Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/441626?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/441626?format=api", "purl": "pkg:apk/alpine/cacti@1.2.29-r0?arch=x86_64&distroversion=v3.22&reponame=community", "type": "apk", "namespace": "alpine", "name": "cacti", "version": "1.2.29-r0", "qualifiers": { "arch": "x86_64", "distroversion": "v3.22", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96527?format=api", "vulnerability_id": "VCID-4twv-1yys-eban", "summary": "Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22604", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.98757", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.9875", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.98753", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.98754", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.98742", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.98746", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.98749", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574", "reference_id": "1094574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574" }, { "reference_url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_id": "c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/" } ], "url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36", "reference_id": "GHSA-c5j8-jxj3-hh36", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/441626?format=api", "purl": "pkg:apk/alpine/cacti@1.2.29-r0?arch=x86_64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-22604" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4twv-1yys-eban" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96207?format=api", "vulnerability_id": "VCID-6ze5-dqdn-ykg3", "summary": "Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45598", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19758", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1981", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19532", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19611", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19664", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19668", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24993", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24939", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24951", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574", "reference_id": "1094574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/441626?format=api", "purl": "pkg:apk/alpine/cacti@1.2.29-r0?arch=x86_64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2024-45598" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ze5-dqdn-ykg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96561?format=api", "vulnerability_id": "VCID-7m68-seeq-tuae", "summary": "Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24368", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2139", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21335", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29605", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.2964", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29678", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.2968", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29636", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29586", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34947", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574", "reference_id": "1094574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574" }, { "reference_url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_id": "c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/" } ], "url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c", "reference_id": "GHSA-f9c7-7rc3-574c", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/441626?format=api", "purl": "pkg:apk/alpine/cacti@1.2.29-r0?arch=x86_64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-24368" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7m68-seeq-tuae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/243855?format=api", "vulnerability_id": "VCID-a1a1-zuaj-mqaa", "summary": "Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page. Version 1.2.27 contains a patch for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58034", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58024", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58003", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57976", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57995", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57971", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58027", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58029", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58046", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27082" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h", "reference_id": "GHSA-j868-7vjp-rp9h", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T14:24:32Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/441626?format=api", "purl": "pkg:apk/alpine/cacti@1.2.29-r0?arch=x86_64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2024-27082" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a1a1-zuaj-mqaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96189?format=api", "vulnerability_id": "VCID-be57-gxmc-vqd4", "summary": "Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90203", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90192", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90191", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90185", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90156", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90162", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90177", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90183", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07763", "scoring_system": "epss", "scoring_elements": "0.91918", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c", "reference_id": "GHSA-wh9c-v56x-v77c", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:07:47Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/482159?format=api", "purl": "pkg:apk/alpine/cacti@1.2.28-r0?arch=x86_64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/441626?format=api", "purl": "pkg:apk/alpine/cacti@1.2.29-r0?arch=x86_64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2024-43362" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-be57-gxmc-vqd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96190?format=api", "vulnerability_id": "VCID-hj89-pnag-3fer", "summary": "Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98878", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98875", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98876", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98868", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98869", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98872", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98873", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43363" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4", "reference_id": "GHSA-gxq4-mv8h-6qj4", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-08T14:21:20Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/482159?format=api", "purl": "pkg:apk/alpine/cacti@1.2.28-r0?arch=x86_64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/441626?format=api", "purl": "pkg:apk/alpine/cacti@1.2.29-r0?arch=x86_64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2024-43363" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hj89-pnag-3fer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96560?format=api", "vulnerability_id": "VCID-khhn-9sja-sfgr", "summary": "Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24367", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90486", "scoring_system": "epss", "scoring_elements": "0.99606", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.90486", "scoring_system": "epss", "scoring_elements": "0.99608", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.90486", "scoring_system": "epss", "scoring_elements": "0.99609", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.90486", "scoring_system": "epss", "scoring_elements": "0.9961", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574", "reference_id": "1094574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574" }, { "reference_url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_id": "c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/" } ], "url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq", "reference_id": "GHSA-fxrq-fr7h-9rqq", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/441626?format=api", "purl": "pkg:apk/alpine/cacti@1.2.29-r0?arch=x86_64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2025-24367" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-khhn-9sja-sfgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96191?format=api", "vulnerability_id": "VCID-s8du-gzj2-gkc1", "summary": "Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90032", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90024", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90022", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90016", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.89988", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.89993", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90009", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90014", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07542", "scoring_system": "epss", "scoring_elements": "0.91788", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5", "reference_id": "GHSA-fgc6-g8gc-wcg5", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:27Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/482159?format=api", "purl": "pkg:apk/alpine/cacti@1.2.28-r0?arch=x86_64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/441626?format=api", "purl": "pkg:apk/alpine/cacti@1.2.29-r0?arch=x86_64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2024-43364" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s8du-gzj2-gkc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96284?format=api", "vulnerability_id": "VCID-sx2t-uzae-2fh9", "summary": "Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54145", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24603", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24415", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.2464", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39638", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39631", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.3964", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39604", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39587", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39616", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574", "reference_id": "1094574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574" }, { "reference_url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_id": "c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/" } ], "url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp", "reference_id": "GHSA-fh3x-69rr-qqpp", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/441626?format=api", "purl": "pkg:apk/alpine/cacti@1.2.29-r0?arch=x86_64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2024-54145" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sx2t-uzae-2fh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96192?format=api", "vulnerability_id": "VCID-xdbp-7rtr-fyb7", "summary": "Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90032", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90022", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90016", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.89975", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.89988", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.89993", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90009", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90014", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90024", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr", "reference_id": "GHSA-49f2-hwx9-qffr", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:21Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/482159?format=api", "purl": "pkg:apk/alpine/cacti@1.2.28-r0?arch=x86_64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/441626?format=api", "purl": "pkg:apk/alpine/cacti@1.2.29-r0?arch=x86_64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2024-43365" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xdbp-7rtr-fyb7" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" }