Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/26679?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/26679?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "type": "deb", "namespace": "debian", "name": "cacti", "version": "1.2.16+ds1-2+deb11u5", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.2.19+ds1-1", "latest_non_vulnerable_version": "1.2.30+ds1-3", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210609?format=api", "vulnerability_id": "VCID-2w7g-uq3h-jbf3", "summary": "Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45598", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24982", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25182", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25201", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25187", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574", "reference_id": "1094574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26614?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axwy-nqfu-s3e5" }, { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-ve2z-gfv1-p3cm" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26679?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26612?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26681?format=api", "purl": "pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26616?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26615?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45598" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2w7g-uq3h-jbf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31938?format=api", "vulnerability_id": "VCID-5wah-6f7j-87d9", "summary": "Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90233", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90264", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90272", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.9027", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr", "reference_id": "GHSA-49f2-hwx9-qffr", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:21Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26614?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axwy-nqfu-s3e5" }, { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-ve2z-gfv1-p3cm" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26679?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26612?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26680?format=api", "purl": "pkg:deb/debian/cacti@1.2.28%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26616?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26615?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-43365" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5wah-6f7j-87d9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31899?format=api", "vulnerability_id": "VCID-6zad-jm88-mqgt", "summary": "Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90233", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90264", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90272", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.9027", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5", "reference_id": "GHSA-fgc6-g8gc-wcg5", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:27Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26614?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axwy-nqfu-s3e5" }, { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-ve2z-gfv1-p3cm" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26679?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26612?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26680?format=api", "purl": "pkg:deb/debian/cacti@1.2.28%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26616?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26615?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-43364" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6zad-jm88-mqgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31698?format=api", "vulnerability_id": "VCID-9rdp-n4rw-vqfg", "summary": "Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98897", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98901", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98902", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98903", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43363" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4", "reference_id": "GHSA-gxq4-mv8h-6qj4", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-08T14:21:20Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26614?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axwy-nqfu-s3e5" }, { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-ve2z-gfv1-p3cm" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26679?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26612?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26680?format=api", "purl": "pkg:deb/debian/cacti@1.2.28%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26616?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26615?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-43363" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9rdp-n4rw-vqfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/125135?format=api", "vulnerability_id": "VCID-a4bg-c3ky-tfdf", "summary": "Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22604", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.70074", "scoring_system": "epss", "scoring_elements": "0.987", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.70074", "scoring_system": "epss", "scoring_elements": "0.98694", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.70074", "scoring_system": "epss", "scoring_elements": "0.98698", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.70074", "scoring_system": "epss", "scoring_elements": "0.98699", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574", "reference_id": "1094574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574" }, { "reference_url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_id": "c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/" } ], "url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36", "reference_id": "GHSA-c5j8-jxj3-hh36", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26614?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axwy-nqfu-s3e5" }, { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-ve2z-gfv1-p3cm" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26679?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26612?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26681?format=api", "purl": "pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26616?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26615?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-22604" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a4bg-c3ky-tfdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31034?format=api", "vulnerability_id": "VCID-cy41-xtyc-fug9", "summary": "Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54145", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39587", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39403", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39573", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39598", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574", "reference_id": "1094574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574" }, { "reference_url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_id": "c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/" } ], "url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp", "reference_id": "GHSA-fh3x-69rr-qqpp", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26614?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axwy-nqfu-s3e5" }, { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-ve2z-gfv1-p3cm" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26679?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26612?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26681?format=api", "purl": "pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26616?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26615?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-54145" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cy41-xtyc-fug9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124289?format=api", "vulnerability_id": "VCID-mq8u-bmqv-73aa", "summary": "Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24368", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29422", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29211", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29412", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29435", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574", "reference_id": "1094574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574" }, { "reference_url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_id": "c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/" } ], "url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c", "reference_id": "GHSA-f9c7-7rc3-574c", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26614?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axwy-nqfu-s3e5" }, { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-ve2z-gfv1-p3cm" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26679?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26612?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26681?format=api", "purl": "pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26616?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26615?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-24368" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mq8u-bmqv-73aa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124514?format=api", "vulnerability_id": "VCID-t1p7-p932-uuha", "summary": "Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24367", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.87934", "scoring_system": "epss", "scoring_elements": "0.99498", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.87934", "scoring_system": "epss", "scoring_elements": "0.99495", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.87934", "scoring_system": "epss", "scoring_elements": "0.99496", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.87934", "scoring_system": "epss", "scoring_elements": "0.99497", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574", "reference_id": "1094574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574" }, { "reference_url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_id": "c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/" } ], "url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq", "reference_id": "GHSA-fxrq-fr7h-9rqq", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26614?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axwy-nqfu-s3e5" }, { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-ve2z-gfv1-p3cm" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26679?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26612?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26681?format=api", "purl": "pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26616?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26615?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-24367" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t1p7-p932-uuha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31319?format=api", "vulnerability_id": "VCID-vba6-batw-vke4", "summary": "Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90392", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90422", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.9043", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90431", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c", "reference_id": "GHSA-wh9c-v56x-v77c", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:07:47Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26614?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axwy-nqfu-s3e5" }, { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-ve2z-gfv1-p3cm" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26679?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26612?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26680?format=api", "purl": "pkg:deb/debian/cacti@1.2.28%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26616?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26615?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-43362" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vba6-batw-vke4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56525?format=api", "vulnerability_id": "VCID-wmjr-1h3n-hbhb", "summary": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48910.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48910.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48910", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85978", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85971", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85968", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85919", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48910" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48910", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48910" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322949", "reference_id": "2322949", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322949" }, { "reference_url": "https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc", "reference_id": "d1dd0374caef2b4c56c3bd09fe1988c3479166dc", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-31T15:52:58Z/" } ], "url": "https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc" }, { "reference_url": "https://github.com/advisories/GHSA-p3vf-v8qc-cwcr", "reference_id": "GHSA-p3vf-v8qc-cwcr", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p3vf-v8qc-cwcr" }, { "reference_url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr", "reference_id": "GHSA-p3vf-v8qc-cwcr", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-31T15:52:58Z/" } ], "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10186", "reference_id": "RHSA-2024:10186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9583", "reference_id": "RHSA-2024:9583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9620", "reference_id": "RHSA-2024:9620", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9620" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0079", "reference_id": "RHSA-2025:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0082", "reference_id": "RHSA-2025:0082", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0082" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0654", "reference_id": "RHSA-2025:0654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0875", "reference_id": "RHSA-2025:0875", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0875" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18233", "reference_id": "RHSA-2025:18233", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18233" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19003", "reference_id": "RHSA-2025:19003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19017", "reference_id": "RHSA-2025:19017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19047", "reference_id": "RHSA-2025:19047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19058", "reference_id": "RHSA-2025:19058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19306", "reference_id": "RHSA-2025:19306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19306" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19314", "reference_id": "RHSA-2025:19314", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19895", "reference_id": "RHSA-2025:19895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22284", "reference_id": "RHSA-2025:22284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8544", "reference_id": "RHSA-2025:8544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8551", "reference_id": "RHSA-2025:8551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8551" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26614?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axwy-nqfu-s3e5" }, { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-ve2z-gfv1-p3cm" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26679?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26675?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26612?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26676?format=api", "purl": "pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.26%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26616?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26615?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-48910", "GHSA-p3vf-v8qc-cwcr" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wmjr-1h3n-hbhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20937?format=api", "vulnerability_id": "VCID-z8n7-dz6p-zqfb", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47875.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47875.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47875", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.72542", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.72547", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.72532", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.72455", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875" }, { "reference_url": "http://seclists.org/fulldisclosure/2025/Apr/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2025/Apr/14" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html" }, { "reference_url": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f", "reference_id": "0ef5e537a514f904b6aa1d7ad9e749e365d7185f", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/" } ], "url": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983", "reference_id": "1084983", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318052", "reference_id": "2318052", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318052" }, { "reference_url": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a", "reference_id": "6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/" } ], "url": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47875", "reference_id": "CVE-2024-47875", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47875" }, { "reference_url": "https://github.com/advisories/GHSA-gx9m-whjm-85jf", "reference_id": "GHSA-gx9m-whjm-85jf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gx9m-whjm-85jf" }, { "reference_url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf", "reference_id": "GHSA-gx9m-whjm-85jf", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/" } ], "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10236", "reference_id": "RHSA-2024:10236", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10988", "reference_id": "RHSA-2024:10988", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10988" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8327", "reference_id": "RHSA-2024:8327", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8327" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8678", "reference_id": "RHSA-2024:8678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8683", "reference_id": "RHSA-2024:8683", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8683" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8981", "reference_id": "RHSA-2024:8981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8991", "reference_id": "RHSA-2024:8991", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8991" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9473", "reference_id": "RHSA-2024:9473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9620", "reference_id": "RHSA-2024:9620", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9620" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9629", "reference_id": "RHSA-2024:9629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0329", "reference_id": "RHSA-2025:0329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0329" }, { "reference_url": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098", "reference_id": "test-suite.js#L2098", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/" } ], "url": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26614?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axwy-nqfu-s3e5" }, { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-ve2z-gfv1-p3cm" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26679?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26675?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26612?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h2mr-s15u-sfcf" }, { "vulnerability": "VCID-mhcu-b6q2-y3gr" }, { "vulnerability": "VCID-wqkt-s98d-j7ga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26676?format=api", "purl": "pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.26%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26616?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/26615?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-47875", "GHSA-gx9m-whjm-85jf" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z8n7-dz6p-zqfb" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }