Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
Typeapk
Namespacealpine
Namecacti
Version1.2.29-r0
Qualifiers
arch s390x
distroversion edge
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4twv-1yys-eban
vulnerability_id VCID-4twv-1yys-eban
summary Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-22604
reference_id
reference_type
scores
0
value 0.72211
scoring_system epss
scoring_elements 0.98757
published_at 2026-04-16T12:55:00Z
1
value 0.72211
scoring_system epss
scoring_elements 0.9875
published_at 2026-04-09T12:55:00Z
2
value 0.72211
scoring_system epss
scoring_elements 0.98753
published_at 2026-04-12T12:55:00Z
3
value 0.72211
scoring_system epss
scoring_elements 0.98754
published_at 2026-04-13T12:55:00Z
4
value 0.72211
scoring_system epss
scoring_elements 0.98742
published_at 2026-04-02T12:55:00Z
5
value 0.72211
scoring_system epss
scoring_elements 0.98746
published_at 2026-04-04T12:55:00Z
6
value 0.72211
scoring_system epss
scoring_elements 0.98749
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-22604
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id 1094574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
3
reference_url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_id c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/
url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36
reference_id GHSA-c5j8-jxj3-hh36
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
purl pkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=s390x&distroversion=edge&reponame=community
aliases CVE-2025-22604
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4twv-1yys-eban
1
url VCID-6ze5-dqdn-ykg3
vulnerability_id VCID-6ze5-dqdn-ykg3
summary Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45598
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.19758
published_at 2026-04-02T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.1981
published_at 2026-04-04T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19532
published_at 2026-04-07T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.19611
published_at 2026-04-08T12:55:00Z
4
value 0.00063
scoring_system epss
scoring_elements 0.19664
published_at 2026-04-09T12:55:00Z
5
value 0.00063
scoring_system epss
scoring_elements 0.19668
published_at 2026-04-11T12:55:00Z
6
value 0.00087
scoring_system epss
scoring_elements 0.24993
published_at 2026-04-12T12:55:00Z
7
value 0.00087
scoring_system epss
scoring_elements 0.24939
published_at 2026-04-13T12:55:00Z
8
value 0.00087
scoring_system epss
scoring_elements 0.24951
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45598
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id 1094574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
purl pkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=s390x&distroversion=edge&reponame=community
aliases CVE-2024-45598
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ze5-dqdn-ykg3
2
url VCID-7m68-seeq-tuae
vulnerability_id VCID-7m68-seeq-tuae
summary Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-24368
reference_id
reference_type
scores
0
value 0.00069
scoring_system epss
scoring_elements 0.2139
published_at 2026-04-04T12:55:00Z
1
value 0.00069
scoring_system epss
scoring_elements 0.21335
published_at 2026-04-02T12:55:00Z
2
value 0.00112
scoring_system epss
scoring_elements 0.29605
published_at 2026-04-16T12:55:00Z
3
value 0.00112
scoring_system epss
scoring_elements 0.2964
published_at 2026-04-08T12:55:00Z
4
value 0.00112
scoring_system epss
scoring_elements 0.29678
published_at 2026-04-09T12:55:00Z
5
value 0.00112
scoring_system epss
scoring_elements 0.2968
published_at 2026-04-11T12:55:00Z
6
value 0.00112
scoring_system epss
scoring_elements 0.29636
published_at 2026-04-12T12:55:00Z
7
value 0.00112
scoring_system epss
scoring_elements 0.29586
published_at 2026-04-13T12:55:00Z
8
value 0.00146
scoring_system epss
scoring_elements 0.34947
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-24368
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id 1094574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
3
reference_url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_id c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/
url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c
reference_id GHSA-f9c7-7rc3-574c
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
purl pkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=s390x&distroversion=edge&reponame=community
aliases CVE-2025-24368
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7m68-seeq-tuae
3
url VCID-a1a1-zuaj-mqaa
vulnerability_id VCID-a1a1-zuaj-mqaa
summary Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27082
reference_id
reference_type
scores
0
value 0.00358
scoring_system epss
scoring_elements 0.58034
published_at 2026-04-16T12:55:00Z
1
value 0.00358
scoring_system epss
scoring_elements 0.58024
published_at 2026-04-12T12:55:00Z
2
value 0.00358
scoring_system epss
scoring_elements 0.58003
published_at 2026-04-13T12:55:00Z
3
value 0.00358
scoring_system epss
scoring_elements 0.57976
published_at 2026-04-02T12:55:00Z
4
value 0.00358
scoring_system epss
scoring_elements 0.57995
published_at 2026-04-04T12:55:00Z
5
value 0.00358
scoring_system epss
scoring_elements 0.57971
published_at 2026-04-07T12:55:00Z
6
value 0.00358
scoring_system epss
scoring_elements 0.58027
published_at 2026-04-08T12:55:00Z
7
value 0.00358
scoring_system epss
scoring_elements 0.58029
published_at 2026-04-09T12:55:00Z
8
value 0.00358
scoring_system epss
scoring_elements 0.58046
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27082
1
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h
reference_id GHSA-j868-7vjp-rp9h
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T14:24:32Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
purl pkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=s390x&distroversion=edge&reponame=community
aliases CVE-2024-27082
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a1a1-zuaj-mqaa
4
url VCID-be57-gxmc-vqd4
vulnerability_id VCID-be57-gxmc-vqd4
summary Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43362
reference_id
reference_type
scores
0
value 0.05453
scoring_system epss
scoring_elements 0.90203
published_at 2026-04-16T12:55:00Z
1
value 0.05453
scoring_system epss
scoring_elements 0.90192
published_at 2026-04-11T12:55:00Z
2
value 0.05453
scoring_system epss
scoring_elements 0.90191
published_at 2026-04-12T12:55:00Z
3
value 0.05453
scoring_system epss
scoring_elements 0.90185
published_at 2026-04-13T12:55:00Z
4
value 0.05453
scoring_system epss
scoring_elements 0.90156
published_at 2026-04-04T12:55:00Z
5
value 0.05453
scoring_system epss
scoring_elements 0.90162
published_at 2026-04-07T12:55:00Z
6
value 0.05453
scoring_system epss
scoring_elements 0.90177
published_at 2026-04-08T12:55:00Z
7
value 0.05453
scoring_system epss
scoring_elements 0.90183
published_at 2026-04-09T12:55:00Z
8
value 0.07763
scoring_system epss
scoring_elements 0.91918
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43362
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c
reference_id GHSA-wh9c-v56x-v77c
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:07:47Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.28-r0?arch=s390x&distroversion=edge&reponame=community
purl pkg:apk/alpine/cacti@1.2.28-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=s390x&distroversion=edge&reponame=community
1
url pkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
purl pkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=s390x&distroversion=edge&reponame=community
aliases CVE-2024-43362
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-be57-gxmc-vqd4
5
url VCID-hj89-pnag-3fer
vulnerability_id VCID-hj89-pnag-3fer
summary Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43363
reference_id
reference_type
scores
0
value 0.75133
scoring_system epss
scoring_elements 0.98878
published_at 2026-04-16T12:55:00Z
1
value 0.75133
scoring_system epss
scoring_elements 0.98875
published_at 2026-04-11T12:55:00Z
2
value 0.75133
scoring_system epss
scoring_elements 0.98876
published_at 2026-04-13T12:55:00Z
3
value 0.75133
scoring_system epss
scoring_elements 0.98868
published_at 2026-04-02T12:55:00Z
4
value 0.75133
scoring_system epss
scoring_elements 0.98869
published_at 2026-04-04T12:55:00Z
5
value 0.75133
scoring_system epss
scoring_elements 0.98872
published_at 2026-04-09T12:55:00Z
6
value 0.75133
scoring_system epss
scoring_elements 0.98873
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43363
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4
reference_id GHSA-gxq4-mv8h-6qj4
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-08T14:21:20Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.28-r0?arch=s390x&distroversion=edge&reponame=community
purl pkg:apk/alpine/cacti@1.2.28-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=s390x&distroversion=edge&reponame=community
1
url pkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
purl pkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=s390x&distroversion=edge&reponame=community
aliases CVE-2024-43363
risk_score 3.2
exploitability 0.5
weighted_severity 6.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hj89-pnag-3fer
6
url VCID-khhn-9sja-sfgr
vulnerability_id VCID-khhn-9sja-sfgr
summary Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-24367
reference_id
reference_type
scores
0
value 0.90486
scoring_system epss
scoring_elements 0.99606
published_at 2026-04-04T12:55:00Z
1
value 0.90486
scoring_system epss
scoring_elements 0.99608
published_at 2026-04-11T12:55:00Z
2
value 0.90486
scoring_system epss
scoring_elements 0.99609
published_at 2026-04-13T12:55:00Z
3
value 0.90486
scoring_system epss
scoring_elements 0.9961
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-24367
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id 1094574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
3
reference_url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_id c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/
url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq
reference_id GHSA-fxrq-fr7h-9rqq
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
purl pkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=s390x&distroversion=edge&reponame=community
aliases CVE-2025-24367
risk_score 10.0
exploitability 2.0
weighted_severity 7.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khhn-9sja-sfgr
7
url VCID-s8du-gzj2-gkc1
vulnerability_id VCID-s8du-gzj2-gkc1
summary Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43364
reference_id
reference_type
scores
0
value 0.05293
scoring_system epss
scoring_elements 0.90032
published_at 2026-04-16T12:55:00Z
1
value 0.05293
scoring_system epss
scoring_elements 0.90024
published_at 2026-04-11T12:55:00Z
2
value 0.05293
scoring_system epss
scoring_elements 0.90022
published_at 2026-04-12T12:55:00Z
3
value 0.05293
scoring_system epss
scoring_elements 0.90016
published_at 2026-04-13T12:55:00Z
4
value 0.05293
scoring_system epss
scoring_elements 0.89988
published_at 2026-04-04T12:55:00Z
5
value 0.05293
scoring_system epss
scoring_elements 0.89993
published_at 2026-04-07T12:55:00Z
6
value 0.05293
scoring_system epss
scoring_elements 0.90009
published_at 2026-04-08T12:55:00Z
7
value 0.05293
scoring_system epss
scoring_elements 0.90014
published_at 2026-04-09T12:55:00Z
8
value 0.07542
scoring_system epss
scoring_elements 0.91788
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43364
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5
reference_id GHSA-fgc6-g8gc-wcg5
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:27Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.28-r0?arch=s390x&distroversion=edge&reponame=community
purl pkg:apk/alpine/cacti@1.2.28-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=s390x&distroversion=edge&reponame=community
1
url pkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
purl pkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=s390x&distroversion=edge&reponame=community
aliases CVE-2024-43364
risk_score 2.5
exploitability 0.5
weighted_severity 5.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s8du-gzj2-gkc1
8
url VCID-sx2t-uzae-2fh9
vulnerability_id VCID-sx2t-uzae-2fh9
summary Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-54145
reference_id
reference_type
scores
0
value 0.00084
scoring_system epss
scoring_elements 0.24603
published_at 2026-04-02T12:55:00Z
1
value 0.00084
scoring_system epss
scoring_elements 0.24415
published_at 2026-04-07T12:55:00Z
2
value 0.00084
scoring_system epss
scoring_elements 0.2464
published_at 2026-04-04T12:55:00Z
3
value 0.0018
scoring_system epss
scoring_elements 0.39638
published_at 2026-04-16T12:55:00Z
4
value 0.0018
scoring_system epss
scoring_elements 0.39631
published_at 2026-04-09T12:55:00Z
5
value 0.0018
scoring_system epss
scoring_elements 0.3964
published_at 2026-04-11T12:55:00Z
6
value 0.0018
scoring_system epss
scoring_elements 0.39604
published_at 2026-04-12T12:55:00Z
7
value 0.0018
scoring_system epss
scoring_elements 0.39587
published_at 2026-04-13T12:55:00Z
8
value 0.0018
scoring_system epss
scoring_elements 0.39616
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-54145
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id 1094574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
3
reference_url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_id c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/
url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp
reference_id GHSA-fh3x-69rr-qqpp
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
purl pkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=s390x&distroversion=edge&reponame=community
aliases CVE-2024-54145
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sx2t-uzae-2fh9
9
url VCID-xdbp-7rtr-fyb7
vulnerability_id VCID-xdbp-7rtr-fyb7
summary Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43365
reference_id
reference_type
scores
0
value 0.05293
scoring_system epss
scoring_elements 0.90032
published_at 2026-04-16T12:55:00Z
1
value 0.05293
scoring_system epss
scoring_elements 0.90022
published_at 2026-04-12T12:55:00Z
2
value 0.05293
scoring_system epss
scoring_elements 0.90016
published_at 2026-04-13T12:55:00Z
3
value 0.05293
scoring_system epss
scoring_elements 0.89975
published_at 2026-04-02T12:55:00Z
4
value 0.05293
scoring_system epss
scoring_elements 0.89988
published_at 2026-04-04T12:55:00Z
5
value 0.05293
scoring_system epss
scoring_elements 0.89993
published_at 2026-04-07T12:55:00Z
6
value 0.05293
scoring_system epss
scoring_elements 0.90009
published_at 2026-04-08T12:55:00Z
7
value 0.05293
scoring_system epss
scoring_elements 0.90014
published_at 2026-04-09T12:55:00Z
8
value 0.05293
scoring_system epss
scoring_elements 0.90024
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43365
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr
reference_id GHSA-49f2-hwx9-qffr
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:21Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.28-r0?arch=s390x&distroversion=edge&reponame=community
purl pkg:apk/alpine/cacti@1.2.28-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=s390x&distroversion=edge&reponame=community
1
url pkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
purl pkg:apk/alpine/cacti@1.2.29-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=s390x&distroversion=edge&reponame=community
aliases CVE-2024-43365
risk_score 2.5
exploitability 0.5
weighted_severity 5.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xdbp-7rtr-fyb7
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=s390x&distroversion=edge&reponame=community