Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/cacti@1.2.26-r0?arch=ppc64le&distroversion=v3.20&reponame=community

Type apk

Namespace alpine

Name cacti

Version 1.2.26-r0

Qualifiers

arch	ppc64le
distroversion	v3.20
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.2.27-r0

Latest_non_vulnerable_version 1.2.28-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-8max-2avj-hkdt

vulnerability_id VCID-8max-2avj-hkdt

summary Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-51448

reference_id

reference_type

scores

value	0.32076
scoring_system	epss
scoring_elements	0.96804
published_at	2026-04-02T12:55:00Z

value	0.32076
scoring_system	epss
scoring_elements	0.96806
published_at	2026-04-04T12:55:00Z

value	0.32076
scoring_system	epss
scoring_elements	0.96809
published_at	2026-04-07T12:55:00Z

value	0.32076
scoring_system	epss
scoring_elements	0.96817
published_at	2026-04-08T12:55:00Z

value	0.32076
scoring_system	epss
scoring_elements	0.96818
published_at	2026-04-09T12:55:00Z

value	0.32076
scoring_system	epss
scoring_elements	0.9682
published_at	2026-04-11T12:55:00Z

value	0.32076
scoring_system	epss
scoring_elements	0.96821
published_at	2026-04-12T12:55:00Z

value	0.32076
scoring_system	epss
scoring_elements	0.96822
published_at	2026-04-13T12:55:00Z

value	0.32076
scoring_system	epss
scoring_elements	0.96827
published_at	2026-04-16T12:55:00Z

value	0.32076
scoring_system	epss
scoring_elements	0.96831
published_at	2026-04-18T12:55:00Z

value	0.32076
scoring_system	epss
scoring_elements	0.96834
published_at	2026-04-24T12:55:00Z

value	0.32076
scoring_system	epss
scoring_elements	0.96836
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-51448

fixed_packages

url	pkg:apk/alpine/cacti@1.2.26-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/cacti@1.2.26-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community

aliases CVE-2023-51448

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8max-2avj-hkdt

url VCID-ay5a-nkmf-5yar

vulnerability_id VCID-ay5a-nkmf-5yar

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49086

reference_id

reference_type

scores

value	0.00949
scoring_system	epss
scoring_elements	0.76305
published_at	2026-04-02T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76335
published_at	2026-04-04T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76314
published_at	2026-04-07T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76347
published_at	2026-04-08T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76361
published_at	2026-04-09T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76387
published_at	2026-04-11T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76365
published_at	2026-04-12T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.7636
published_at	2026-04-13T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76401
published_at	2026-04-16T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76407
published_at	2026-04-18T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76392
published_at	2026-04-21T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76426
published_at	2026-04-24T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76433
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254
reference_id	1059254
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254

fixed_packages

url	pkg:apk/alpine/cacti@1.2.26-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/cacti@1.2.26-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community

aliases CVE-2023-49086

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ay5a-nkmf-5yar

url VCID-d7db-n89n-qyd8

vulnerability_id VCID-d7db-n89n-qyd8

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49084

reference_id

reference_type

scores

value	0.88341
scoring_system	epss
scoring_elements	0.99488
published_at	2026-04-02T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.9949
published_at	2026-04-04T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.99492
published_at	2026-04-07T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.99493
published_at	2026-04-08T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.99494
published_at	2026-04-09T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.99495
published_at	2026-04-13T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.99498
published_at	2026-04-16T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.99499
published_at	2026-04-18T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.995
published_at	2026-04-21T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.99501
published_at	2026-04-24T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.99502
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49084

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254
reference_id	1059254
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254

fixed_packages

url	pkg:apk/alpine/cacti@1.2.26-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/cacti@1.2.26-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community

aliases CVE-2023-49084

risk_score 1.6

exploitability 2.0

weighted_severity 0.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d7db-n89n-qyd8

url VCID-h3qa-svy4-1fcr

vulnerability_id VCID-h3qa-svy4-1fcr

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49085

reference_id

reference_type

scores

value	0.91404
scoring_system	epss
scoring_elements	0.99656
published_at	2026-04-02T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.99658
published_at	2026-04-04T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.99659
published_at	2026-04-07T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.9966
published_at	2026-04-09T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.99661
published_at	2026-04-12T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.99662
published_at	2026-04-13T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.99663
published_at	2026-04-16T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.99664
published_at	2026-04-18T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.99665
published_at	2026-04-21T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.99667
published_at	2026-04-24T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.99668
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088

fixed_packages

url	pkg:apk/alpine/cacti@1.2.26-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/cacti@1.2.26-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community

aliases CVE-2023-49085

risk_score 1.6

exploitability 2.0

weighted_severity 0.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h3qa-svy4-1fcr

url VCID-mwbm-aphc-akgu

vulnerability_id VCID-mwbm-aphc-akgu

summary Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-50250

reference_id

reference_type

scores

value	0.02686
scoring_system	epss
scoring_elements	0.85793
published_at	2026-04-02T12:55:00Z

value	0.02686
scoring_system	epss
scoring_elements	0.85811
published_at	2026-04-04T12:55:00Z

value	0.03596
scoring_system	epss
scoring_elements	0.87735
published_at	2026-04-07T12:55:00Z

value	0.03596
scoring_system	epss
scoring_elements	0.87756
published_at	2026-04-08T12:55:00Z

value	0.03596
scoring_system	epss
scoring_elements	0.87762
published_at	2026-04-09T12:55:00Z

value	0.03596
scoring_system	epss
scoring_elements	0.87773
published_at	2026-04-11T12:55:00Z

value	0.03596
scoring_system	epss
scoring_elements	0.87768
published_at	2026-04-12T12:55:00Z

value	0.03596
scoring_system	epss
scoring_elements	0.87766
published_at	2026-04-13T12:55:00Z

value	0.03596
scoring_system	epss
scoring_elements	0.8778
published_at	2026-04-16T12:55:00Z

value	0.03596
scoring_system	epss
scoring_elements	0.87779
published_at	2026-04-18T12:55:00Z

value	0.03596
scoring_system	epss
scoring_elements	0.87778
published_at	2026-04-21T12:55:00Z

value	0.03596
scoring_system	epss
scoring_elements	0.87795
published_at	2026-04-24T12:55:00Z

value	0.03596
scoring_system	epss
scoring_elements	0.87801
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-50250

fixed_packages

url	pkg:apk/alpine/cacti@1.2.26-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/cacti@1.2.26-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community

aliases CVE-2023-50250

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mwbm-aphc-akgu

url VCID-xkkm-ss3p-1udc

vulnerability_id VCID-xkkm-ss3p-1udc

summary SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46490

reference_id

reference_type

scores

value	0.00207
scoring_system	epss
scoring_elements	0.42996
published_at	2026-04-26T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.42994
published_at	2026-04-24T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43071
published_at	2026-04-02T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43098
published_at	2026-04-04T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43037
published_at	2026-04-07T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.4309
published_at	2026-04-12T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43102
published_at	2026-04-09T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43124
published_at	2026-04-11T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43075
published_at	2026-04-13T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43135
published_at	2026-04-16T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43125
published_at	2026-04-18T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.4306
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46490

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46490
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46490

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059286
reference_id	1059286
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059286

reference_url

https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53

reference_id

a95632111138fcd7ccf7432ccb145b53

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T14:48:55Z/

url

https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c

reference_id

GHSA-f4r3-53jr-654c

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T14:48:55Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c

fixed_packages

url	pkg:apk/alpine/cacti@1.2.26-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/cacti@1.2.26-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community

aliases CVE-2023-46490

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xkkm-ss3p-1udc

url VCID-zkmp-kgyq-tfeh

vulnerability_id VCID-zkmp-kgyq-tfeh

summary Rejected reason: DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2023-50250. Reason: This record is a reservation duplicate of CVE-2023-50250. Notes: All CVE users should reference CVE-2023-50250 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.

references

fixed_packages

url	pkg:apk/alpine/cacti@1.2.26-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/cacti@1.2.26-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community

aliases CVE-2023-50569

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zkmp-kgyq-tfeh

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community

Package Instance