2026-04-13T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76401
published_at	2026-04-16T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76407
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254
reference_id	1059254
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2023-49086

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ay5a-nkmf-5yar

url VCID-be57-gxmc-vqd4

vulnerability_id VCID-be57-gxmc-vqd4

summary Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-43362

reference_id

reference_type

scores

value	0.05453
scoring_system	epss
scoring_elements	0.90204
published_at	2026-04-18T12:55:00Z

value	0.05453
scoring_system	epss
scoring_elements	0.90191
published_at	2026-04-12T12:55:00Z

value	0.05453
scoring_system	epss
scoring_elements	0.90185
published_at	2026-04-13T12:55:00Z

value	0.05453
scoring_system	epss
scoring_elements	0.90203
published_at	2026-04-16T12:55:00Z

value	0.05453
scoring_system	epss
scoring_elements	0.90156
published_at	2026-04-04T12:55:00Z

value	0.05453
scoring_system	epss
scoring_elements	0.90162
published_at	2026-04-07T12:55:00Z

value	0.05453
scoring_system	epss
scoring_elements	0.90177
published_at	2026-04-08T12:55:00Z

value	0.05453
scoring_system	epss
scoring_elements	0.90183
published_at	2026-04-09T12:55:00Z

value	0.05453
scoring_system	epss
scoring_elements	0.90192
published_at	2026-04-11T12:55:00Z

value	0.07763
scoring_system	epss
scoring_elements	0.91918
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-43362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c

reference_id

GHSA-wh9c-v56x-v77c

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:07:47Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c

fixed_packages

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5

aliases CVE-2024-43362

risk_score 3.3

exploitability 0.5

weighted_severity 6.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-be57-gxmc-vqd4

url VCID-c2b8-ss11-9yhq

vulnerability_id VCID-c2b8-ss11-9yhq

summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39360

reference_id

reference_type

scores

value	0.00629
scoring_system	epss
scoring_elements	0.70215
published_at	2026-04-02T12:55:00Z

value	0.00629
scoring_system	epss
scoring_elements	0.70232
published_at	2026-04-04T12:55:00Z

value	0.00629
scoring_system	epss
scoring_elements	0.70209
published_at	2026-04-07T12:55:00Z

value	0.00629
scoring_system	epss
scoring_elements	0.70255
published_at	2026-04-08T12:55:00Z

value	0.00629
scoring_system	epss
scoring_elements	0.7027
published_at	2026-04-09T12:55:00Z

value	0.00629
scoring_system	epss
scoring_elements	0.70294
published_at	2026-04-11T12:55:00Z

value	0.00629
scoring_system	epss
scoring_elements	0.70279
published_at	2026-04-12T12:55:00Z

value	0.00629
scoring_system	epss
scoring_elements	0.70267
published_at	2026-04-13T12:55:00Z

value	0.00629
scoring_system	epss
scoring_elements	0.70308
published_at	2026-04-16T12:55:00Z

value	0.00629
scoring_system	epss
scoring_elements	0.70317
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088

reference_url	https://security.gentoo.org/glsa/202412-02
reference_id	GLSA-202412-02
reference_type
scores
url	https://security.gentoo.org/glsa/202412-02

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2023-39360

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c2b8-ss11-9yhq

url VCID-cre7-1uhc-bka2

vulnerability_id VCID-cre7-1uhc-bka2

summary

Multiple vulnerabilities have been found in Cacti, the worst of
    which could lead to the remote execution of arbitrary code.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-16723

reference_id

reference_type

scores

value	0.00268
scoring_system	epss
scoring_elements	0.50319
published_at	2026-04-18T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50318
published_at	2026-04-16T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50221
published_at	2026-04-01T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50261
published_at	2026-04-02T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.5029
published_at	2026-04-04T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50238
published_at	2026-04-07T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50292
published_at	2026-04-08T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50284
published_at	2026-04-09T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50312
published_at	2026-04-11T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50286
published_at	2026-04-12T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50274
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-16723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16723

reference_url	https://github.com/Cacti/cacti/issues/2964
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/issues/2964

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZO3ROHHPKLH2JRW7ES5FYSQTWIPNVLQB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZO3ROHHPKLH2JRW7ES5FYSQTWIPNVLQB/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZSCUUCKSYVZLN3PQE7NU76AFWUGT3E2D/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZSCUUCKSYVZLN3PQE7NU76AFWUGT3E2D/

reference_url	https://seclists.org/bugtraq/2020/Jan/25
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2020/Jan/25

reference_url	https://www.debian.org/security/2020/dsa-4604
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4604

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941036
reference_id	941036
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941036

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti::::::::
reference_id	cpe:2.3:a:cacti:cacti::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-16723

reference_id

CVE-2019-16723

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:N/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-16723

reference_url	https://security.gentoo.org/glsa/202003-40
reference_id	GLSA-202003-40
reference_type
scores
url	https://security.gentoo.org/glsa/202003-40

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2019-16723

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cre7-1uhc-bka2

url VCID-cxs3-zh36-m7en

vulnerability_id VCID-cxs3-zh36-m7en

summary

Multiple vulnerabilities have been found in Cacti, the worst of
    which could lead to the remote execution of arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7106

reference_id

reference_type

scores

value	0.04094
scoring_system	epss
scoring_elements	0.88531
published_at	2026-04-01T12:55:00Z

value	0.04094
scoring_system	epss
scoring_elements	0.88539
published_at	2026-04-02T12:55:00Z

value	0.04094
scoring_system	epss
scoring_elements	0.88556
published_at	2026-04-04T12:55:00Z

value	0.04094
scoring_system	epss
scoring_elements	0.88559
published_at	2026-04-07T12:55:00Z

value	0.04094
scoring_system	epss
scoring_elements	0.88577
published_at	2026-04-08T12:55:00Z

value	0.04094
scoring_system	epss
scoring_elements	0.88582
published_at	2026-04-09T12:55:00Z

value	0.04094
scoring_system	epss
scoring_elements	0.88594
published_at	2026-04-11T12:55:00Z

value	0.04094
scoring_system	epss
scoring_elements	0.88586
published_at	2026-04-13T12:55:00Z

value	0.04094
scoring_system	epss
scoring_elements	0.886
published_at	2026-04-16T12:55:00Z

value	0.04094
scoring_system	epss
scoring_elements	0.88597
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7106

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7106
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7106

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949996
reference_id	949996
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949996

reference_url	https://security.gentoo.org/glsa/202003-40
reference_id	GLSA-202003-40
reference_type
scores
url	https://security.gentoo.org/glsa/202003-40

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2020-7106

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cxs3-zh36-m7en

url VCID-d7db-n89n-qyd8

vulnerability_id VCID-d7db-n89n-qyd8

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49084

reference_id

reference_type

scores

value	0.88341
scoring_system	epss
scoring_elements	0.99488
published_at	2026-04-02T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.9949
published_at	2026-04-04T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.99492
published_at	2026-04-07T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.99493
published_at	2026-04-08T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.99494
published_at	2026-04-09T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.99495
published_at	2026-04-13T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.99498
published_at	2026-04-16T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.99499
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49084

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254
reference_id	1059254
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2023-49084

risk_score 1.6

exploitability 2.0

weighted_severity 0.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d7db-n89n-qyd8

url VCID-e48s-dv1e-4fgn

vulnerability_id VCID-e48s-dv1e-4fgn

summary In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13231

reference_id

reference_type

scores

value	0.00453
scoring_system	epss
scoring_elements	0.63694
published_at	2026-04-01T12:55:00Z

value	0.00453
scoring_system	epss
scoring_elements	0.63754
published_at	2026-04-02T12:55:00Z

value	0.00453
scoring_system	epss
scoring_elements	0.6378
published_at	2026-04-04T12:55:00Z

value	0.00453
scoring_system	epss
scoring_elements	0.63739
published_at	2026-04-07T12:55:00Z

value	0.00453
scoring_system	epss
scoring_elements	0.63791
published_at	2026-04-08T12:55:00Z

value	0.00453
scoring_system	epss
scoring_elements	0.63808
published_at	2026-04-09T12:55:00Z

value	0.00453
scoring_system	epss
scoring_elements	0.63821
published_at	2026-04-11T12:55:00Z

value	0.00453
scoring_system	epss
scoring_elements	0.63807
published_at	2026-04-12T12:55:00Z

value	0.00453
scoring_system	epss
scoring_elements	0.63773
published_at	2026-04-13T12:55:00Z

value	0.00453
scoring_system	epss
scoring_elements	0.63809
published_at	2026-04-16T12:55:00Z

value	0.00453
scoring_system	epss
scoring_elements	0.63818
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13231

reference_url	https://usn.ubuntu.com/USN-5214-1/
reference_id	USN-USN-5214-1
reference_type
scores
url	https://usn.ubuntu.com/USN-5214-1/

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2020-13231

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e48s-dv1e-4fgn

url VCID-fhtp-y9a5-vqgj

vulnerability_id VCID-fhtp-y9a5-vqgj

summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-31445

reference_id

reference_type

scores

value	0.39471
scoring_system	epss
scoring_elements	0.97297
published_at	2026-04-12T12:55:00Z

value	0.39471
scoring_system	epss
scoring_elements	0.97308
published_at	2026-04-18T12:55:00Z

value	0.39471
scoring_system	epss
scoring_elements	0.97298
published_at	2026-04-13T12:55:00Z

value	0.39471
scoring_system	epss
scoring_elements	0.9728
published_at	2026-04-02T12:55:00Z

value	0.39471
scoring_system	epss
scoring_elements	0.97285
published_at	2026-04-04T12:55:00Z

value	0.39471
scoring_system	epss
scoring_elements	0.97286
published_at	2026-04-07T12:55:00Z

value	0.39471
scoring_system	epss
scoring_elements	0.97293
published_at	2026-04-09T12:55:00Z

value	0.39471
scoring_system	epss
scoring_elements	0.97296
published_at	2026-04-11T12:55:00Z

value	0.39471
scoring_system	epss
scoring_elements	0.97306
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-31445

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31445
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31445

reference_url

https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717

reference_id

api_automation.php#L717

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/

url

https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717

reference_url

https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856

reference_id

api_automation.php#L856

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/

url

https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856

reference_url

https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886

reference_id

fd93c6e47651958b77c3bbe6a01fff695f81e886

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/

url

https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc

reference_id

GHSA-vjph-r677-6pcc

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

reference_id

RBEOAFKRARQHTDIYSL723XAFJ2Q6624X

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

reference_url	https://usn.ubuntu.com/6969-1/
reference_id	USN-6969-1
reference_type
scores
url	https://usn.ubuntu.com/6969-1/

fixed_packages

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5

aliases CVE-2024-31445

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fhtp-y9a5-vqgj

url VCID-fwp2-z586-ebbq

vulnerability_id VCID-fwp2-z586-ebbq

summary

Multiple vulnerabilities have been found in Cacti, the worst of
    which could lead to the remote execution of arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-17357

reference_id

reference_type

scores

value	0.16157
scoring_system	epss
scoring_elements	0.94764
published_at	2026-04-01T12:55:00Z

value	0.16157
scoring_system	epss
scoring_elements	0.94774
published_at	2026-04-02T12:55:00Z

value	0.16157
scoring_system	epss
scoring_elements	0.94778
published_at	2026-04-04T12:55:00Z

value	0.16157
scoring_system	epss
scoring_elements	0.94779
published_at	2026-04-07T12:55:00Z

value	0.16157
scoring_system	epss
scoring_elements	0.94788
published_at	2026-04-08T12:55:00Z

value	0.16157
scoring_system	epss
scoring_elements	0.94792
published_at	2026-04-09T12:55:00Z

value	0.16157
scoring_system	epss
scoring_elements	0.94797
published_at	2026-04-11T12:55:00Z

value	0.16157
scoring_system	epss
scoring_elements	0.948
published_at	2026-04-12T12:55:00Z

value	0.16157
scoring_system	epss
scoring_elements	0.94801
published_at	2026-04-13T12:55:00Z

value	0.16157
scoring_system	epss
scoring_elements	0.94808
published_at	2026-04-16T12:55:00Z

value	0.16157
scoring_system	epss
scoring_elements	0.94812
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-17357

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17357
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17357

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947374
reference_id	947374
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947374

reference_url	https://security.gentoo.org/glsa/202003-40
reference_id	GLSA-202003-40
reference_type
scores
url	https://security.gentoo.org/glsa/202003-40

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2019-17357

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fwp2-z586-ebbq

url VCID-h3qa-svy4-1fcr

vulnerability_id VCID-h3qa-svy4-1fcr

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49085

reference_id

reference_type

scores

value	0.91404
scoring_system	epss
scoring_elements	0.99656
published_at	2026-04-02T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.99658
published_at	2026-04-04T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.99659
published_at	2026-04-07T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.9966
published_at	2026-04-09T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.99661
published_at	2026-04-12T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.99662
published_at	2026-04-13T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.99663
published_at	2026-04-16T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.99664
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2023-49085

risk_score 1.6

exploitability 2.0

weighted_severity 0.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h3qa-svy4-1fcr

url VCID-hj89-pnag-3fer

vulnerability_id VCID-hj89-pnag-3fer

summary Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-43363

reference_id

reference_type

scores

value	0.75133
scoring_system	epss
scoring_elements	0.98879
published_at	2026-04-18T12:55:00Z

value	0.75133
scoring_system	epss
scoring_elements	0.98876
published_at	2026-04-13T12:55:00Z

value	0.75133
scoring_system	epss
scoring_elements	0.98878
published_at	2026-04-16T12:55:00Z

value	0.75133
scoring_system	epss
scoring_elements	0.98868
published_at	2026-04-02T12:55:00Z

value	0.75133
scoring_system	epss
scoring_elements	0.98869
published_at	2026-04-04T12:55:00Z

value	0.75133
scoring_system	epss
scoring_elements	0.98872
published_at	2026-04-09T12:55:00Z

value	0.75133
scoring_system	epss
scoring_elements	0.98873
published_at	2026-04-08T12:55:00Z

value	0.75133
scoring_system	epss
scoring_elements	0.98875
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-43363

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4

reference_id

GHSA-gxq4-mv8h-6qj4

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-08T14:21:20Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4

fixed_packages

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5

aliases CVE-2024-43363

risk_score 3.2

exploitability 0.5

weighted_severity 6.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hj89-pnag-3fer

url VCID-huf2-qwju-6bf2

vulnerability_id VCID-huf2-qwju-6bf2

summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39365

reference_id

reference_type

scores

value	0.0017
scoring_system	epss
scoring_elements	0.38327
published_at	2026-04-02T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38352
published_at	2026-04-04T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38217
published_at	2026-04-07T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38267
published_at	2026-04-08T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38275
published_at	2026-04-09T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38294
published_at	2026-04-11T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38258
published_at	2026-04-12T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38234
published_at	2026-04-13T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38281
published_at	2026-04-16T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.3826
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39365

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/

reference_id

CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/

reference_url

reference_id

dsa-5550

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22

reference_url

reference_id

GHSA-v5w7-hww7-2f22

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22

reference_url	https://security.gentoo.org/glsa/202412-02
reference_id	GLSA-202412-02
reference_type
scores
url	https://security.gentoo.org/glsa/202412-02

reference_url

https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/

url

https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/

reference_id

WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/

reference_id

WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2023-39365

risk_score 2.0

exploitability 0.5

weighted_severity 4.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-huf2-qwju-6bf2

url VCID-jkca-shmj-mbbu

vulnerability_id VCID-jkca-shmj-mbbu

summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-31459

reference_id

reference_type

scores

value	0.01844
scoring_system	epss
scoring_elements	0.83006
published_at	2026-04-18T12:55:00Z

value	0.01844
scoring_system	epss
scoring_elements	0.82933
published_at	2026-04-04T12:55:00Z

value	0.01844
scoring_system	epss
scoring_elements	0.8293
published_at	2026-04-07T12:55:00Z

value	0.01844
scoring_system	epss
scoring_elements	0.82955
published_at	2026-04-08T12:55:00Z

value	0.01844
scoring_system	epss
scoring_elements	0.82962
published_at	2026-04-09T12:55:00Z

value	0.01844
scoring_system	epss
scoring_elements	0.82977
published_at	2026-04-11T12:55:00Z

value	0.01844
scoring_system	epss
scoring_elements	0.82972
published_at	2026-04-12T12:55:00Z

value	0.01844
scoring_system	epss
scoring_elements	0.82968
published_at	2026-04-13T12:55:00Z

value	0.01844
scoring_system	epss
scoring_elements	0.83007
published_at	2026-04-16T12:55:00Z

value	0.01844
scoring_system	epss
scoring_elements	0.82921
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-31459

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31459
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31459

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv

reference_id

GHSA-cx8g-hvq8-p2rv

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r

reference_id

GHSA-gj3f-p326-gh8r

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp

reference_id

GHSA-pfh9-gwm6-86vp

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

reference_id

RBEOAFKRARQHTDIYSL723XAFJ2Q6624X

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

reference_url	https://usn.ubuntu.com/6969-1/
reference_id	USN-6969-1
reference_type
scores
url	https://usn.ubuntu.com/6969-1/

fixed_packages

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5

aliases CVE-2024-31459

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jkca-shmj-mbbu

url VCID-k6z6-4pb4-tbeu

vulnerability_id VCID-k6z6-4pb4-tbeu

summary Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-23226

reference_id

reference_type

scores

value	0.01252
scoring_system	epss
scoring_elements	0.79296
published_at	2026-04-01T12:55:00Z

value	0.01252
scoring_system	epss
scoring_elements	0.79303
published_at	2026-04-02T12:55:00Z

value	0.01252
scoring_system	epss
scoring_elements	0.79327
published_at	2026-04-04T12:55:00Z

value	0.01252
scoring_system	epss
scoring_elements	0.79313
published_at	2026-04-07T12:55:00Z

value	0.01252
scoring_system	epss
scoring_elements	0.79338
published_at	2026-04-08T12:55:00Z

value	0.01252
scoring_system	epss
scoring_elements	0.79348
published_at	2026-04-09T12:55:00Z

value	0.01252
scoring_system	epss
scoring_elements	0.79371
published_at	2026-04-11T12:55:00Z

value	0.01252
scoring_system	epss
scoring_elements	0.79356
published_at	2026-04-12T12:55:00Z

value	0.01252
scoring_system	epss
scoring_elements	0.79345
published_at	2026-04-13T12:55:00Z

value	0.01252
scoring_system	epss
scoring_elements	0.79373
published_at	2026-04-16T12:55:00Z

value	0.01252
scoring_system	epss
scoring_elements	0.79368
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-23226

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23226
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23226

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2020-23226

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k6z6-4pb4-tbeu

url VCID-k7kv-za2s-dud5

vulnerability_id VCID-k7kv-za2s-dud5

summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-31460

reference_id

reference_type

scores

value	0.01692
scoring_system	epss
scoring_elements	0.82284
published_at	2026-04-18T12:55:00Z

value	0.01692
scoring_system	epss
scoring_elements	0.82207
published_at	2026-04-07T12:55:00Z

value	0.01692
scoring_system	epss
scoring_elements	0.82234
published_at	2026-04-08T12:55:00Z

value	0.01692
scoring_system	epss
scoring_elements	0.82241
published_at	2026-04-09T12:55:00Z

value	0.01692
scoring_system	epss
scoring_elements	0.8226
published_at	2026-04-11T12:55:00Z

value	0.01692
scoring_system	epss
scoring_elements	0.82253
published_at	2026-04-12T12:55:00Z

value	0.01692
scoring_system	epss
scoring_elements	0.82247
published_at	2026-04-13T12:55:00Z

value	0.01692
scoring_system	epss
scoring_elements	0.82191
published_at	2026-04-02T12:55:00Z

value	0.01692
scoring_system	epss
scoring_elements	0.82211
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-31460

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31460
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31460

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv

reference_id

GHSA-cx8g-hvq8-p2rv

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r

reference_id

GHSA-gj3f-p326-gh8r

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

reference_id

RBEOAFKRARQHTDIYSL723XAFJ2Q6624X

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

reference_url	https://usn.ubuntu.com/6969-1/
reference_id	USN-6969-1
reference_type
scores
url	https://usn.ubuntu.com/6969-1/

fixed_packages

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5

aliases CVE-2024-31460

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k7kv-za2s-dud5

url VCID-khhn-9sja-sfgr

vulnerability_id VCID-khhn-9sja-sfgr

summary Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-24367

reference_id

reference_type

scores

value	0.90486
scoring_system	epss
scoring_elements	0.99606
published_at	2026-04-04T12:55:00Z

value	0.90486
scoring_system	epss
scoring_elements	0.99608
published_at	2026-04-11T12:55:00Z

value	0.90486
scoring_system	epss
scoring_elements	0.99609
published_at	2026-04-13T12:55:00Z

value	0.90486
scoring_system	epss
scoring_elements	0.9961
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-24367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id	1094574
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574

reference_url

https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_id

c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/

url

https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq

reference_id

GHSA-fxrq-fr7h-9rqq

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq

fixed_packages

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5

aliases CVE-2025-24367

risk_score 10.0

exploitability 2.0

weighted_severity 7.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khhn-9sja-sfgr

url VCID-mebp-4rfu-vqcq

vulnerability_id VCID-mebp-4rfu-vqcq

summary

DOMpurify has a nesting-based mXSS
DOMpurify was vulnerable to nesting-based mXSS 

fixed by [0ef5e537](https://github.com/cure53/DOMPurify/tree/0ef5e537a514f904b6aa1d7ad9e749e365d7185f) (2.x) and
[merge 943](https://github.com/cure53/DOMPurify/pull/943)

Backporter should be aware of GHSA-mmhx-hmjr-r674 (CVE-2024-45801) when cherry-picking

POC is avaible under [test](https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47875.json

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47875.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-47875

reference_id

reference_type

scores

value	0.00699
scoring_system	epss
scoring_elements	0.72026
published_at	2026-04-18T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.72019
published_at	2026-04-16T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.71978
published_at	2026-04-13T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.71993
published_at	2026-04-12T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.7201
published_at	2026-04-11T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.71939
published_at	2026-04-02T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.71935
published_at	2026-04-07T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.71959
published_at	2026-04-04T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.71986
published_at	2026-04-09T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.71974
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-47875

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875

reference_url

http://seclists.org/fulldisclosure/2025/Apr/14

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2025/Apr/14

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098

reference_url

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/

url

https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098

reference_url

https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/

url

https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f

reference_url

https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/

url

https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a

reference_url

https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/

url

https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf

reference_url

https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-47875

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-47875

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983
reference_id	1084983
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2318052
reference_id	2318052
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2318052

reference_url

https://github.com/advisories/GHSA-gx9m-whjm-85jf

reference_id

GHSA-gx9m-whjm-85jf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gx9m-whjm-85jf

reference_url	https://access.redhat.com/errata/RHSA-2024:10236
reference_id	RHSA-2024:10236
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10236

reference_url	https://access.redhat.com/errata/RHSA-2024:10988
reference_id	RHSA-2024:10988
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10988

reference_url	https://access.redhat.com/errata/RHSA-2024:8683
reference_id	RHSA-2024:8683
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8683

reference_url	https://access.redhat.com/errata/RHSA-2024:8981
reference_id	RHSA-2024:8981
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8981

reference_url	https://access.redhat.com/errata/RHSA-2024:9473
reference_id	RHSA-2024:9473
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9473

reference_url	https://access.redhat.com/errata/RHSA-2024:9629
reference_id	RHSA-2024:9629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9629

reference_url	https://access.redhat.com/errata/RHSA-2025:0329
reference_id	RHSA-2025:0329
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0329

fixed_packages

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5

aliases CVE-2024-47875, GHSA-gx9m-whjm-85jf

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mebp-4rfu-vqcq

url VCID-pau5-hfbv-nucp

vulnerability_id VCID-pau5-hfbv-nucp

summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39513

reference_id

reference_type

scores

value	0.00296
scoring_system	epss
scoring_elements	0.52839
published_at	2026-04-02T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52865
published_at	2026-04-04T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52832
published_at	2026-04-07T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52884
published_at	2026-04-08T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52878
published_at	2026-04-09T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52928
published_at	2026-04-11T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52912
published_at	2026-04-12T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52895
published_at	2026-04-13T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52933
published_at	2026-04-16T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.5294
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088

reference_url	https://security.gentoo.org/glsa/202412-02
reference_id	GLSA-202412-02
reference_type
scores
url	https://security.gentoo.org/glsa/202412-02

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2023-39513

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pau5-hfbv-nucp

url VCID-qnz1-w7bb-97ee

vulnerability_id VCID-qnz1-w7bb-97ee

summary Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-41444

reference_id

reference_type

scores

value	0.00285
scoring_system	epss
scoring_elements	0.51919
published_at	2026-04-18T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.51812
published_at	2026-04-02T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.51838
published_at	2026-04-04T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.51799
published_at	2026-04-07T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.51854
published_at	2026-04-08T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.51851
published_at	2026-04-09T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.51903
published_at	2026-04-11T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.51885
published_at	2026-04-12T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.5187
published_at	2026-04-13T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.51912
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-41444

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41444
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41444

reference_url

https://gist.github.com/enferas/9079535112e4f4ff2c1d2ce1c099d4c2

reference_id

9079535112e4f4ff2c1d2ce1c099d4c2

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:41:35Z/

url

https://gist.github.com/enferas/9079535112e4f4ff2c1d2ce1c099d4c2

fixed_packages

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5

aliases CVE-2022-41444

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qnz1-w7bb-97ee

url VCID-qvkt-vk55-4bbx

vulnerability_id VCID-qvkt-vk55-4bbx

summary A vulnerability in Cacti could lead to remote code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35701

reference_id

reference_type

scores

value	0.01839
scoring_system	epss
scoring_elements	0.82987
published_at	2026-04-18T12:55:00Z

value	0.01839
scoring_system	epss
scoring_elements	0.82885
published_at	2026-04-01T12:55:00Z

value	0.01839
scoring_system	epss
scoring_elements	0.82901
published_at	2026-04-02T12:55:00Z

value	0.01839
scoring_system	epss
scoring_elements	0.82914
published_at	2026-04-04T12:55:00Z

value	0.01839
scoring_system	epss
scoring_elements	0.8291
published_at	2026-04-07T12:55:00Z

value	0.01839
scoring_system	epss
scoring_elements	0.82936
published_at	2026-04-08T12:55:00Z

value	0.01839
scoring_system	epss
scoring_elements	0.82943
published_at	2026-04-09T12:55:00Z

value	0.01839
scoring_system	epss
scoring_elements	0.82958
published_at	2026-04-11T12:55:00Z

value	0.01839
scoring_system	epss
scoring_elements	0.82953
published_at	2026-04-12T12:55:00Z

value	0.01839
scoring_system	epss
scoring_elements	0.82949
published_at	2026-04-13T12:55:00Z

value	0.01839
scoring_system	epss
scoring_elements	0.82988
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35701

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35701
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35701

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979998
reference_id	979998
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979998

reference_url

https://security.archlinux.org/AVG-1433

reference_id

AVG-1433

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1433

reference_url	https://security.gentoo.org/glsa/202101-31
reference_id	GLSA-202101-31
reference_type
scores
url	https://security.gentoo.org/glsa/202101-31

reference_url	https://usn.ubuntu.com/USN-5214-1/
reference_id	USN-USN-5214-1
reference_type
scores
url	https://usn.ubuntu.com/USN-5214-1/

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2020-35701

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qvkt-vk55-4bbx

url VCID-rftg-byj2-jkh9

vulnerability_id VCID-rftg-byj2-jkh9

summary Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-37543

reference_id

reference_type

scores

value	0.00617
scoring_system	epss
scoring_elements	0.69996
published_at	2026-04-18T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.69986
published_at	2026-04-16T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.69893
published_at	2026-04-02T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.69907
published_at	2026-04-04T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.69884
published_at	2026-04-07T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.69932
published_at	2026-04-08T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.69949
published_at	2026-04-09T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.69972
published_at	2026-04-11T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.69957
published_at	2026-04-12T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.69943
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-37543

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37543
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37543

reference_url

https://medium.com/%40hussainfathy99/exciting-news-my-first-cve-discovery-cve-2023-37543-idor-vulnerability-in-cacti-bbb6c386afed

reference_id

exciting-news-my-first-cve-discovery-cve-2023-37543-idor-vulnerability-in-cacti-bbb6c386afed

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T20:34:34Z/

url

https://medium.com/%40hussainfathy99/exciting-news-my-first-cve-discovery-cve-2023-37543-idor-vulnerability-in-cacti-bbb6c386afed

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-4x82-8w8m-w8hj

reference_id

GHSA-4x82-8w8m-w8hj

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T20:34:34Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-4x82-8w8m-w8hj

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2023-37543

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rftg-byj2-jkh9

url VCID-s8du-gzj2-gkc1

vulnerability_id VCID-s8du-gzj2-gkc1

summary Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-43364

reference_id

reference_type

scores

value	0.05293
scoring_system	epss
scoring_elements	0.90033
published_at	2026-04-18T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90022
published_at	2026-04-12T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90016
published_at	2026-04-13T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90032
published_at	2026-04-16T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.89988
published_at	2026-04-04T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.89993
published_at	2026-04-07T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90009
published_at	2026-04-08T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90014
published_at	2026-04-09T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90024
published_at	2026-04-11T12:55:00Z

value	0.07542
scoring_system	epss
scoring_elements	0.91788
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-43364

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5

reference_id

GHSA-fgc6-g8gc-wcg5

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:27Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5

fixed_packages

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5

aliases CVE-2024-43364

risk_score 2.5

exploitability 0.5

weighted_severity 5.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s8du-gzj2-gkc1

url VCID-sb43-hapb-1uf2

vulnerability_id VCID-sb43-hapb-1uf2

summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39357

reference_id

reference_type

scores

value	0.03246
scoring_system	epss
scoring_elements	0.87071
published_at	2026-04-02T12:55:00Z

value	0.03246
scoring_system	epss
scoring_elements	0.8709
published_at	2026-04-04T12:55:00Z

value	0.03246
scoring_system	epss
scoring_elements	0.87083
published_at	2026-04-07T12:55:00Z

value	0.03246
scoring_system	epss
scoring_elements	0.87103
published_at	2026-04-08T12:55:00Z

value	0.03246
scoring_system	epss
scoring_elements	0.87111
published_at	2026-04-09T12:55:00Z

value	0.03246
scoring_system	epss
scoring_elements	0.87124
published_at	2026-04-11T12:55:00Z

value	0.03246
scoring_system	epss
scoring_elements	0.87119
published_at	2026-04-12T12:55:00Z

value	0.03246
scoring_system	epss
scoring_elements	0.87114
published_at	2026-04-13T12:55:00Z

value	0.03246
scoring_system	epss
scoring_elements	0.8713
published_at	2026-04-16T12:55:00Z

value	0.03246
scoring_system	epss
scoring_elements	0.87134
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39357

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516

reference_url	https://security.gentoo.org/glsa/202412-02
reference_id	GLSA-202412-02
reference_type
scores
url	https://security.gentoo.org/glsa/202412-02

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2023-39357

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sb43-hapb-1uf2

url VCID-ses2-y1j2-vbbx

vulnerability_id VCID-ses2-y1j2-vbbx

summary

Multiple vulnerabilities have been found in Cacti, the worst of
    which could result in the arbitrary execution of code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-14295

reference_id

reference_type

scores

value	0.81199
scoring_system	epss
scoring_elements	0.99156
published_at	2026-04-01T12:55:00Z

value	0.81199
scoring_system	epss
scoring_elements	0.99157
published_at	2026-04-02T12:55:00Z

value	0.81199
scoring_system	epss
scoring_elements	0.99159
published_at	2026-04-04T12:55:00Z

value	0.81199
scoring_system	epss
scoring_elements	0.99162
published_at	2026-04-07T12:55:00Z

value	0.81199
scoring_system	epss
scoring_elements	0.99164
published_at	2026-04-13T12:55:00Z

value	0.81199
scoring_system	epss
scoring_elements	0.99165
published_at	2026-04-16T12:55:00Z

value	0.81199
scoring_system	epss
scoring_elements	0.99167
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-14295

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14295
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14295

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963139
reference_id	963139
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963139

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49810.py
reference_id	CVE-2020-14295
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49810.py

reference_url	https://usn.ubuntu.com/USN-5214-1/
reference_id	USN-USN-5214-1
reference_type
scores
url	https://usn.ubuntu.com/USN-5214-1/

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2020-14295

risk_score 1.4

exploitability 2.0

weighted_severity 0.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ses2-y1j2-vbbx

url VCID-sx2t-uzae-2fh9

vulnerability_id VCID-sx2t-uzae-2fh9

summary Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-54145

reference_id

reference_type

scores

value	0.00084
scoring_system	epss
scoring_elements	0.24603
published_at	2026-04-02T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24415
published_at	2026-04-07T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.2464
published_at	2026-04-04T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39609
published_at	2026-04-18T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.3964
published_at	2026-04-11T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39604
published_at	2026-04-12T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39587
published_at	2026-04-13T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39638
published_at	2026-04-16T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39616
published_at	2026-04-08T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39631
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-54145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id	1094574
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574

reference_url

https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_id

c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/

url

https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp

reference_id

GHSA-fh3x-69rr-qqpp

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp

fixed_packages

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5

aliases CVE-2024-54145

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sx2t-uzae-2fh9

url VCID-uj1s-uuyx-mya5

vulnerability_id VCID-uj1s-uuyx-mya5

summary

Multiple vulnerabilities have been found in Cacti, the worst of
    which could lead to the remote execution of arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7237

reference_id

reference_type

scores

value	0.46813
scoring_system	epss
scoring_elements	0.97647
published_at	2026-04-01T12:55:00Z

value	0.46813
scoring_system	epss
scoring_elements	0.97653
published_at	2026-04-02T12:55:00Z

value	0.46813
scoring_system	epss
scoring_elements	0.97655
published_at	2026-04-04T12:55:00Z

value	0.46813
scoring_system	epss
scoring_elements	0.97656
published_at	2026-04-07T12:55:00Z

value	0.46813
scoring_system	epss
scoring_elements	0.9766
published_at	2026-04-08T12:55:00Z

value	0.46813
scoring_system	epss
scoring_elements	0.97662
published_at	2026-04-09T12:55:00Z

value	0.46813
scoring_system	epss
scoring_elements	0.97664
published_at	2026-04-11T12:55:00Z

value	0.46813
scoring_system	epss
scoring_elements	0.97667
published_at	2026-04-13T12:55:00Z

value	0.46813
scoring_system	epss
scoring_elements	0.97674
published_at	2026-04-16T12:55:00Z

value	0.46813
scoring_system	epss
scoring_elements	0.97677
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7237

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949997
reference_id	949997
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949997

reference_url	https://security.gentoo.org/glsa/202003-40
reference_id	GLSA-202003-40
reference_type
scores
url	https://security.gentoo.org/glsa/202003-40

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2020-7237

risk_score 0.2

exploitability 0.5

weighted_severity 0.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uj1s-uuyx-mya5

url VCID-vbs9-gben-9kgc

vulnerability_id VCID-vbs9-gben-9kgc

summary

DOMPurify vulnerable to tampering by prototype polution
dompurify was vulnerable to prototype pollution

Fixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48910.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48910.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48910

reference_id

reference_type

scores

value	0.02592
scoring_system	epss
scoring_elements	0.85619
published_at	2026-04-18T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.85547
published_at	2026-04-04T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.85553
published_at	2026-04-07T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.85573
published_at	2026-04-08T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.85583
published_at	2026-04-09T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.85597
published_at	2026-04-11T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.85594
published_at	2026-04-12T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.8559
published_at	2026-04-13T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.85613
published_at	2026-04-16T12:55:00Z

value	0.02808
scoring_system	epss
scoring_elements	0.86074
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48910

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48910
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48910

reference_url

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc

reference_url

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-31T15:52:58Z/

url

https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc

reference_url

https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-31T15:52:58Z/

url

https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr

reference_url

https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48910

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48910

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2322949
reference_id	2322949
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2322949

reference_url

https://github.com/advisories/GHSA-p3vf-v8qc-cwcr

reference_id

GHSA-p3vf-v8qc-cwcr

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p3vf-v8qc-cwcr

reference_url	https://access.redhat.com/errata/RHSA-2024:10186
reference_id	RHSA-2024:10186
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10186

reference_url	https://access.redhat.com/errata/RHSA-2024:9583
reference_id	RHSA-2024:9583
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9583

reference_url	https://access.redhat.com/errata/RHSA-2025:0079
reference_id	RHSA-2025:0079
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0079

reference_url	https://access.redhat.com/errata/RHSA-2025:0082
reference_id	RHSA-2025:0082
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0082

reference_url	https://access.redhat.com/errata/RHSA-2025:0654
reference_id	RHSA-2025:0654
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0654

reference_url	https://access.redhat.com/errata/RHSA-2025:0875
reference_id	RHSA-2025:0875
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0875

reference_url	https://access.redhat.com/errata/RHSA-2025:18233
reference_id	RHSA-2025:18233
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18233

reference_url	https://access.redhat.com/errata/RHSA-2025:19003
reference_id	RHSA-2025:19003
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19003

reference_url	https://access.redhat.com/errata/RHSA-2025:19017
reference_id	RHSA-2025:19017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19017

reference_url	https://access.redhat.com/errata/RHSA-2025:19047
reference_id	RHSA-2025:19047
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19047

reference_url	https://access.redhat.com/errata/RHSA-2025:19306
reference_id	RHSA-2025:19306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19306

reference_url	https://access.redhat.com/errata/RHSA-2025:19314
reference_id	RHSA-2025:19314
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19314

reference_url	https://access.redhat.com/errata/RHSA-2025:19895
reference_id	RHSA-2025:19895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19895

reference_url	https://access.redhat.com/errata/RHSA-2025:22284
reference_id	RHSA-2025:22284
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22284

fixed_packages

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5

aliases CVE-2024-48910, GHSA-p3vf-v8qc-cwcr

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vbs9-gben-9kgc

url VCID-vsjt-qjyw-hbfs

vulnerability_id VCID-vsjt-qjyw-hbfs

summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39359

reference_id

reference_type

scores

value	0.04724
scoring_system	epss
scoring_elements	0.89353
published_at	2026-04-02T12:55:00Z

value	0.04724
scoring_system	epss
scoring_elements	0.89365
published_at	2026-04-04T12:55:00Z

value	0.04724
scoring_system	epss
scoring_elements	0.89368
published_at	2026-04-07T12:55:00Z

value	0.04724
scoring_system	epss
scoring_elements	0.89385
published_at	2026-04-08T12:55:00Z

value	0.04724
scoring_system	epss
scoring_elements	0.89388
published_at	2026-04-09T12:55:00Z

value	0.04724
scoring_system	epss
scoring_elements	0.89397
published_at	2026-04-11T12:55:00Z

value	0.04724
scoring_system	epss
scoring_elements	0.89394
published_at	2026-04-12T12:55:00Z

value	0.04724
scoring_system	epss
scoring_elements	0.8939
published_at	2026-04-13T12:55:00Z

value	0.04724
scoring_system	epss
scoring_elements	0.89405
published_at	2026-04-16T12:55:00Z

value	0.04724
scoring_system	epss
scoring_elements	0.89406
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39359

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/

reference_id

CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/

reference_url

reference_id

dsa-5550

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-q4wh-3f9w-836h

reference_url

reference_id

GHSA-q4wh-3f9w-836h

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-q4wh-3f9w-836h

reference_url	https://security.gentoo.org/glsa/202412-02
reference_id	GLSA-202412-02
reference_type
scores
url	https://security.gentoo.org/glsa/202412-02

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/

reference_id

WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/

reference_id

WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2023-39359

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vsjt-qjyw-hbfs

url VCID-wrxa-2us4-vkf9

vulnerability_id VCID-wrxa-2us4-vkf9

summary In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13230

reference_id

reference_type

scores

value	0.00799
scoring_system	epss
scoring_elements	0.73977
published_at	2026-04-01T12:55:00Z

value	0.00799
scoring_system	epss
scoring_elements	0.73984
published_at	2026-04-02T12:55:00Z

value	0.00799
scoring_system	epss
scoring_elements	0.7401
published_at	2026-04-04T12:55:00Z

value	0.00799
scoring_system	epss
scoring_elements	0.73981
published_at	2026-04-07T12:55:00Z

value	0.00799
scoring_system	epss
scoring_elements	0.74015
published_at	2026-04-08T12:55:00Z

value	0.00799
scoring_system	epss
scoring_elements	0.74028
published_at	2026-04-09T12:55:00Z

value	0.00799
scoring_system	epss
scoring_elements	0.74051
published_at	2026-04-11T12:55:00Z

value	0.00799
scoring_system	epss
scoring_elements	0.74032
published_at	2026-04-12T12:55:00Z

value	0.00799
scoring_system	epss
scoring_elements	0.74025
published_at	2026-04-13T12:55:00Z

value	0.00799
scoring_system	epss
scoring_elements	0.74064
published_at	2026-04-16T12:55:00Z

value	0.00799
scoring_system	epss
scoring_elements	0.74073
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13230

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13230
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13230

reference_url	https://usn.ubuntu.com/USN-5214-1/
reference_id	USN-USN-5214-1
reference_type
scores
url	https://usn.ubuntu.com/USN-5214-1/

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2020-13230

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wrxa-2us4-vkf9

url VCID-ws4h-295a-9qgx

vulnerability_id VCID-ws4h-295a-9qgx

summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39516

reference_id

reference_type

scores

value	0.00284
scoring_system	epss
scoring_elements	0.51728
published_at	2026-04-02T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51754
published_at	2026-04-04T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51714
published_at	2026-04-07T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51768
published_at	2026-04-08T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51765
published_at	2026-04-09T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51815
published_at	2026-04-11T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51794
published_at	2026-04-12T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51778
published_at	2026-04-13T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51819
published_at	2026-04-16T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51826
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39516

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516

reference_url	https://security.gentoo.org/glsa/202412-02
reference_id	GLSA-202412-02
reference_type
scores
url	https://security.gentoo.org/glsa/202412-02

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2023-39516

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ws4h-295a-9qgx

url VCID-xbb2-av4z-m3dp

vulnerability_id VCID-xbb2-av4z-m3dp

summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-46169

reference_id

reference_type

scores

value	0.94469
scoring_system	epss
scoring_elements	0.99998
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-46169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0730
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0730

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46169

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025648
reference_id	1025648
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025648

reference_url

https://github.com/Cacti/cacti/commit/7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216

reference_id

7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-05-13T17:39:57Z/

url

https://github.com/Cacti/cacti/commit/7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216

reference_url

https://github.com/Cacti/cacti/commit/a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9

reference_id

a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-05-13T17:39:57Z/

url

https://github.com/Cacti/cacti/commit/a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9

reference_url

https://github.com/Cacti/cacti/commit/b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52b

reference_id

b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52b

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-05-13T17:39:57Z/

url

https://github.com/Cacti/cacti/commit/b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52b

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51166.py
reference_id	CVE-2022-46169
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51166.py

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf

reference_id

GHSA-6p93-p743-35gf

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-05-13T17:39:57Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf

reference_url	https://security.gentoo.org/glsa/202412-02
reference_id	GLSA-202412-02
reference_type
scores
url	https://security.gentoo.org/glsa/202412-02

reference_url	https://usn.ubuntu.com/7226-1/
reference_id	USN-7226-1
reference_type
scores
url	https://usn.ubuntu.com/7226-1/

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2022-46169

risk_score 10.0

exploitability 2.0

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xbb2-av4z-m3dp

url VCID-xdbp-7rtr-fyb7

vulnerability_id VCID-xdbp-7rtr-fyb7

summary Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-43365

reference_id

reference_type

scores

value	0.05293
scoring_system	epss
scoring_elements	0.90033
published_at	2026-04-18T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90016
published_at	2026-04-13T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90032
published_at	2026-04-16T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.89975
published_at	2026-04-02T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.89988
published_at	2026-04-04T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.89993
published_at	2026-04-07T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90009
published_at	2026-04-08T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90014
published_at	2026-04-09T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90024
published_at	2026-04-11T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90022
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-43365

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr

reference_id

GHSA-49f2-hwx9-qffr

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:21Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr

fixed_packages

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5

aliases CVE-2024-43365

risk_score 2.5

exploitability 0.5

weighted_severity 5.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xdbp-7rtr-fyb7

url VCID-xpvn-y3b8-skgb

vulnerability_id VCID-xpvn-y3b8-skgb

summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0730

reference_id

reference_type

scores

value	0.00304
scoring_system	epss
scoring_elements	0.53573
published_at	2026-04-01T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53595
published_at	2026-04-02T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53624
published_at	2026-04-04T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53593
published_at	2026-04-07T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53644
published_at	2026-04-08T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53642
published_at	2026-04-09T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53691
published_at	2026-04-11T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53674
published_at	2026-04-12T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53657
published_at	2026-04-13T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53695
published_at	2026-04-16T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.537
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0730

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0730
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0730

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46169

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008693
reference_id	1008693
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008693

reference_url	https://security.gentoo.org/glsa/202412-02
reference_id	GLSA-202412-02
reference_type
scores
url	https://security.gentoo.org/glsa/202412-02

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2022-0730

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xpvn-y3b8-skgb

url VCID-y683-kz6e-afhv

vulnerability_id VCID-y683-kz6e-afhv

summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-31444

reference_id

reference_type

scores

value	0.09401
scoring_system	epss
scoring_elements	0.92798
published_at	2026-04-18T12:55:00Z

value	0.09401
scoring_system	epss
scoring_elements	0.92778
published_at	2026-04-08T12:55:00Z

value	0.09401
scoring_system	epss
scoring_elements	0.92783
published_at	2026-04-09T12:55:00Z

value	0.09401
scoring_system	epss
scoring_elements	0.92788
published_at	2026-04-11T12:55:00Z

value	0.09401
scoring_system	epss
scoring_elements	0.92787
published_at	2026-04-13T12:55:00Z

value	0.09401
scoring_system	epss
scoring_elements	0.92767
published_at	2026-04-02T12:55:00Z

value	0.09401
scoring_system	epss
scoring_elements	0.92772
published_at	2026-04-04T12:55:00Z

value	0.09401
scoring_system	epss
scoring_elements	0.92769
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-31444

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31444
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31444

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87

reference_id

GHSA-p4ch-7hjw-6m87

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:22:10Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

reference_id

RBEOAFKRARQHTDIYSL723XAFJ2Q6624X

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:22:10Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

reference_url	https://usn.ubuntu.com/6969-1/
reference_id	USN-6969-1
reference_type
scores
url	https://usn.ubuntu.com/6969-1/

fixed_packages

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5

aliases CVE-2024-31444

risk_score 2.0

exploitability 0.5

weighted_severity 4.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y683-kz6e-afhv

url VCID-ypan-57sx-vyam

vulnerability_id VCID-ypan-57sx-vyam

summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39361

reference_id

reference_type

scores

value	0.92278
scoring_system	epss
scoring_elements	0.99717
published_at	2026-04-02T12:55:00Z

value	0.92278
scoring_system	epss
scoring_elements	0.99718
published_at	2026-04-04T12:55:00Z

value	0.92278
scoring_system	epss
scoring_elements	0.99719
published_at	2026-04-13T12:55:00Z

value	0.92278
scoring_system	epss
scoring_elements	0.9972
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39361

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516

reference_url	https://security.gentoo.org/glsa/202412-02
reference_id	GLSA-202412-02
reference_type
scores
url	https://security.gentoo.org/glsa/202412-02

reference_url	https://usn.ubuntu.com/6720-1/
reference_id	USN-6720-1
reference_type
scores
url	https://usn.ubuntu.com/6720-1/

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2023-39361

risk_score 1.6

exploitability 2.0

weighted_severity 0.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ypan-57sx-vyam

Fixing_vulnerabilities

url VCID-1ff1-vhuj-hkdc

vulnerability_id VCID-1ff1-vhuj-hkdc

summary Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3816

reference_id

reference_type

scores

value	0.00262
scoring_system	epss
scoring_elements	0.49526
published_at	2026-04-01T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49556
published_at	2026-04-02T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49584
published_at	2026-04-04T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49537
published_at	2026-04-07T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49592
published_at	2026-04-08T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49586
published_at	2026-04-09T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49603
published_at	2026-04-11T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49574
published_at	2026-04-12T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49575
published_at	2026-04-13T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49622
published_at	2026-04-16T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.4962
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3816

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3816
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3816

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2021-3816

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ff1-vhuj-hkdc

url VCID-29q9-twke-2bdx

vulnerability_id VCID-29q9-twke-2bdx

summary A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20725

reference_id

reference_type

scores

value	0.00496
scoring_system	epss
scoring_elements	0.65861
published_at	2026-04-18T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65846
published_at	2026-04-16T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65729
published_at	2026-04-01T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65778
published_at	2026-04-02T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65808
published_at	2026-04-04T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65773
published_at	2026-04-07T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65826
published_at	2026-04-08T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65837
published_at	2026-04-09T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65856
published_at	2026-04-11T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65843
published_at	2026-04-12T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65813
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20725

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20725
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20725

reference_url	https://github.com/Cacti/cacti/blob/develop/CHANGELOG
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/blob/develop/CHANGELOG

reference_url	https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d

reference_url	https://github.com/Cacti/cacti/issues/2214
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/issues/2214

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti::::::::
reference_id	cpe:2.3:a:cacti:cacti::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20725

reference_id

CVE-2018-20725

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20725

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2018-20725

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-29q9-twke-2bdx

url VCID-2z9e-eg1f-bqg5

vulnerability_id VCID-2z9e-eg1f-bqg5

summary Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-10060

reference_id

reference_type

scores

value	0.00667
scoring_system	epss
scoring_elements	0.712
published_at	2026-04-01T12:55:00Z

value	0.00667
scoring_system	epss
scoring_elements	0.7121
published_at	2026-04-02T12:55:00Z

value	0.00667
scoring_system	epss
scoring_elements	0.71227
published_at	2026-04-04T12:55:00Z

value	0.00667
scoring_system	epss
scoring_elements	0.71202
published_at	2026-04-07T12:55:00Z

value	0.00667
scoring_system	epss
scoring_elements	0.71244
published_at	2026-04-08T12:55:00Z

value	0.00667
scoring_system	epss
scoring_elements	0.71258
published_at	2026-04-09T12:55:00Z

value	0.00667
scoring_system	epss
scoring_elements	0.71281
published_at	2026-04-11T12:55:00Z

value	0.00667
scoring_system	epss
scoring_elements	0.71266
published_at	2026-04-12T12:55:00Z

value	0.00667
scoring_system	epss
scoring_elements	0.7125
published_at	2026-04-13T12:55:00Z

value	0.00667
scoring_system	epss
scoring_elements	0.71296
published_at	2026-04-16T12:55:00Z

value	0.00667
scoring_system	epss
scoring_elements	0.71302
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-10060

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10060
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10060

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2018-10060

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2z9e-eg1f-bqg5

url VCID-6n31-d4xy-d3fj

vulnerability_id VCID-6n31-d4xy-d3fj

summary A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12927

reference_id

reference_type

scores

value	0.00519
scoring_system	epss
scoring_elements	0.66725
published_at	2026-04-01T12:55:00Z

value	0.00519
scoring_system	epss
scoring_elements	0.66763
published_at	2026-04-02T12:55:00Z

value	0.00519
scoring_system	epss
scoring_elements	0.66789
published_at	2026-04-04T12:55:00Z

value	0.00519
scoring_system	epss
scoring_elements	0.6676
published_at	2026-04-07T12:55:00Z

value	0.00519
scoring_system	epss
scoring_elements	0.6681
published_at	2026-04-08T12:55:00Z

value	0.00519
scoring_system	epss
scoring_elements	0.66824
published_at	2026-04-09T12:55:00Z

value	0.00519
scoring_system	epss
scoring_elements	0.66844
published_at	2026-04-11T12:55:00Z

value	0.00519
scoring_system	epss
scoring_elements	0.6683
published_at	2026-04-12T12:55:00Z

value	0.00519
scoring_system	epss
scoring_elements	0.66798
published_at	2026-04-13T12:55:00Z

value	0.00519
scoring_system	epss
scoring_elements	0.66831
published_at	2026-04-16T12:55:00Z

value	0.00519
scoring_system	epss
scoring_elements	0.66845
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12927

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12927
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12927

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872478
reference_id	872478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872478

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2017-12927

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6n31-d4xy-d3fj

url VCID-7dp4-9zks-mbgd

vulnerability_id VCID-7dp4-9zks-mbgd

summary Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-10061

reference_id

reference_type

scores

value	0.00955
scoring_system	epss
scoring_elements	0.76368
published_at	2026-04-01T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76372
published_at	2026-04-02T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76402
published_at	2026-04-04T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76384
published_at	2026-04-07T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76416
published_at	2026-04-08T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.7643
published_at	2026-04-09T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76456
published_at	2026-04-11T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76434
published_at	2026-04-12T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76428
published_at	2026-04-13T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76469
published_at	2026-04-16T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76474
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-10061

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10061
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10061

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2018-10061

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7dp4-9zks-mbgd

url VCID-86gq-jsgy-8uep

vulnerability_id VCID-86gq-jsgy-8uep

summary Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-23225

reference_id

reference_type

scores

value	0.00488
scoring_system	epss
scoring_elements	0.6539
published_at	2026-04-01T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.65438
published_at	2026-04-02T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.65466
published_at	2026-04-04T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.6543
published_at	2026-04-07T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.65483
published_at	2026-04-08T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.65495
published_at	2026-04-09T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.65513
published_at	2026-04-11T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.655
published_at	2026-04-12T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.65472
published_at	2026-04-13T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.65509
published_at	2026-04-16T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.65521
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-23225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23225

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2021-23225

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86gq-jsgy-8uep

url VCID-89pf-69jk-syfk

vulnerability_id VCID-89pf-69jk-syfk

summary A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20724

reference_id

reference_type

scores

value	0.00583
scoring_system	epss
scoring_elements	0.69015
published_at	2026-04-18T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.69006
published_at	2026-04-16T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.68899
published_at	2026-04-01T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.68916
published_at	2026-04-07T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.68937
published_at	2026-04-04T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.68967
published_at	2026-04-08T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.68985
published_at	2026-04-09T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.69008
published_at	2026-04-11T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.68994
published_at	2026-04-12T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.68964
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20724

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20724
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20724

reference_url	https://github.com/Cacti/cacti/blob/develop/CHANGELOG
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/blob/develop/CHANGELOG

reference_url	https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53

reference_url	https://github.com/Cacti/cacti/issues/2212
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/issues/2212

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti::::::::
reference_id	cpe:2.3:a:cacti:cacti::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20724

reference_id

CVE-2018-20724

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20724

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2018-20724

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-89pf-69jk-syfk

url VCID-8nbc-ethb-6kcn

vulnerability_id VCID-8nbc-ethb-6kcn

summary

Multiple vulnerabilities have been found in Cacti, the worst of
    which could lead to the remote execution of arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-17358

reference_id

reference_type

scores

value	0.02298
scoring_system	epss
scoring_elements	0.84657
published_at	2026-04-01T12:55:00Z

value	0.02298
scoring_system	epss
scoring_elements	0.84671
published_at	2026-04-02T12:55:00Z

value	0.02298
scoring_system	epss
scoring_elements	0.84692
published_at	2026-04-04T12:55:00Z

value	0.02298
scoring_system	epss
scoring_elements	0.84694
published_at	2026-04-07T12:55:00Z

value	0.02298
scoring_system	epss
scoring_elements	0.84716
published_at	2026-04-08T12:55:00Z

value	0.02298
scoring_system	epss
scoring_elements	0.84723
published_at	2026-04-09T12:55:00Z

value	0.02298
scoring_system	epss
scoring_elements	0.84741
published_at	2026-04-11T12:55:00Z

value	0.02298
scoring_system	epss
scoring_elements	0.84736
published_at	2026-04-12T12:55:00Z

value	0.02298
scoring_system	epss
scoring_elements	0.8473
published_at	2026-04-13T12:55:00Z

value	0.02298
scoring_system	epss
scoring_elements	0.84751
published_at	2026-04-16T12:55:00Z

value	0.02298
scoring_system	epss
scoring_elements	0.84753
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-17358

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17358
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17358

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947375
reference_id	947375
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947375

reference_url	https://security.gentoo.org/glsa/202003-40
reference_id	GLSA-202003-40
reference_type
scores
url	https://security.gentoo.org/glsa/202003-40

fixed_packages

url pkg:deb/debian/cacti@0.8.8h%2Bds1-10%2Bdeb9u1

purl pkg:deb/debian/cacti@0.8.8h%2Bds1-10%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ff1-vhuj-hkdc

vulnerability	VCID-29q9-twke-2bdx

vulnerability	VCID-2z9e-eg1f-bqg5

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6n31-d4xy-d3fj

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7dp4-9zks-mbgd

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-86gq-jsgy-8uep

vulnerability	VCID-89pf-69jk-syfk

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9snd-k1cz-gyb5

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-9vce-mkth-v3gn

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-aajr-s1n1-4ybu

vulnerability	VCID-afss-mcgj-7bce

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-bj2d-v5dw-ykc7

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-c4w5-q88d-z3hg

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-gdfw-gryt-8qhg

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-kkn3-ars7-gkbk

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-nbfc-ex1y-37he

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-q88b-smmh-77ga

vulnerability	VCID-qbvv-frc2-rqbk

vulnerability	VCID-qncj-2u1d-7bgu

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-u478-39pb-tkay

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-w1vc-ugdq-aygx

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-x1fg-6mq4-d7ds

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-yjny-ubdp-7few

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0.8.8h%252Bds1-10%252Bdeb9u1

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3

aliases CVE-2019-17358

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8nbc-ethb-6kcn

url VCID-9snd-k1cz-gyb5

vulnerability_id VCID-9snd-k1cz-gyb5

summary include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15194

reference_id

reference_type

scores

value	0.00268
scoring_system	epss
scoring_elements	0.50279
published_at	2026-04-13T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50324
published_at	2026-04-18T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50317
published_at	2026-04-11T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50291
published_at	2026-04-12T12:55:00Z

value	0.00312
scoring_system	epss
scoring_elements	0.54261
published_at	2026-04-01T12:55:00Z

value	0.00312
scoring_system	epss
scoring_elements	0.54334
published_at	2026-04-09T12:55:00Z

value	0.00312
scoring_system	epss
scoring_elements	0.54338
published_at	2026-04-08T12:55:00Z

value	0.00312
scoring_system	epss
scoring_elements	0.54281
published_at	2026-04-02T12:55:00Z

value	0.00312
scoring_system	epss
scoring_elements	0.54311
published_at	2026-04-04T12:55:00Z

value	0.00312
scoring_system	epss
scoring_elements	0.54286
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15194

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15194
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15194

reference_url	https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd

reference_url	https://github.com/Cacti/cacti/issues/1010
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/issues/1010

reference_url	http://www.securitytracker.com/id/1039569
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039569

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878304
reference_id	878304
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878304

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.25:::::::*
reference_id	cpe:2.3:a:cacti:cacti:1.1.25:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.25:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-15194

reference_id

CVE-2017-15194

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-15194

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2017-15194

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9snd-k1cz-gyb5

url VCID-9vce-mkth-v3gn

vulnerability_id VCID-9vce-mkth-v3gn

summary Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12066

reference_id

reference_type

scores

value	0.0024
scoring_system	epss
scoring_elements	0.4723
published_at	2026-04-01T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47267
published_at	2026-04-02T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47286
published_at	2026-04-04T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47233
published_at	2026-04-07T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47288
published_at	2026-04-08T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47284
published_at	2026-04-09T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47308
published_at	2026-04-11T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47282
published_at	2026-04-12T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47289
published_at	2026-04-13T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47347
published_at	2026-04-16T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47341
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12066

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12066
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12066

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870354
reference_id	870354
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870354

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2017-12066

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9vce-mkth-v3gn

url VCID-aajr-s1n1-4ybu

vulnerability_id VCID-aajr-s1n1-4ybu

summary

Multiple vulnerabilities have been found in Cacti, the worst of
    which could lead to the remote execution of arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12065

reference_id

reference_type

scores

value	0.03102
scoring_system	epss
scoring_elements	0.86827
published_at	2026-04-18T12:55:00Z

value	0.03102
scoring_system	epss
scoring_elements	0.86807
published_at	2026-04-13T12:55:00Z

value	0.03102
scoring_system	epss
scoring_elements	0.86823
published_at	2026-04-16T12:55:00Z

value	0.03102
scoring_system	epss
scoring_elements	0.86776
published_at	2026-04-04T12:55:00Z

value	0.03102
scoring_system	epss
scoring_elements	0.86774
published_at	2026-04-07T12:55:00Z

value	0.03102
scoring_system	epss
scoring_elements	0.86793
published_at	2026-04-08T12:55:00Z

value	0.03102
scoring_system	epss
scoring_elements	0.86802
published_at	2026-04-09T12:55:00Z

value	0.03102
scoring_system	epss
scoring_elements	0.86816
published_at	2026-04-11T12:55:00Z

value	0.03102
scoring_system	epss
scoring_elements	0.86812
published_at	2026-04-12T12:55:00Z

value	0.03315
scoring_system	epss
scoring_elements	0.87218
published_at	2026-04-02T12:55:00Z

value	0.03315
scoring_system	epss
scoring_elements	0.87208
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12065

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12065
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12065

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870353
reference_id	870353
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870353

reference_url	https://security.gentoo.org/glsa/201711-10
reference_id	GLSA-201711-10
reference_type
scores
url	https://security.gentoo.org/glsa/201711-10

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2017-12065

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aajr-s1n1-4ybu

url VCID-afss-mcgj-7bce

vulnerability_id VCID-afss-mcgj-7bce

summary Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-11691

reference_id

reference_type

scores

value	0.00506
scoring_system	epss
scoring_elements	0.66278
published_at	2026-04-18T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66154
published_at	2026-04-01T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66195
published_at	2026-04-02T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66222
published_at	2026-04-04T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66191
published_at	2026-04-07T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66239
published_at	2026-04-08T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66252
published_at	2026-04-09T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66272
published_at	2026-04-11T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66259
published_at	2026-04-12T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66228
published_at	2026-04-13T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66263
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-11691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11691
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11691

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869848
reference_id	869848
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869848

reference_url	https://security.archlinux.org/ASA-201707-30
reference_id	ASA-201707-30
reference_type
scores
url	https://security.archlinux.org/ASA-201707-30

reference_url

https://security.archlinux.org/AVG-365

reference_id

AVG-365

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-365

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2017-11691

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-afss-mcgj-7bce

url VCID-bj2d-v5dw-ykc7

vulnerability_id VCID-bj2d-v5dw-ykc7

summary Cacti: Privilege escalation under certain conditions

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4112.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4112.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-4112

reference_id

reference_type

scores

value	0.07985
scoring_system	epss
scoring_elements	0.9205
published_at	2026-04-01T12:55:00Z

value	0.07985
scoring_system	epss
scoring_elements	0.92056
published_at	2026-04-02T12:55:00Z

value	0.07985
scoring_system	epss
scoring_elements	0.92064
published_at	2026-04-04T12:55:00Z

value	0.07985
scoring_system	epss
scoring_elements	0.92068
published_at	2026-04-07T12:55:00Z

value	0.07985
scoring_system	epss
scoring_elements	0.9208
published_at	2026-04-08T12:55:00Z

value	0.07985
scoring_system	epss
scoring_elements	0.92084
published_at	2026-04-09T12:55:00Z

value	0.07985
scoring_system	epss
scoring_elements	0.92088
published_at	2026-04-12T12:55:00Z

value	0.07985
scoring_system	epss
scoring_elements	0.92083
published_at	2026-04-13T12:55:00Z

value	0.07985
scoring_system	epss
scoring_elements	0.92095
published_at	2026-04-16T12:55:00Z

value	0.07985
scoring_system	epss
scoring_elements	0.92093
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-4112

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4112
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4112

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=542985
reference_id	542985
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=542985

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561339
reference_id	561339
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561339

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/33377.txt
reference_id	CVE-2009-4112;OSVDB-60653
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/33377.txt

reference_url	https://www.securityfocus.com/bid/37145/info
reference_id	CVE-2009-4112;OSVDB-60653
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/37145/info

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2009-4112

risk_score 0.2

exploitability 2.0

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bj2d-v5dw-ykc7

url VCID-c4w5-q88d-z3hg

vulnerability_id VCID-c4w5-q88d-z3hg

summary Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-10059

reference_id

reference_type

scores

value	0.00287
scoring_system	epss
scoring_elements	0.52027
published_at	2026-04-01T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52075
published_at	2026-04-02T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52101
published_at	2026-04-04T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52066
published_at	2026-04-07T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.5212
published_at	2026-04-08T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52116
published_at	2026-04-09T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52167
published_at	2026-04-11T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.5215
published_at	2026-04-12T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52135
published_at	2026-04-13T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52176
published_at	2026-04-16T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52179
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-10059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10059

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2018-10059

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c4w5-q88d-z3hg

url VCID-gdfw-gryt-8qhg

vulnerability_id VCID-gdfw-gryt-8qhg

summary Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-10970

reference_id

reference_type

scores

value	0.00223
scoring_system	epss
scoring_elements	0.4491
published_at	2026-04-01T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.44992
published_at	2026-04-02T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.45013
published_at	2026-04-04T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.44955
published_at	2026-04-07T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.45007
published_at	2026-04-08T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.45008
published_at	2026-04-09T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.4503
published_at	2026-04-11T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.44998
published_at	2026-04-12T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.45
published_at	2026-04-13T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.45049
published_at	2026-04-16T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.45043
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-10970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10970

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867532
reference_id	867532
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867532

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2017-10970

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gdfw-gryt-8qhg

url VCID-kkn3-ars7-gkbk

vulnerability_id VCID-kkn3-ars7-gkbk

summary A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20723

reference_id

reference_type

scores

value	0.00496
scoring_system	epss
scoring_elements	0.65861
published_at	2026-04-18T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65846
published_at	2026-04-16T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65729
published_at	2026-04-01T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65778
published_at	2026-04-02T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65808
published_at	2026-04-04T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65773
published_at	2026-04-07T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65826
published_at	2026-04-08T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65837
published_at	2026-04-09T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65856
published_at	2026-04-11T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65843
published_at	2026-04-12T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65813
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20723

reference_url	https://github.com/Cacti/cacti/blob/develop/CHANGELOG
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/blob/develop/CHANGELOG

reference_url	https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d

reference_url	https://github.com/Cacti/cacti/issues/2215
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/issues/2215

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti::::::::
reference_id	cpe:2.3:a:cacti:cacti::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20723

reference_id

CVE-2018-20723

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20723

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2018-20723

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kkn3-ars7-gkbk

url VCID-nbfc-ex1y-37he

vulnerability_id VCID-nbfc-ex1y-37he

summary A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20726

reference_id

reference_type

scores

value	0.0051
scoring_system	epss
scoring_elements	0.66449
published_at	2026-04-18T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66432
published_at	2026-04-16T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66322
published_at	2026-04-01T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66361
published_at	2026-04-02T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66387
published_at	2026-04-04T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66357
published_at	2026-04-07T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66405
published_at	2026-04-08T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66419
published_at	2026-04-09T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66439
published_at	2026-04-11T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66426
published_at	2026-04-12T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66396
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20726

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20726
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20726

reference_url	https://github.com/Cacti/cacti/blob/develop/CHANGELOG
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/blob/develop/CHANGELOG

reference_url	https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d

reference_url	https://github.com/Cacti/cacti/issues/2213
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/issues/2213

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti::::::::
reference_id	cpe:2.3:a:cacti:cacti::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20726

reference_id

CVE-2018-20726

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20726

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2018-20726

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nbfc-ex1y-37he

url VCID-q88b-smmh-77ga

vulnerability_id VCID-q88b-smmh-77ga

summary Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16660

reference_id

reference_type

scores

value	0.01457
scoring_system	epss
scoring_elements	0.80764
published_at	2026-04-01T12:55:00Z

value	0.01457
scoring_system	epss
scoring_elements	0.80772
published_at	2026-04-02T12:55:00Z

value	0.01457
scoring_system	epss
scoring_elements	0.80793
published_at	2026-04-04T12:55:00Z

value	0.01457
scoring_system	epss
scoring_elements	0.8079
published_at	2026-04-07T12:55:00Z

value	0.01457
scoring_system	epss
scoring_elements	0.80817
published_at	2026-04-08T12:55:00Z

value	0.01457
scoring_system	epss
scoring_elements	0.80826
published_at	2026-04-09T12:55:00Z

value	0.02642
scoring_system	epss
scoring_elements	0.85716
published_at	2026-04-13T12:55:00Z

value	0.02642
scoring_system	epss
scoring_elements	0.85738
published_at	2026-04-16T12:55:00Z

value	0.02642
scoring_system	epss
scoring_elements	0.85743
published_at	2026-04-18T12:55:00Z

value	0.02642
scoring_system	epss
scoring_elements	0.85723
published_at	2026-04-11T12:55:00Z

value	0.02642
scoring_system	epss
scoring_elements	0.8572
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16660

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16660
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16660

reference_url	https://github.com/Cacti/cacti/issues/1066
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/issues/1066

reference_url	https://security.archlinux.org/ASA-201712-2
reference_id	ASA-201712-2
reference_type
scores
url	https://security.archlinux.org/ASA-201712-2

reference_url

reference_id

AVG-537

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16660

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:::::::*
reference_id	cpe:2.3:a:cacti:cacti:1.1.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:::::::*

reference_url

reference_id

CVE-2017-16660

reference_type

scores

value	9.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:C/I:C/A:C

value	7.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16660

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2017-16660

risk_score 4.0

exploitability 0.5

weighted_severity 8.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q88b-smmh-77ga

url VCID-qbvv-frc2-rqbk

vulnerability_id VCID-qbvv-frc2-rqbk

summary lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16641

reference_id

reference_type

scores

value	0.00465
scoring_system	epss
scoring_elements	0.64294
published_at	2026-04-01T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.64351
published_at	2026-04-02T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.6438
published_at	2026-04-04T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.64339
published_at	2026-04-07T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.64387
published_at	2026-04-08T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.64402
published_at	2026-04-09T12:55:00Z

value	0.0126
scoring_system	epss
scoring_elements	0.79404
published_at	2026-04-13T12:55:00Z

value	0.0126
scoring_system	epss
scoring_elements	0.79435
published_at	2026-04-16T12:55:00Z

value	0.0126
scoring_system	epss
scoring_elements	0.79434
published_at	2026-04-18T12:55:00Z

value	0.0126
scoring_system	epss
scoring_elements	0.79432
published_at	2026-04-11T12:55:00Z

value	0.0126
scoring_system	epss
scoring_elements	0.79415
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16641

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16641
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16641

reference_url	https://github.com/Cacti/cacti/issues/1057
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/issues/1057

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881110
reference_id	881110
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881110

reference_url	https://security.archlinux.org/ASA-201712-2
reference_id	ASA-201712-2
reference_type
scores
url	https://security.archlinux.org/ASA-201712-2

reference_url

reference_id

AVG-537

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16641

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:::::::*
reference_id	cpe:2.3:a:cacti:cacti:1.1.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:::::::*

reference_url

reference_id

CVE-2017-16641

reference_type

scores

value	9.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:C/I:C/A:C

value	7.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16641

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2017-16641

risk_score 4.0

exploitability 0.5

weighted_severity 8.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qbvv-frc2-rqbk

url VCID-qncj-2u1d-7bgu

vulnerability_id VCID-qncj-2u1d-7bgu

summary In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11025

reference_id

reference_type

scores

value	0.0064
scoring_system	epss
scoring_elements	0.7059
published_at	2026-04-18T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70581
published_at	2026-04-16T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70472
published_at	2026-04-01T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70486
published_at	2026-04-02T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70504
published_at	2026-04-04T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70481
published_at	2026-04-07T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70527
published_at	2026-04-08T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70542
published_at	2026-04-09T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70566
published_at	2026-04-11T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70551
published_at	2026-04-12T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70537
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11025

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11025
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11025

reference_url	https://github.com/Cacti/cacti/compare/6ea486a...99995bb
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/compare/6ea486a...99995bb

reference_url	https://github.com/Cacti/cacti/issues/2581
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/issues/2581

reference_url	https://lists.debian.org/debian-lts-announce/2019/04/msg00017.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/04/msg00017.html

reference_url	https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926700
reference_id	926700
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926700

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti::::::::
reference_id	cpe:2.3:a:cacti:cacti::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-11025

reference_id

CVE-2019-11025

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-11025

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2019-11025

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qncj-2u1d-7bgu

url VCID-u478-39pb-tkay

vulnerability_id VCID-u478-39pb-tkay

summary lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12978

reference_id

reference_type

scores

value	0.00337
scoring_system	epss
scoring_elements	0.56468
published_at	2026-04-01T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56565
published_at	2026-04-02T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56586
published_at	2026-04-04T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56564
published_at	2026-04-07T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56616
published_at	2026-04-08T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.5662
published_at	2026-04-09T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56629
published_at	2026-04-11T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56605
published_at	2026-04-12T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56583
published_at	2026-04-13T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56614
published_at	2026-04-16T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56613
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12978

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12978
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12978

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2017-12978

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u478-39pb-tkay

url VCID-w1vc-ugdq-aygx

vulnerability_id VCID-w1vc-ugdq-aygx

summary Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-11163

reference_id

reference_type

scores

value	0.00223
scoring_system	epss
scoring_elements	0.44818
published_at	2026-04-01T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.44899
published_at	2026-04-02T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.44919
published_at	2026-04-04T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.4486
published_at	2026-04-07T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.44912
published_at	2026-04-08T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.44914
published_at	2026-04-09T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.44935
published_at	2026-04-11T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.44903
published_at	2026-04-12T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.44905
published_at	2026-04-13T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.44957
published_at	2026-04-16T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.4495
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-11163

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11163
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11163

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868080
reference_id	868080
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868080

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2017-11163

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w1vc-ugdq-aygx

url VCID-x1fg-6mq4-d7ds

vulnerability_id VCID-x1fg-6mq4-d7ds

summary Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16661

reference_id

reference_type

scores

value	0.00112
scoring_system	epss
scoring_elements	0.29711
published_at	2026-04-13T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29707
published_at	2026-04-18T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29729
published_at	2026-04-16T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29806
published_at	2026-04-11T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29761
published_at	2026-04-12T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39827
published_at	2026-04-09T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39812
published_at	2026-04-08T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39814
published_at	2026-04-02T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39837
published_at	2026-04-04T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39757
published_at	2026-04-07T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39665
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16661

reference_url	https://github.com/Cacti/cacti/issues/1066
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/issues/1066

reference_url	https://security.archlinux.org/ASA-201712-2
reference_id	ASA-201712-2
reference_type
scores
url	https://security.archlinux.org/ASA-201712-2

reference_url

reference_id

AVG-537

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16661

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:::::::*
reference_id	cpe:2.3:a:cacti:cacti:1.1.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:::::::*

reference_url

reference_id

CVE-2017-16661

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:N/A:N

value	4.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16661

fixed_packages

url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-34z4-1zqk-afcm

vulnerability	VCID-3tqy-g42y-9fef

vulnerability	VCID-3y7d-ujep-4ydm

vulnerability	VCID-44fx-4w2y-y3dy

vulnerability	VCID-4twv-1yys-eban

vulnerability	VCID-5ykb-6nvx-k3e4

vulnerability	VCID-6t6n-ws5n-wkay

vulnerability	VCID-6ze5-dqdn-ykg3

vulnerability	VCID-7m68-seeq-tuae

vulnerability	VCID-85gc-u991-z3dw

vulnerability	VCID-8nbc-ethb-6kcn

vulnerability	VCID-9swv-zvke-ubet

vulnerability	VCID-a8j1-24bw-gudu

vulnerability	VCID-akj7-kh8f-97ct

vulnerability	VCID-ay5a-nkmf-5yar

vulnerability	VCID-be57-gxmc-vqd4

vulnerability	VCID-c2b8-ss11-9yhq

vulnerability	VCID-cre7-1uhc-bka2

vulnerability	VCID-cxs3-zh36-m7en

vulnerability	VCID-d7db-n89n-qyd8

vulnerability	VCID-e48s-dv1e-4fgn

vulnerability	VCID-fhtp-y9a5-vqgj

vulnerability	VCID-fwp2-z586-ebbq

vulnerability	VCID-h3qa-svy4-1fcr

vulnerability	VCID-hj89-pnag-3fer

vulnerability	VCID-huf2-qwju-6bf2

vulnerability	VCID-jkca-shmj-mbbu

vulnerability	VCID-k6z6-4pb4-tbeu

vulnerability	VCID-k7kv-za2s-dud5

vulnerability	VCID-khhn-9sja-sfgr

vulnerability	VCID-mebp-4rfu-vqcq

vulnerability	VCID-pau5-hfbv-nucp

vulnerability	VCID-qnz1-w7bb-97ee

vulnerability	VCID-qvkt-vk55-4bbx

vulnerability	VCID-rftg-byj2-jkh9

vulnerability	VCID-s8du-gzj2-gkc1

vulnerability	VCID-sb43-hapb-1uf2

vulnerability	VCID-ses2-y1j2-vbbx

vulnerability	VCID-sx2t-uzae-2fh9

vulnerability	VCID-uj1s-uuyx-mya5

vulnerability	VCID-vbs9-gben-9kgc

vulnerability	VCID-vsjt-qjyw-hbfs

vulnerability	VCID-wrxa-2us4-vkf9

vulnerability	VCID-ws4h-295a-9qgx

vulnerability	VCID-xbb2-av4z-m3dp

vulnerability	VCID-xdbp-7rtr-fyb7

vulnerability	VCID-xpvn-y3b8-skgb

vulnerability	VCID-y683-kz6e-afhv

vulnerability	VCID-ypan-57sx-vyam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4

aliases CVE-2017-16661

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x1fg-6mq4-d7ds

url VCID-yjny-ubdp-7few

vulnerability_id VCID-yjny-ubdp-7few

summary Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16785

reference_id

reference_type

scores

value	0.00182
scoring_system	epss
scoring_elements	0.39988
published_at	2026-04-13T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.40009
published_at	2026-04-18T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.40038
published_at	2026-04-16T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.40045
published_at	2026-04-11T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.40008
published_at	2026-04-12T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.41589
published_at	2026-04-09T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.4158
published_at	2026-04-08T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.41574
published_at	2026-04-02T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.41603
published_at	2026-04-04T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.4153
published_at	2026-04-07T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.41485
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16785

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16785
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16785

reference_url	https://github.com/Cacti/cacti/issues/1071
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/issues/1071

reference_url	http://www.securitytracker.com/id/1039774
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039774

reference_url	https://security.archlinux.org/ASA-201712-2
reference_id	ASA-201712-2
reference_type
scores
url	https://security.archlinux.org/ASA-201712-2

reference_url

reference_id

AVG-537

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url