Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
Typedeb
Namespacedebian
Namecacti
Version1.2.16+ds1-2+deb11u3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.2.30+ds1-1
Latest_non_vulnerable_version1.2.30+ds1-1
Affected_by_vulnerabilities
0
url VCID-3y7d-ujep-4ydm
vulnerability_id VCID-3y7d-ujep-4ydm
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34340
reference_id
reference_type
scores
0
value 0.00842
scoring_system epss
scoring_elements 0.74774
published_at 2026-04-21T12:55:00Z
1
value 0.00842
scoring_system epss
scoring_elements 0.74749
published_at 2026-04-12T12:55:00Z
2
value 0.00842
scoring_system epss
scoring_elements 0.74739
published_at 2026-04-13T12:55:00Z
3
value 0.00842
scoring_system epss
scoring_elements 0.74776
published_at 2026-04-16T12:55:00Z
4
value 0.00842
scoring_system epss
scoring_elements 0.74784
published_at 2026-04-18T12:55:00Z
5
value 0.00842
scoring_system epss
scoring_elements 0.74699
published_at 2026-04-02T12:55:00Z
6
value 0.00842
scoring_system epss
scoring_elements 0.74726
published_at 2026-04-04T12:55:00Z
7
value 0.00842
scoring_system epss
scoring_elements 0.747
published_at 2026-04-07T12:55:00Z
8
value 0.00842
scoring_system epss
scoring_elements 0.74732
published_at 2026-04-08T12:55:00Z
9
value 0.00842
scoring_system epss
scoring_elements 0.74747
published_at 2026-04-09T12:55:00Z
10
value 0.00842
scoring_system epss
scoring_elements 0.7477
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34340
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34340
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34340
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m
reference_id GHSA-37x7-mfjv-mm7m
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:13:47Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:13:47Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
4
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-34340
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3y7d-ujep-4ydm
1
url VCID-44fx-4w2y-y3dy
vulnerability_id VCID-44fx-4w2y-y3dy
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31458
reference_id
reference_type
scores
0
value 0.06015
scoring_system epss
scoring_elements 0.90726
published_at 2026-04-21T12:55:00Z
1
value 0.06015
scoring_system epss
scoring_elements 0.90715
published_at 2026-04-12T12:55:00Z
2
value 0.06015
scoring_system epss
scoring_elements 0.90711
published_at 2026-04-13T12:55:00Z
3
value 0.06015
scoring_system epss
scoring_elements 0.9073
published_at 2026-04-16T12:55:00Z
4
value 0.06015
scoring_system epss
scoring_elements 0.90728
published_at 2026-04-18T12:55:00Z
5
value 0.06015
scoring_system epss
scoring_elements 0.9067
published_at 2026-04-02T12:55:00Z
6
value 0.06015
scoring_system epss
scoring_elements 0.9068
published_at 2026-04-04T12:55:00Z
7
value 0.06015
scoring_system epss
scoring_elements 0.90689
published_at 2026-04-07T12:55:00Z
8
value 0.06015
scoring_system epss
scoring_elements 0.907
published_at 2026-04-08T12:55:00Z
9
value 0.06015
scoring_system epss
scoring_elements 0.90705
published_at 2026-04-09T12:55:00Z
10
value 0.06015
scoring_system epss
scoring_elements 0.90714
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31458
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31458
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31458
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x
reference_id GHSA-jrxg-8wh8-943x
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:19:29Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:19:29Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
4
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-31458
risk_score 2.0
exploitability 0.5
weighted_severity 4.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44fx-4w2y-y3dy
2
url VCID-4e5y-1s19-r7g7
vulnerability_id VCID-4e5y-1s19-r7g7
summary Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are accepted, stored verbatim in the database, and later embedded into backend SNMP operations. In environments where downstream SNMP tooling or wrappers interpret newline-separated tokens as command boundaries, this can lead to unintended command execution with the privileges of the Cacti process. This vulnerability is fixed in 1.2.29.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66399
reference_id
reference_type
scores
0
value 0.00353
scoring_system epss
scoring_elements 0.57639
published_at 2026-04-02T12:55:00Z
1
value 0.00456
scoring_system epss
scoring_elements 0.63921
published_at 2026-04-18T12:55:00Z
2
value 0.00456
scoring_system epss
scoring_elements 0.63876
published_at 2026-04-13T12:55:00Z
3
value 0.00456
scoring_system epss
scoring_elements 0.63912
published_at 2026-04-21T12:55:00Z
4
value 0.00456
scoring_system epss
scoring_elements 0.63885
published_at 2026-04-04T12:55:00Z
5
value 0.00456
scoring_system epss
scoring_elements 0.63842
published_at 2026-04-07T12:55:00Z
6
value 0.00456
scoring_system epss
scoring_elements 0.63893
published_at 2026-04-08T12:55:00Z
7
value 0.00456
scoring_system epss
scoring_elements 0.6391
published_at 2026-04-09T12:55:00Z
8
value 0.00456
scoring_system epss
scoring_elements 0.63923
published_at 2026-04-11T12:55:00Z
9
value 0.00456
scoring_system epss
scoring_elements 0.63909
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66399
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66399
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66399
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-c7rr-2h93-7gjf
reference_id GHSA-c7rr-2h93-7gjf
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-02T18:25:47Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-c7rr-2h93-7gjf
fixed_packages
0
url pkg:deb/debian/cacti@1.2.30%2Bds1-1
purl pkg:deb/debian/cacti@1.2.30%2Bds1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1
aliases CVE-2025-66399
risk_score 3.4
exploitability 0.5
weighted_severity 6.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4e5y-1s19-r7g7
3
url VCID-4twv-1yys-eban
vulnerability_id VCID-4twv-1yys-eban
summary Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-22604
reference_id
reference_type
scores
0
value 0.72211
scoring_system epss
scoring_elements 0.98758
published_at 2026-04-21T12:55:00Z
1
value 0.72211
scoring_system epss
scoring_elements 0.98753
published_at 2026-04-12T12:55:00Z
2
value 0.72211
scoring_system epss
scoring_elements 0.98754
published_at 2026-04-13T12:55:00Z
3
value 0.72211
scoring_system epss
scoring_elements 0.98757
published_at 2026-04-18T12:55:00Z
4
value 0.72211
scoring_system epss
scoring_elements 0.98742
published_at 2026-04-02T12:55:00Z
5
value 0.72211
scoring_system epss
scoring_elements 0.98746
published_at 2026-04-04T12:55:00Z
6
value 0.72211
scoring_system epss
scoring_elements 0.98749
published_at 2026-04-07T12:55:00Z
7
value 0.72211
scoring_system epss
scoring_elements 0.9875
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-22604
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id 1094574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
3
reference_url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_id c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/
url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36
reference_id GHSA-c5j8-jxj3-hh36
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2025-22604
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4twv-1yys-eban
4
url VCID-6t6n-ws5n-wkay
vulnerability_id VCID-6t6n-ws5n-wkay
summary Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31443
reference_id
reference_type
scores
0
value 0.00493
scoring_system epss
scoring_elements 0.65757
published_at 2026-04-18T12:55:00Z
1
value 0.00493
scoring_system epss
scoring_elements 0.65719
published_at 2026-04-08T12:55:00Z
2
value 0.00493
scoring_system epss
scoring_elements 0.65731
published_at 2026-04-09T12:55:00Z
3
value 0.00493
scoring_system epss
scoring_elements 0.65752
published_at 2026-04-11T12:55:00Z
4
value 0.00493
scoring_system epss
scoring_elements 0.65737
published_at 2026-04-12T12:55:00Z
5
value 0.00493
scoring_system epss
scoring_elements 0.65708
published_at 2026-04-13T12:55:00Z
6
value 0.00493
scoring_system epss
scoring_elements 0.65743
published_at 2026-04-21T12:55:00Z
7
value 0.00493
scoring_system epss
scoring_elements 0.65672
published_at 2026-04-02T12:55:00Z
8
value 0.00493
scoring_system epss
scoring_elements 0.65702
published_at 2026-04-04T12:55:00Z
9
value 0.00493
scoring_system epss
scoring_elements 0.65667
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31443
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31443
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31443
2
reference_url https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf
reference_id f946fa537d19678f938ddbd784a10e3290d275cf
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/
url https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf
3
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3
reference_id GHSA-rqc8-78cm-85j3
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
5
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-31443
risk_score 2.5
exploitability 0.5
weighted_severity 5.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6t6n-ws5n-wkay
5
url VCID-6ze5-dqdn-ykg3
vulnerability_id VCID-6ze5-dqdn-ykg3
summary Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45598
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.19758
published_at 2026-04-02T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.1981
published_at 2026-04-04T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19532
published_at 2026-04-07T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.19611
published_at 2026-04-08T12:55:00Z
4
value 0.00063
scoring_system epss
scoring_elements 0.19664
published_at 2026-04-09T12:55:00Z
5
value 0.00063
scoring_system epss
scoring_elements 0.19668
published_at 2026-04-11T12:55:00Z
6
value 0.00087
scoring_system epss
scoring_elements 0.24993
published_at 2026-04-12T12:55:00Z
7
value 0.00087
scoring_system epss
scoring_elements 0.24939
published_at 2026-04-13T12:55:00Z
8
value 0.00087
scoring_system epss
scoring_elements 0.24951
published_at 2026-04-16T12:55:00Z
9
value 0.00087
scoring_system epss
scoring_elements 0.24944
published_at 2026-04-18T12:55:00Z
10
value 0.00087
scoring_system epss
scoring_elements 0.24917
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45598
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id 1094574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-45598
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ze5-dqdn-ykg3
6
url VCID-7m68-seeq-tuae
vulnerability_id VCID-7m68-seeq-tuae
summary Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-24368
reference_id
reference_type
scores
0
value 0.00069
scoring_system epss
scoring_elements 0.2139
published_at 2026-04-04T12:55:00Z
1
value 0.00069
scoring_system epss
scoring_elements 0.21335
published_at 2026-04-02T12:55:00Z
2
value 0.00112
scoring_system epss
scoring_elements 0.29534
published_at 2026-04-21T12:55:00Z
3
value 0.00112
scoring_system epss
scoring_elements 0.2968
published_at 2026-04-11T12:55:00Z
4
value 0.00112
scoring_system epss
scoring_elements 0.29636
published_at 2026-04-12T12:55:00Z
5
value 0.00112
scoring_system epss
scoring_elements 0.29586
published_at 2026-04-13T12:55:00Z
6
value 0.00112
scoring_system epss
scoring_elements 0.29605
published_at 2026-04-16T12:55:00Z
7
value 0.00112
scoring_system epss
scoring_elements 0.29579
published_at 2026-04-18T12:55:00Z
8
value 0.00112
scoring_system epss
scoring_elements 0.2964
published_at 2026-04-08T12:55:00Z
9
value 0.00112
scoring_system epss
scoring_elements 0.29678
published_at 2026-04-09T12:55:00Z
10
value 0.00146
scoring_system epss
scoring_elements 0.34947
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-24368
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id 1094574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
3
reference_url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_id c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/
url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c
reference_id GHSA-f9c7-7rc3-574c
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2025-24368
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7m68-seeq-tuae
7
url VCID-85gc-u991-z3dw
vulnerability_id VCID-85gc-u991-z3dw
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25641
reference_id
reference_type
scores
0
value 0.88383
scoring_system epss
scoring_elements 0.99491
published_at 2026-04-02T12:55:00Z
1
value 0.88383
scoring_system epss
scoring_elements 0.99502
published_at 2026-04-18T12:55:00Z
2
value 0.88383
scoring_system epss
scoring_elements 0.99501
published_at 2026-04-16T12:55:00Z
3
value 0.88383
scoring_system epss
scoring_elements 0.99498
published_at 2026-04-13T12:55:00Z
4
value 0.88383
scoring_system epss
scoring_elements 0.99497
published_at 2026-04-09T12:55:00Z
5
value 0.88383
scoring_system epss
scoring_elements 0.99496
published_at 2026-04-08T12:55:00Z
6
value 0.88383
scoring_system epss
scoring_elements 0.99495
published_at 2026-04-07T12:55:00Z
7
value 0.88383
scoring_system epss
scoring_elements 0.99493
published_at 2026-04-04T12:55:00Z
8
value 0.88501
scoring_system epss
scoring_elements 0.99506
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25641
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25641
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25641
2
reference_url http://seclists.org/fulldisclosure/2024/May/6
reference_id 6
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/
url http://seclists.org/fulldisclosure/2024/May/6
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52225.txt
reference_id CVE-2024-25641
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52225.txt
4
reference_url https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210
reference_id eff35b0ff26cc27c82d7880469ed6d5e3bef6210
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/
url https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210
5
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88
reference_id GHSA-7cmj-g5qc-pj88
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
7
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-25641
risk_score 10.0
exploitability 2.0
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-85gc-u991-z3dw
8
url VCID-be57-gxmc-vqd4
vulnerability_id VCID-be57-gxmc-vqd4
summary Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43362
reference_id
reference_type
scores
0
value 0.05453
scoring_system epss
scoring_elements 0.902
published_at 2026-04-21T12:55:00Z
1
value 0.05453
scoring_system epss
scoring_elements 0.90185
published_at 2026-04-13T12:55:00Z
2
value 0.05453
scoring_system epss
scoring_elements 0.90203
published_at 2026-04-16T12:55:00Z
3
value 0.05453
scoring_system epss
scoring_elements 0.90204
published_at 2026-04-18T12:55:00Z
4
value 0.05453
scoring_system epss
scoring_elements 0.90156
published_at 2026-04-04T12:55:00Z
5
value 0.05453
scoring_system epss
scoring_elements 0.90162
published_at 2026-04-07T12:55:00Z
6
value 0.05453
scoring_system epss
scoring_elements 0.90177
published_at 2026-04-08T12:55:00Z
7
value 0.05453
scoring_system epss
scoring_elements 0.90183
published_at 2026-04-09T12:55:00Z
8
value 0.05453
scoring_system epss
scoring_elements 0.90192
published_at 2026-04-11T12:55:00Z
9
value 0.05453
scoring_system epss
scoring_elements 0.90191
published_at 2026-04-12T12:55:00Z
10
value 0.07763
scoring_system epss
scoring_elements 0.91918
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43362
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c
reference_id GHSA-wh9c-v56x-v77c
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:07:47Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-43362
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-be57-gxmc-vqd4
9
url VCID-cqr3-wwhj-tyck
vulnerability_id VCID-cqr3-wwhj-tyck
summary In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-48538
reference_id
reference_type
scores
0
value 0.00068
scoring_system epss
scoring_elements 0.20976
published_at 2026-04-21T12:55:00Z
1
value 0.00068
scoring_system epss
scoring_elements 0.20996
published_at 2026-04-18T12:55:00Z
2
value 0.00068
scoring_system epss
scoring_elements 0.21177
published_at 2026-04-02T12:55:00Z
3
value 0.00068
scoring_system epss
scoring_elements 0.21232
published_at 2026-04-04T12:55:00Z
4
value 0.00068
scoring_system epss
scoring_elements 0.20945
published_at 2026-04-07T12:55:00Z
5
value 0.00068
scoring_system epss
scoring_elements 0.21026
published_at 2026-04-08T12:55:00Z
6
value 0.00068
scoring_system epss
scoring_elements 0.21085
published_at 2026-04-09T12:55:00Z
7
value 0.00068
scoring_system epss
scoring_elements 0.21103
published_at 2026-04-11T12:55:00Z
8
value 0.00068
scoring_system epss
scoring_elements 0.21059
published_at 2026-04-12T12:55:00Z
9
value 0.00068
scoring_system epss
scoring_elements 0.21007
published_at 2026-04-13T12:55:00Z
10
value 0.00068
scoring_system epss
scoring_elements 0.20997
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-48538
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48538
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48538
2
reference_url https://github.com/Cacti/cacti/issues/5189
reference_id 5189
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:17:25Z/
url https://github.com/Cacti/cacti/issues/5189
3
reference_url https://docs.cacti.net/Settings-Auth-LDAP.md
reference_id Settings-Auth-LDAP.md
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:17:25Z/
url https://docs.cacti.net/Settings-Auth-LDAP.md
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2022-48538
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cqr3-wwhj-tyck
10
url VCID-fhtp-y9a5-vqgj
vulnerability_id VCID-fhtp-y9a5-vqgj
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31445
reference_id
reference_type
scores
0
value 0.39471
scoring_system epss
scoring_elements 0.9731
published_at 2026-04-21T12:55:00Z
1
value 0.39471
scoring_system epss
scoring_elements 0.9728
published_at 2026-04-02T12:55:00Z
2
value 0.39471
scoring_system epss
scoring_elements 0.97285
published_at 2026-04-04T12:55:00Z
3
value 0.39471
scoring_system epss
scoring_elements 0.97286
published_at 2026-04-07T12:55:00Z
4
value 0.39471
scoring_system epss
scoring_elements 0.97293
published_at 2026-04-09T12:55:00Z
5
value 0.39471
scoring_system epss
scoring_elements 0.97296
published_at 2026-04-11T12:55:00Z
6
value 0.39471
scoring_system epss
scoring_elements 0.97297
published_at 2026-04-12T12:55:00Z
7
value 0.39471
scoring_system epss
scoring_elements 0.97298
published_at 2026-04-13T12:55:00Z
8
value 0.39471
scoring_system epss
scoring_elements 0.97306
published_at 2026-04-16T12:55:00Z
9
value 0.39471
scoring_system epss
scoring_elements 0.97308
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31445
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31445
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31445
2
reference_url https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717
reference_id api_automation.php#L717
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/
url https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717
3
reference_url https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856
reference_id api_automation.php#L856
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/
url https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856
4
reference_url https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886
reference_id fd93c6e47651958b77c3bbe6a01fff695f81e886
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/
url https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886
5
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc
reference_id GHSA-vjph-r677-6pcc
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
7
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-31445
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fhtp-y9a5-vqgj
11
url VCID-hj89-pnag-3fer
vulnerability_id VCID-hj89-pnag-3fer
summary Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43363
reference_id
reference_type
scores
0
value 0.75133
scoring_system epss
scoring_elements 0.98883
published_at 2026-04-21T12:55:00Z
1
value 0.75133
scoring_system epss
scoring_elements 0.98878
published_at 2026-04-16T12:55:00Z
2
value 0.75133
scoring_system epss
scoring_elements 0.98879
published_at 2026-04-18T12:55:00Z
3
value 0.75133
scoring_system epss
scoring_elements 0.98868
published_at 2026-04-02T12:55:00Z
4
value 0.75133
scoring_system epss
scoring_elements 0.98869
published_at 2026-04-04T12:55:00Z
5
value 0.75133
scoring_system epss
scoring_elements 0.98872
published_at 2026-04-09T12:55:00Z
6
value 0.75133
scoring_system epss
scoring_elements 0.98873
published_at 2026-04-08T12:55:00Z
7
value 0.75133
scoring_system epss
scoring_elements 0.98875
published_at 2026-04-11T12:55:00Z
8
value 0.75133
scoring_system epss
scoring_elements 0.98876
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43363
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4
reference_id GHSA-gxq4-mv8h-6qj4
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-08T14:21:20Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-43363
risk_score 3.2
exploitability 0.5
weighted_severity 6.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hj89-pnag-3fer
12
url VCID-jkca-shmj-mbbu
vulnerability_id VCID-jkca-shmj-mbbu
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31459
reference_id
reference_type
scores
0
value 0.01844
scoring_system epss
scoring_elements 0.8301
published_at 2026-04-21T12:55:00Z
1
value 0.01844
scoring_system epss
scoring_elements 0.8293
published_at 2026-04-07T12:55:00Z
2
value 0.01844
scoring_system epss
scoring_elements 0.82955
published_at 2026-04-08T12:55:00Z
3
value 0.01844
scoring_system epss
scoring_elements 0.82962
published_at 2026-04-09T12:55:00Z
4
value 0.01844
scoring_system epss
scoring_elements 0.82977
published_at 2026-04-11T12:55:00Z
5
value 0.01844
scoring_system epss
scoring_elements 0.82972
published_at 2026-04-12T12:55:00Z
6
value 0.01844
scoring_system epss
scoring_elements 0.82968
published_at 2026-04-13T12:55:00Z
7
value 0.01844
scoring_system epss
scoring_elements 0.83007
published_at 2026-04-16T12:55:00Z
8
value 0.01844
scoring_system epss
scoring_elements 0.83006
published_at 2026-04-18T12:55:00Z
9
value 0.01844
scoring_system epss
scoring_elements 0.82921
published_at 2026-04-02T12:55:00Z
10
value 0.01844
scoring_system epss
scoring_elements 0.82933
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31459
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31459
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
reference_id GHSA-cx8g-hvq8-p2rv
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
3
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r
reference_id GHSA-gj3f-p326-gh8r
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
reference_id GHSA-pfh9-gwm6-86vp
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
6
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-31459
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jkca-shmj-mbbu
13
url VCID-k7kv-za2s-dud5
vulnerability_id VCID-k7kv-za2s-dud5
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31460
reference_id
reference_type
scores
0
value 0.01692
scoring_system epss
scoring_elements 0.82285
published_at 2026-04-21T12:55:00Z
1
value 0.01692
scoring_system epss
scoring_elements 0.82234
published_at 2026-04-08T12:55:00Z
2
value 0.01692
scoring_system epss
scoring_elements 0.82241
published_at 2026-04-09T12:55:00Z
3
value 0.01692
scoring_system epss
scoring_elements 0.8226
published_at 2026-04-11T12:55:00Z
4
value 0.01692
scoring_system epss
scoring_elements 0.82253
published_at 2026-04-12T12:55:00Z
5
value 0.01692
scoring_system epss
scoring_elements 0.82247
published_at 2026-04-13T12:55:00Z
6
value 0.01692
scoring_system epss
scoring_elements 0.82284
published_at 2026-04-18T12:55:00Z
7
value 0.01692
scoring_system epss
scoring_elements 0.82191
published_at 2026-04-02T12:55:00Z
8
value 0.01692
scoring_system epss
scoring_elements 0.82211
published_at 2026-04-04T12:55:00Z
9
value 0.01692
scoring_system epss
scoring_elements 0.82207
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31460
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31460
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
reference_id GHSA-cx8g-hvq8-p2rv
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
3
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r
reference_id GHSA-gj3f-p326-gh8r
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
5
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-31460
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k7kv-za2s-dud5
14
url VCID-khhn-9sja-sfgr
vulnerability_id VCID-khhn-9sja-sfgr
summary Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-24367
reference_id
reference_type
scores
0
value 0.90486
scoring_system epss
scoring_elements 0.99606
published_at 2026-04-04T12:55:00Z
1
value 0.90486
scoring_system epss
scoring_elements 0.99608
published_at 2026-04-11T12:55:00Z
2
value 0.90486
scoring_system epss
scoring_elements 0.99609
published_at 2026-04-13T12:55:00Z
3
value 0.90486
scoring_system epss
scoring_elements 0.9961
published_at 2026-04-18T12:55:00Z
4
value 0.90486
scoring_system epss
scoring_elements 0.99611
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-24367
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id 1094574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
3
reference_url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_id c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/
url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq
reference_id GHSA-fxrq-fr7h-9rqq
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2025-24367
risk_score 10.0
exploitability 2.0
weighted_severity 7.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khhn-9sja-sfgr
15
url VCID-mebp-4rfu-vqcq
vulnerability_id VCID-mebp-4rfu-vqcq
summary 
DOMpurify has a nesting-based mXSS
DOMpurify was vulnerable to nesting-based mXSS 

fixed by [0ef5e537](https://github.com/cure53/DOMPurify/tree/0ef5e537a514f904b6aa1d7ad9e749e365d7185f) (2.x) and
[merge 943](https://github.com/cure53/DOMPurify/pull/943)

Backporter should be aware of GHSA-mmhx-hmjr-r674 (CVE-2024-45801) when cherry-picking

POC is avaible under [test](https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47875.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47875.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47875
reference_id
reference_type
scores
0
value 0.00699
scoring_system epss
scoring_elements 0.72026
published_at 2026-04-18T12:55:00Z
1
value 0.00699
scoring_system epss
scoring_elements 0.72019
published_at 2026-04-16T12:55:00Z
2
value 0.00699
scoring_system epss
scoring_elements 0.71978
published_at 2026-04-13T12:55:00Z
3
value 0.00699
scoring_system epss
scoring_elements 0.71993
published_at 2026-04-12T12:55:00Z
4
value 0.00699
scoring_system epss
scoring_elements 0.71939
published_at 2026-04-02T12:55:00Z
5
value 0.00699
scoring_system epss
scoring_elements 0.7201
published_at 2026-04-11T12:55:00Z
6
value 0.00699
scoring_system epss
scoring_elements 0.71986
published_at 2026-04-09T12:55:00Z
7
value 0.00699
scoring_system epss
scoring_elements 0.71974
published_at 2026-04-08T12:55:00Z
8
value 0.00699
scoring_system epss
scoring_elements 0.71935
published_at 2026-04-07T12:55:00Z
9
value 0.00699
scoring_system epss
scoring_elements 0.71959
published_at 2026-04-04T12:55:00Z
10
value 0.00719
scoring_system epss
scoring_elements 0.72486
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47875
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875
3
reference_url http://seclists.org/fulldisclosure/2025/Apr/14
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2025/Apr/14
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/cure53/DOMPurify
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/cure53/DOMPurify
6
reference_url https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
2
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/
url https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098
7
reference_url https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
2
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/
url https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f
8
reference_url https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
2
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/
url https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a
9
reference_url https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/
url https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf
10
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47875
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47875
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983
reference_id 1084983
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2318052
reference_id 2318052
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2318052
14
reference_url https://github.com/advisories/GHSA-gx9m-whjm-85jf
reference_id GHSA-gx9m-whjm-85jf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gx9m-whjm-85jf
15
reference_url https://access.redhat.com/errata/RHSA-2024:10236
reference_id RHSA-2024:10236
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10236
16
reference_url https://access.redhat.com/errata/RHSA-2024:10988
reference_id RHSA-2024:10988
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10988
17
reference_url https://access.redhat.com/errata/RHSA-2024:8683
reference_id RHSA-2024:8683
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8683
18
reference_url https://access.redhat.com/errata/RHSA-2024:8981
reference_id RHSA-2024:8981
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8981
19
reference_url https://access.redhat.com/errata/RHSA-2024:9473
reference_id RHSA-2024:9473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9473
20
reference_url https://access.redhat.com/errata/RHSA-2024:9629
reference_id RHSA-2024:9629
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9629
21
reference_url https://access.redhat.com/errata/RHSA-2025:0329
reference_id RHSA-2025:0329
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0329
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-47875, GHSA-gx9m-whjm-85jf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mebp-4rfu-vqcq
16
url VCID-pxqa-nkv3-jqfs
vulnerability_id VCID-pxqa-nkv3-jqfs
summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30534
reference_id
reference_type
scores
0
value 0.48534
scoring_system epss
scoring_elements 0.97733
published_at 2026-04-02T12:55:00Z
1
value 0.48534
scoring_system epss
scoring_elements 0.97735
published_at 2026-04-07T12:55:00Z
2
value 0.48534
scoring_system epss
scoring_elements 0.9774
published_at 2026-04-08T12:55:00Z
3
value 0.48534
scoring_system epss
scoring_elements 0.97744
published_at 2026-04-09T12:55:00Z
4
value 0.48534
scoring_system epss
scoring_elements 0.97746
published_at 2026-04-11T12:55:00Z
5
value 0.48534
scoring_system epss
scoring_elements 0.97749
published_at 2026-04-12T12:55:00Z
6
value 0.48534
scoring_system epss
scoring_elements 0.9775
published_at 2026-04-13T12:55:00Z
7
value 0.48534
scoring_system epss
scoring_elements 0.97756
published_at 2026-04-16T12:55:00Z
8
value 0.48534
scoring_system epss
scoring_elements 0.97759
published_at 2026-04-18T12:55:00Z
9
value 0.48534
scoring_system epss
scoring_elements 0.97758
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30534
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30534
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30534
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
reference_id CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
3
reference_url https://www.fastly.com/blog/cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25
reference_id cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/
url https://www.fastly.com/blog/cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p
reference_id GHSA-77rf-774j-6h3p
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p
5
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
reference_id WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
reference_id WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.30%2Bds1-1
purl pkg:deb/debian/cacti@1.2.30%2Bds1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1
aliases CVE-2023-30534
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pxqa-nkv3-jqfs
17
url VCID-qnz1-w7bb-97ee
vulnerability_id VCID-qnz1-w7bb-97ee
summary Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41444
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.51899
published_at 2026-04-21T12:55:00Z
1
value 0.00285
scoring_system epss
scoring_elements 0.51812
published_at 2026-04-02T12:55:00Z
2
value 0.00285
scoring_system epss
scoring_elements 0.51838
published_at 2026-04-04T12:55:00Z
3
value 0.00285
scoring_system epss
scoring_elements 0.51799
published_at 2026-04-07T12:55:00Z
4
value 0.00285
scoring_system epss
scoring_elements 0.51854
published_at 2026-04-08T12:55:00Z
5
value 0.00285
scoring_system epss
scoring_elements 0.51851
published_at 2026-04-09T12:55:00Z
6
value 0.00285
scoring_system epss
scoring_elements 0.51903
published_at 2026-04-11T12:55:00Z
7
value 0.00285
scoring_system epss
scoring_elements 0.51885
published_at 2026-04-12T12:55:00Z
8
value 0.00285
scoring_system epss
scoring_elements 0.5187
published_at 2026-04-13T12:55:00Z
9
value 0.00285
scoring_system epss
scoring_elements 0.51912
published_at 2026-04-16T12:55:00Z
10
value 0.00285
scoring_system epss
scoring_elements 0.51919
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41444
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41444
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41444
2
reference_url https://gist.github.com/enferas/9079535112e4f4ff2c1d2ce1c099d4c2
reference_id 9079535112e4f4ff2c1d2ce1c099d4c2
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:41:35Z/
url https://gist.github.com/enferas/9079535112e4f4ff2c1d2ce1c099d4c2
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2022-41444
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qnz1-w7bb-97ee
18
url VCID-s8du-gzj2-gkc1
vulnerability_id VCID-s8du-gzj2-gkc1
summary Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43364
reference_id
reference_type
scores
0
value 0.05293
scoring_system epss
scoring_elements 0.9003
published_at 2026-04-21T12:55:00Z
1
value 0.05293
scoring_system epss
scoring_elements 0.90016
published_at 2026-04-13T12:55:00Z
2
value 0.05293
scoring_system epss
scoring_elements 0.90032
published_at 2026-04-16T12:55:00Z
3
value 0.05293
scoring_system epss
scoring_elements 0.90033
published_at 2026-04-18T12:55:00Z
4
value 0.05293
scoring_system epss
scoring_elements 0.89988
published_at 2026-04-04T12:55:00Z
5
value 0.05293
scoring_system epss
scoring_elements 0.89993
published_at 2026-04-07T12:55:00Z
6
value 0.05293
scoring_system epss
scoring_elements 0.90009
published_at 2026-04-08T12:55:00Z
7
value 0.05293
scoring_system epss
scoring_elements 0.90014
published_at 2026-04-09T12:55:00Z
8
value 0.05293
scoring_system epss
scoring_elements 0.90024
published_at 2026-04-11T12:55:00Z
9
value 0.05293
scoring_system epss
scoring_elements 0.90022
published_at 2026-04-12T12:55:00Z
10
value 0.07542
scoring_system epss
scoring_elements 0.91788
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43364
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5
reference_id GHSA-fgc6-g8gc-wcg5
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:27Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-43364
risk_score 2.5
exploitability 0.5
weighted_severity 5.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s8du-gzj2-gkc1
19
url VCID-sx2t-uzae-2fh9
vulnerability_id VCID-sx2t-uzae-2fh9
summary Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-54145
reference_id
reference_type
scores
0
value 0.00084
scoring_system epss
scoring_elements 0.24603
published_at 2026-04-02T12:55:00Z
1
value 0.00084
scoring_system epss
scoring_elements 0.24415
published_at 2026-04-07T12:55:00Z
2
value 0.00084
scoring_system epss
scoring_elements 0.2464
published_at 2026-04-04T12:55:00Z
3
value 0.0018
scoring_system epss
scoring_elements 0.39525
published_at 2026-04-21T12:55:00Z
4
value 0.0018
scoring_system epss
scoring_elements 0.39604
published_at 2026-04-12T12:55:00Z
5
value 0.0018
scoring_system epss
scoring_elements 0.39587
published_at 2026-04-13T12:55:00Z
6
value 0.0018
scoring_system epss
scoring_elements 0.39638
published_at 2026-04-16T12:55:00Z
7
value 0.0018
scoring_system epss
scoring_elements 0.39609
published_at 2026-04-18T12:55:00Z
8
value 0.0018
scoring_system epss
scoring_elements 0.39616
published_at 2026-04-08T12:55:00Z
9
value 0.0018
scoring_system epss
scoring_elements 0.39631
published_at 2026-04-09T12:55:00Z
10
value 0.0018
scoring_system epss
scoring_elements 0.3964
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-54145
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id 1094574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
3
reference_url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_id c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/
url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp
reference_id GHSA-fh3x-69rr-qqpp
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-54145
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sx2t-uzae-2fh9
20
url VCID-vbs9-gben-9kgc
vulnerability_id VCID-vbs9-gben-9kgc
summary 
DOMPurify vulnerable to tampering by prototype polution
dompurify was vulnerable to prototype pollution

Fixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48910.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48910.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-48910
reference_id
reference_type
scores
0
value 0.02592
scoring_system epss
scoring_elements 0.85615
published_at 2026-04-21T12:55:00Z
1
value 0.02592
scoring_system epss
scoring_elements 0.85547
published_at 2026-04-04T12:55:00Z
2
value 0.02592
scoring_system epss
scoring_elements 0.85553
published_at 2026-04-07T12:55:00Z
3
value 0.02592
scoring_system epss
scoring_elements 0.85573
published_at 2026-04-08T12:55:00Z
4
value 0.02592
scoring_system epss
scoring_elements 0.85583
published_at 2026-04-09T12:55:00Z
5
value 0.02592
scoring_system epss
scoring_elements 0.85597
published_at 2026-04-11T12:55:00Z
6
value 0.02592
scoring_system epss
scoring_elements 0.85594
published_at 2026-04-12T12:55:00Z
7
value 0.02592
scoring_system epss
scoring_elements 0.8559
published_at 2026-04-13T12:55:00Z
8
value 0.02592
scoring_system epss
scoring_elements 0.85613
published_at 2026-04-16T12:55:00Z
9
value 0.02592
scoring_system epss
scoring_elements 0.85619
published_at 2026-04-18T12:55:00Z
10
value 0.02808
scoring_system epss
scoring_elements 0.86074
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-48910
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48910
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48910
3
reference_url https://github.com/cure53/DOMPurify
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/cure53/DOMPurify
4
reference_url https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-31T15:52:58Z/
url https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc
5
reference_url https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-31T15:52:58Z/
url https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr
6
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-48910
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-48910
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2322949
reference_id 2322949
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2322949
9
reference_url https://github.com/advisories/GHSA-p3vf-v8qc-cwcr
reference_id GHSA-p3vf-v8qc-cwcr
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p3vf-v8qc-cwcr
10
reference_url https://access.redhat.com/errata/RHSA-2024:10186
reference_id RHSA-2024:10186
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10186
11
reference_url https://access.redhat.com/errata/RHSA-2024:9583
reference_id RHSA-2024:9583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9583
12
reference_url https://access.redhat.com/errata/RHSA-2025:0079
reference_id RHSA-2025:0079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0079
13
reference_url https://access.redhat.com/errata/RHSA-2025:0082
reference_id RHSA-2025:0082
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0082
14
reference_url https://access.redhat.com/errata/RHSA-2025:0654
reference_id RHSA-2025:0654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0654
15
reference_url https://access.redhat.com/errata/RHSA-2025:0875
reference_id RHSA-2025:0875
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0875
16
reference_url https://access.redhat.com/errata/RHSA-2025:18233
reference_id RHSA-2025:18233
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18233
17
reference_url https://access.redhat.com/errata/RHSA-2025:19003
reference_id RHSA-2025:19003
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19003
18
reference_url https://access.redhat.com/errata/RHSA-2025:19017
reference_id RHSA-2025:19017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19017
19
reference_url https://access.redhat.com/errata/RHSA-2025:19047
reference_id RHSA-2025:19047
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19047
20
reference_url https://access.redhat.com/errata/RHSA-2025:19306
reference_id RHSA-2025:19306
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19306
21
reference_url https://access.redhat.com/errata/RHSA-2025:19314
reference_id RHSA-2025:19314
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19314
22
reference_url https://access.redhat.com/errata/RHSA-2025:19895
reference_id RHSA-2025:19895
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19895
23
reference_url https://access.redhat.com/errata/RHSA-2025:22284
reference_id RHSA-2025:22284
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22284
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-48910, GHSA-p3vf-v8qc-cwcr
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vbs9-gben-9kgc
21
url VCID-xdbp-7rtr-fyb7
vulnerability_id VCID-xdbp-7rtr-fyb7
summary Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43365
reference_id
reference_type
scores
0
value 0.05293
scoring_system epss
scoring_elements 0.9003
published_at 2026-04-21T12:55:00Z
1
value 0.05293
scoring_system epss
scoring_elements 0.90032
published_at 2026-04-16T12:55:00Z
2
value 0.05293
scoring_system epss
scoring_elements 0.90033
published_at 2026-04-18T12:55:00Z
3
value 0.05293
scoring_system epss
scoring_elements 0.89975
published_at 2026-04-02T12:55:00Z
4
value 0.05293
scoring_system epss
scoring_elements 0.89988
published_at 2026-04-04T12:55:00Z
5
value 0.05293
scoring_system epss
scoring_elements 0.89993
published_at 2026-04-07T12:55:00Z
6
value 0.05293
scoring_system epss
scoring_elements 0.90009
published_at 2026-04-08T12:55:00Z
7
value 0.05293
scoring_system epss
scoring_elements 0.90014
published_at 2026-04-09T12:55:00Z
8
value 0.05293
scoring_system epss
scoring_elements 0.90024
published_at 2026-04-11T12:55:00Z
9
value 0.05293
scoring_system epss
scoring_elements 0.90022
published_at 2026-04-12T12:55:00Z
10
value 0.05293
scoring_system epss
scoring_elements 0.90016
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43365
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr
reference_id GHSA-49f2-hwx9-qffr
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:21Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-43365
risk_score 2.5
exploitability 0.5
weighted_severity 5.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xdbp-7rtr-fyb7
22
url VCID-xkkm-ss3p-1udc
vulnerability_id VCID-xkkm-ss3p-1udc
summary SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46490
reference_id
reference_type
scores
0
value 0.00207
scoring_system epss
scoring_elements 0.4306
published_at 2026-04-21T12:55:00Z
1
value 0.00207
scoring_system epss
scoring_elements 0.43125
published_at 2026-04-18T12:55:00Z
2
value 0.00207
scoring_system epss
scoring_elements 0.43071
published_at 2026-04-02T12:55:00Z
3
value 0.00207
scoring_system epss
scoring_elements 0.43098
published_at 2026-04-04T12:55:00Z
4
value 0.00207
scoring_system epss
scoring_elements 0.43037
published_at 2026-04-07T12:55:00Z
5
value 0.00207
scoring_system epss
scoring_elements 0.4309
published_at 2026-04-12T12:55:00Z
6
value 0.00207
scoring_system epss
scoring_elements 0.43102
published_at 2026-04-09T12:55:00Z
7
value 0.00207
scoring_system epss
scoring_elements 0.43124
published_at 2026-04-11T12:55:00Z
8
value 0.00207
scoring_system epss
scoring_elements 0.43075
published_at 2026-04-13T12:55:00Z
9
value 0.00207
scoring_system epss
scoring_elements 0.43135
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46490
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46490
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46490
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059286
reference_id 1059286
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059286
3
reference_url https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53
reference_id a95632111138fcd7ccf7432ccb145b53
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T14:48:55Z/
url https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c
reference_id GHSA-f4r3-53jr-654c
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T14:48:55Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c
fixed_packages
0
url pkg:deb/debian/cacti@1.2.30%2Bds1-1
purl pkg:deb/debian/cacti@1.2.30%2Bds1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1
aliases CVE-2023-46490
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xkkm-ss3p-1udc
23
url VCID-y683-kz6e-afhv
vulnerability_id VCID-y683-kz6e-afhv
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31444
reference_id
reference_type
scores
0
value 0.09401
scoring_system epss
scoring_elements 0.92802
published_at 2026-04-21T12:55:00Z
1
value 0.09401
scoring_system epss
scoring_elements 0.92783
published_at 2026-04-09T12:55:00Z
2
value 0.09401
scoring_system epss
scoring_elements 0.92788
published_at 2026-04-11T12:55:00Z
3
value 0.09401
scoring_system epss
scoring_elements 0.92787
published_at 2026-04-13T12:55:00Z
4
value 0.09401
scoring_system epss
scoring_elements 0.92798
published_at 2026-04-18T12:55:00Z
5
value 0.09401
scoring_system epss
scoring_elements 0.92767
published_at 2026-04-02T12:55:00Z
6
value 0.09401
scoring_system epss
scoring_elements 0.92772
published_at 2026-04-04T12:55:00Z
7
value 0.09401
scoring_system epss
scoring_elements 0.92769
published_at 2026-04-07T12:55:00Z
8
value 0.09401
scoring_system epss
scoring_elements 0.92778
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31444
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31444
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31444
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87
reference_id GHSA-p4ch-7hjw-6m87
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:22:10Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:22:10Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
4
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-31444
risk_score 2.0
exploitability 0.5
weighted_severity 4.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y683-kz6e-afhv
24
url VCID-zxu5-equ9-1kam
vulnerability_id VCID-zxu5-equ9-1kam
summary A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper sanitization. As a result, attackers can inject arbitrary HTML elements (e.g., <h1>, <b>, <svg>) into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-45160
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01733
published_at 2026-04-04T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01724
published_at 2026-04-02T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02706
published_at 2026-04-21T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.0262
published_at 2026-04-11T12:55:00Z
4
value 0.00014
scoring_system epss
scoring_elements 0.02606
published_at 2026-04-13T12:55:00Z
5
value 0.00014
scoring_system epss
scoring_elements 0.02589
published_at 2026-04-16T12:55:00Z
6
value 0.00014
scoring_system epss
scoring_elements 0.02597
published_at 2026-04-18T12:55:00Z
7
value 0.00014
scoring_system epss
scoring_elements 0.02617
published_at 2026-04-07T12:55:00Z
8
value 0.00014
scoring_system epss
scoring_elements 0.02621
published_at 2026-04-08T12:55:00Z
9
value 0.00014
scoring_system epss
scoring_elements 0.02641
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-45160
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-45160
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-45160
2
reference_url https://gist.github.com/BEND0US/49d76897a5bb676d8c3f51425553cc32
reference_id 49d76897a5bb676d8c3f51425553cc32
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T17:51:08Z/
url https://gist.github.com/BEND0US/49d76897a5bb676d8c3f51425553cc32
3
reference_url https://github.com/Cacti/cacti
reference_id cacti
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T17:51:08Z/
url https://github.com/Cacti/cacti
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2025-45160
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxu5-equ9-1kam
Fixing_vulnerabilities
0
url VCID-34z4-1zqk-afcm
vulnerability_id VCID-34z4-1zqk-afcm
summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39515
reference_id
reference_type
scores
0
value 0.00258
scoring_system epss
scoring_elements 0.49161
published_at 2026-04-04T12:55:00Z
1
value 0.00258
scoring_system epss
scoring_elements 0.49131
published_at 2026-04-02T12:55:00Z
2
value 0.00258
scoring_system epss
scoring_elements 0.49174
published_at 2026-04-21T12:55:00Z
3
value 0.00258
scoring_system epss
scoring_elements 0.49205
published_at 2026-04-18T12:55:00Z
4
value 0.00258
scoring_system epss
scoring_elements 0.49207
published_at 2026-04-16T12:55:00Z
5
value 0.00258
scoring_system epss
scoring_elements 0.4916
published_at 2026-04-13T12:55:00Z
6
value 0.00258
scoring_system epss
scoring_elements 0.49155
published_at 2026-04-12T12:55:00Z
7
value 0.00258
scoring_system epss
scoring_elements 0.49181
published_at 2026-04-11T12:55:00Z
8
value 0.00258
scoring_system epss
scoring_elements 0.49164
published_at 2026-04-09T12:55:00Z
9
value 0.00258
scoring_system epss
scoring_elements 0.49167
published_at 2026-04-08T12:55:00Z
10
value 0.00258
scoring_system epss
scoring_elements 0.49113
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39515
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
reference_id CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
11
reference_url https://www.debian.org/security/2023/dsa-5550
reference_id dsa-5550
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/
url https://www.debian.org/security/2023/dsa-5550
12
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h
reference_id GHSA-hrg9-qqqx-wc4h
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h
13
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
14
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
reference_id msg00018.html
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
reference_id WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
reference_id WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2023-39515
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-34z4-1zqk-afcm
1
url VCID-3tqy-g42y-9fef
vulnerability_id VCID-3tqy-g42y-9fef
summary A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25706
reference_id
reference_type
scores
0
value 0.01458
scoring_system epss
scoring_elements 0.80772
published_at 2026-04-01T12:55:00Z
1
value 0.01458
scoring_system epss
scoring_elements 0.80781
published_at 2026-04-02T12:55:00Z
2
value 0.01458
scoring_system epss
scoring_elements 0.80802
published_at 2026-04-04T12:55:00Z
3
value 0.01458
scoring_system epss
scoring_elements 0.80799
published_at 2026-04-07T12:55:00Z
4
value 0.01458
scoring_system epss
scoring_elements 0.80826
published_at 2026-04-08T12:55:00Z
5
value 0.01458
scoring_system epss
scoring_elements 0.80835
published_at 2026-04-09T12:55:00Z
6
value 0.01458
scoring_system epss
scoring_elements 0.80851
published_at 2026-04-11T12:55:00Z
7
value 0.01458
scoring_system epss
scoring_elements 0.80836
published_at 2026-04-12T12:55:00Z
8
value 0.01458
scoring_system epss
scoring_elements 0.80829
published_at 2026-04-13T12:55:00Z
9
value 0.01458
scoring_system epss
scoring_elements 0.80866
published_at 2026-04-16T12:55:00Z
10
value 0.01458
scoring_system epss
scoring_elements 0.80868
published_at 2026-04-18T12:55:00Z
11
value 0.01458
scoring_system epss
scoring_elements 0.8087
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25706
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25706
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2020-25706
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3tqy-g42y-9fef
2
url VCID-5ykb-6nvx-k3e4
vulnerability_id VCID-5ykb-6nvx-k3e4
summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39362
reference_id
reference_type
scores
0
value 0.87228
scoring_system epss
scoring_elements 0.99443
published_at 2026-04-02T12:55:00Z
1
value 0.87228
scoring_system epss
scoring_elements 0.99445
published_at 2026-04-04T12:55:00Z
2
value 0.87228
scoring_system epss
scoring_elements 0.99446
published_at 2026-04-07T12:55:00Z
3
value 0.87228
scoring_system epss
scoring_elements 0.99447
published_at 2026-04-09T12:55:00Z
4
value 0.87228
scoring_system epss
scoring_elements 0.99448
published_at 2026-04-11T12:55:00Z
5
value 0.87228
scoring_system epss
scoring_elements 0.99449
published_at 2026-04-13T12:55:00Z
6
value 0.87228
scoring_system epss
scoring_elements 0.99452
published_at 2026-04-18T12:55:00Z
7
value 0.87228
scoring_system epss
scoring_elements 0.99453
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39362
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
9
reference_url http://packetstormsecurity.com/files/175029/Cacti-1.2.24-Command-Injection.html
reference_id Cacti-1.2.24-Command-Injection.html
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/
url http://packetstormsecurity.com/files/175029/Cacti-1.2.24-Command-Injection.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
reference_id CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
11
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51740.txt
reference_id CVE-2023-39362
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51740.txt
12
reference_url https://www.debian.org/security/2023/dsa-5550
reference_id dsa-5550
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/
url https://www.debian.org/security/2023/dsa-5550
13
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp
reference_id GHSA-g6ff-58cj-x3cp
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp
14
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
15
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
reference_id msg00018.html
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
reference_id WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
reference_id WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2023-39362
risk_score 10.0
exploitability 2.0
weighted_severity 6.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ykb-6nvx-k3e4
3
url VCID-8nbc-ethb-6kcn
vulnerability_id VCID-8nbc-ethb-6kcn
summary 
Multiple vulnerabilities have been found in Cacti, the worst of
    which could lead to the remote execution of arbitrary code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-17358
reference_id
reference_type
scores
0
value 0.02298
scoring_system epss
scoring_elements 0.84657
published_at 2026-04-01T12:55:00Z
1
value 0.02298
scoring_system epss
scoring_elements 0.84671
published_at 2026-04-02T12:55:00Z
2
value 0.02298
scoring_system epss
scoring_elements 0.84692
published_at 2026-04-04T12:55:00Z
3
value 0.02298
scoring_system epss
scoring_elements 0.84694
published_at 2026-04-07T12:55:00Z
4
value 0.02298
scoring_system epss
scoring_elements 0.84716
published_at 2026-04-08T12:55:00Z
5
value 0.02298
scoring_system epss
scoring_elements 0.84723
published_at 2026-04-09T12:55:00Z
6
value 0.02298
scoring_system epss
scoring_elements 0.84741
published_at 2026-04-11T12:55:00Z
7
value 0.02298
scoring_system epss
scoring_elements 0.84736
published_at 2026-04-12T12:55:00Z
8
value 0.02298
scoring_system epss
scoring_elements 0.8473
published_at 2026-04-13T12:55:00Z
9
value 0.02298
scoring_system epss
scoring_elements 0.84751
published_at 2026-04-16T12:55:00Z
10
value 0.02298
scoring_system epss
scoring_elements 0.84753
published_at 2026-04-18T12:55:00Z
11
value 0.02298
scoring_system epss
scoring_elements 0.84754
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-17358
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17358
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17358
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947375
reference_id 947375
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947375
3
reference_url https://security.gentoo.org/glsa/202003-40
reference_id GLSA-202003-40
reference_type
scores
url https://security.gentoo.org/glsa/202003-40
fixed_packages
0
url pkg:deb/debian/cacti@0.8.8h%2Bds1-10%2Bdeb9u1
purl pkg:deb/debian/cacti@0.8.8h%2Bds1-10%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ff1-vhuj-hkdc
1
vulnerability VCID-29q9-twke-2bdx
2
vulnerability VCID-2z9e-eg1f-bqg5
3
vulnerability VCID-34z4-1zqk-afcm
4
vulnerability VCID-3tqy-g42y-9fef
5
vulnerability VCID-3y7d-ujep-4ydm
6
vulnerability VCID-44fx-4w2y-y3dy
7
vulnerability VCID-4twv-1yys-eban
8
vulnerability VCID-5ykb-6nvx-k3e4
9
vulnerability VCID-6n31-d4xy-d3fj
10
vulnerability VCID-6t6n-ws5n-wkay
11
vulnerability VCID-6ze5-dqdn-ykg3
12
vulnerability VCID-7dp4-9zks-mbgd
13
vulnerability VCID-7m68-seeq-tuae
14
vulnerability VCID-85gc-u991-z3dw
15
vulnerability VCID-86gq-jsgy-8uep
16
vulnerability VCID-89pf-69jk-syfk
17
vulnerability VCID-8nbc-ethb-6kcn
18
vulnerability VCID-9snd-k1cz-gyb5
19
vulnerability VCID-9swv-zvke-ubet
20
vulnerability VCID-9vce-mkth-v3gn
21
vulnerability VCID-a8j1-24bw-gudu
22
vulnerability VCID-aajr-s1n1-4ybu
23
vulnerability VCID-afss-mcgj-7bce
24
vulnerability VCID-akj7-kh8f-97ct
25
vulnerability VCID-ay5a-nkmf-5yar
26
vulnerability VCID-be57-gxmc-vqd4
27
vulnerability VCID-bj2d-v5dw-ykc7
28
vulnerability VCID-c2b8-ss11-9yhq
29
vulnerability VCID-c4w5-q88d-z3hg
30
vulnerability VCID-cre7-1uhc-bka2
31
vulnerability VCID-cxs3-zh36-m7en
32
vulnerability VCID-d7db-n89n-qyd8
33
vulnerability VCID-e48s-dv1e-4fgn
34
vulnerability VCID-fhtp-y9a5-vqgj
35
vulnerability VCID-fwp2-z586-ebbq
36
vulnerability VCID-gdfw-gryt-8qhg
37
vulnerability VCID-h3qa-svy4-1fcr
38
vulnerability VCID-hj89-pnag-3fer
39
vulnerability VCID-huf2-qwju-6bf2
40
vulnerability VCID-jkca-shmj-mbbu
41
vulnerability VCID-k6z6-4pb4-tbeu
42
vulnerability VCID-k7kv-za2s-dud5
43
vulnerability VCID-khhn-9sja-sfgr
44
vulnerability VCID-kkn3-ars7-gkbk
45
vulnerability VCID-mebp-4rfu-vqcq
46
vulnerability VCID-nbfc-ex1y-37he
47
vulnerability VCID-pau5-hfbv-nucp
48
vulnerability VCID-q88b-smmh-77ga
49
vulnerability VCID-qbvv-frc2-rqbk
50
vulnerability VCID-qncj-2u1d-7bgu
51
vulnerability VCID-qnz1-w7bb-97ee
52
vulnerability VCID-qvkt-vk55-4bbx
53
vulnerability VCID-rftg-byj2-jkh9
54
vulnerability VCID-s8du-gzj2-gkc1
55
vulnerability VCID-sb43-hapb-1uf2
56
vulnerability VCID-ses2-y1j2-vbbx
57
vulnerability VCID-sx2t-uzae-2fh9
58
vulnerability VCID-u478-39pb-tkay
59
vulnerability VCID-uj1s-uuyx-mya5
60
vulnerability VCID-vbs9-gben-9kgc
61
vulnerability VCID-vsjt-qjyw-hbfs
62
vulnerability VCID-w1vc-ugdq-aygx
63
vulnerability VCID-wrxa-2us4-vkf9
64
vulnerability VCID-ws4h-295a-9qgx
65
vulnerability VCID-x1fg-6mq4-d7ds
66
vulnerability VCID-xbb2-av4z-m3dp
67
vulnerability VCID-xdbp-7rtr-fyb7
68
vulnerability VCID-xpvn-y3b8-skgb
69
vulnerability VCID-y683-kz6e-afhv
70
vulnerability VCID-yjny-ubdp-7few
71
vulnerability VCID-ypan-57sx-vyam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0.8.8h%252Bds1-10%252Bdeb9u1
1
url pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4
purl pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z4-1zqk-afcm
1
vulnerability VCID-3tqy-g42y-9fef
2
vulnerability VCID-3y7d-ujep-4ydm
3
vulnerability VCID-44fx-4w2y-y3dy
4
vulnerability VCID-4twv-1yys-eban
5
vulnerability VCID-5ykb-6nvx-k3e4
6
vulnerability VCID-6t6n-ws5n-wkay
7
vulnerability VCID-6ze5-dqdn-ykg3
8
vulnerability VCID-7m68-seeq-tuae
9
vulnerability VCID-85gc-u991-z3dw
10
vulnerability VCID-8nbc-ethb-6kcn
11
vulnerability VCID-9swv-zvke-ubet
12
vulnerability VCID-a8j1-24bw-gudu
13
vulnerability VCID-akj7-kh8f-97ct
14
vulnerability VCID-ay5a-nkmf-5yar
15
vulnerability VCID-be57-gxmc-vqd4
16
vulnerability VCID-c2b8-ss11-9yhq
17
vulnerability VCID-cre7-1uhc-bka2
18
vulnerability VCID-cxs3-zh36-m7en
19
vulnerability VCID-d7db-n89n-qyd8
20
vulnerability VCID-e48s-dv1e-4fgn
21
vulnerability VCID-fhtp-y9a5-vqgj
22
vulnerability VCID-fwp2-z586-ebbq
23
vulnerability VCID-h3qa-svy4-1fcr
24
vulnerability VCID-hj89-pnag-3fer
25
vulnerability VCID-huf2-qwju-6bf2
26
vulnerability VCID-jkca-shmj-mbbu
27
vulnerability VCID-k6z6-4pb4-tbeu
28
vulnerability VCID-k7kv-za2s-dud5
29
vulnerability VCID-khhn-9sja-sfgr
30
vulnerability VCID-mebp-4rfu-vqcq
31
vulnerability VCID-pau5-hfbv-nucp
32
vulnerability VCID-qnz1-w7bb-97ee
33
vulnerability VCID-qvkt-vk55-4bbx
34
vulnerability VCID-rftg-byj2-jkh9
35
vulnerability VCID-s8du-gzj2-gkc1
36
vulnerability VCID-sb43-hapb-1uf2
37
vulnerability VCID-ses2-y1j2-vbbx
38
vulnerability VCID-sx2t-uzae-2fh9
39
vulnerability VCID-uj1s-uuyx-mya5
40
vulnerability VCID-vbs9-gben-9kgc
41
vulnerability VCID-vsjt-qjyw-hbfs
42
vulnerability VCID-wrxa-2us4-vkf9
43
vulnerability VCID-ws4h-295a-9qgx
44
vulnerability VCID-xbb2-av4z-m3dp
45
vulnerability VCID-xdbp-7rtr-fyb7
46
vulnerability VCID-xpvn-y3b8-skgb
47
vulnerability VCID-y683-kz6e-afhv
48
vulnerability VCID-ypan-57sx-vyam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4
2
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2019-17358
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8nbc-ethb-6kcn
4
url VCID-9swv-zvke-ubet
vulnerability_id VCID-9swv-zvke-ubet
summary 
Multiple vulnerabilities have been found in Cacti, the worst of
    which could result in the arbitrary execution of code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8813
reference_id
reference_type
scores
0
value 0.93926
scoring_system epss
scoring_elements 0.99879
published_at 2026-04-11T12:55:00Z
1
value 0.93926
scoring_system epss
scoring_elements 0.9988
published_at 2026-04-21T12:55:00Z
2
value 0.93926
scoring_system epss
scoring_elements 0.99881
published_at 2026-04-18T12:55:00Z
3
value 0.94091
scoring_system epss
scoring_elements 0.99904
published_at 2026-04-01T12:55:00Z
4
value 0.94091
scoring_system epss
scoring_elements 0.99905
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8813
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8813
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8813
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951832
reference_id 951832
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951832
3
reference_url https://github.com/mhaskar/CVE-2020-8813/blob/4877c2b2f378ce5937f56b259b69b02840514d4c/Cacti-postauth-rce.py
reference_id CVE-2020-8813
reference_type exploit
scores
url https://github.com/mhaskar/CVE-2020-8813/blob/4877c2b2f378ce5937f56b259b69b02840514d4c/Cacti-postauth-rce.py
4
reference_url https://github.com/mhaskar/CVE-2020-8813/blob/dfb48378f39249ff54ecf24ccd3b89db26971ccf/Cacti-preauth-rce.py
reference_id CVE-2020-8813
reference_type exploit
scores
url https://github.com/mhaskar/CVE-2020-8813/blob/dfb48378f39249ff54ecf24ccd3b89db26971ccf/Cacti-preauth-rce.py
5
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/48144.py
reference_id CVE-2020-8813
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/48144.py
6
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/48145.py
reference_id CVE-2020-8813
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/48145.py
7
reference_url https://security.gentoo.org/glsa/202004-16
reference_id GLSA-202004-16
reference_type
scores
url https://security.gentoo.org/glsa/202004-16
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2020-8813
risk_score 1.6
exploitability 2.0
weighted_severity 0.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9swv-zvke-ubet
5
url VCID-a8j1-24bw-gudu
vulnerability_id VCID-a8j1-24bw-gudu
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39364
reference_id
reference_type
scores
0
value 0.00166
scoring_system epss
scoring_elements 0.3773
published_at 2026-04-02T12:55:00Z
1
value 0.00166
scoring_system epss
scoring_elements 0.37755
published_at 2026-04-04T12:55:00Z
2
value 0.00166
scoring_system epss
scoring_elements 0.37633
published_at 2026-04-07T12:55:00Z
3
value 0.00166
scoring_system epss
scoring_elements 0.37684
published_at 2026-04-08T12:55:00Z
4
value 0.00166
scoring_system epss
scoring_elements 0.37697
published_at 2026-04-09T12:55:00Z
5
value 0.00166
scoring_system epss
scoring_elements 0.37711
published_at 2026-04-11T12:55:00Z
6
value 0.00166
scoring_system epss
scoring_elements 0.37676
published_at 2026-04-12T12:55:00Z
7
value 0.00166
scoring_system epss
scoring_elements 0.37648
published_at 2026-04-13T12:55:00Z
8
value 0.00166
scoring_system epss
scoring_elements 0.37695
published_at 2026-04-16T12:55:00Z
9
value 0.00166
scoring_system epss
scoring_elements 0.37678
published_at 2026-04-18T12:55:00Z
10
value 0.00166
scoring_system epss
scoring_elements 0.37616
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39364
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2023-39364
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a8j1-24bw-gudu
6
url VCID-akj7-kh8f-97ct
vulnerability_id VCID-akj7-kh8f-97ct
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49088
reference_id
reference_type
scores
0
value 0.0102
scoring_system epss
scoring_elements 0.77167
published_at 2026-04-02T12:55:00Z
1
value 0.0102
scoring_system epss
scoring_elements 0.77196
published_at 2026-04-04T12:55:00Z
2
value 0.0102
scoring_system epss
scoring_elements 0.77177
published_at 2026-04-07T12:55:00Z
3
value 0.0102
scoring_system epss
scoring_elements 0.7721
published_at 2026-04-08T12:55:00Z
4
value 0.0102
scoring_system epss
scoring_elements 0.77218
published_at 2026-04-09T12:55:00Z
5
value 0.0102
scoring_system epss
scoring_elements 0.77246
published_at 2026-04-11T12:55:00Z
6
value 0.0102
scoring_system epss
scoring_elements 0.77225
published_at 2026-04-12T12:55:00Z
7
value 0.0102
scoring_system epss
scoring_elements 0.77221
published_at 2026-04-13T12:55:00Z
8
value 0.0102
scoring_system epss
scoring_elements 0.77261
published_at 2026-04-16T12:55:00Z
9
value 0.0102
scoring_system epss
scoring_elements 0.77262
published_at 2026-04-18T12:55:00Z
10
value 0.0102
scoring_system epss
scoring_elements 0.77254
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49088
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
7
reference_url https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php
reference_id data_debug.php
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/
url https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php
8
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h
reference_id GHSA-hrg9-qqqx-wc4h
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h
9
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x
reference_id GHSA-q7g7-gcf6-wh4x
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x
10
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
reference_id msg00018.html
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2023-49088
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-akj7-kh8f-97ct
7
url VCID-ay5a-nkmf-5yar
vulnerability_id VCID-ay5a-nkmf-5yar
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49086
reference_id
reference_type
scores
0
value 0.00949
scoring_system epss
scoring_elements 0.76305
published_at 2026-04-02T12:55:00Z
1
value 0.00949
scoring_system epss
scoring_elements 0.76335
published_at 2026-04-04T12:55:00Z
2
value 0.00949
scoring_system epss
scoring_elements 0.76314
published_at 2026-04-07T12:55:00Z
3
value 0.00949
scoring_system epss
scoring_elements 0.76347
published_at 2026-04-08T12:55:00Z
4
value 0.00949
scoring_system epss
scoring_elements 0.76361
published_at 2026-04-09T12:55:00Z
5
value 0.00949
scoring_system epss
scoring_elements 0.76387
published_at 2026-04-11T12:55:00Z
6
value 0.00949
scoring_system epss
scoring_elements 0.76365
published_at 2026-04-12T12:55:00Z
7
value 0.00949
scoring_system epss
scoring_elements 0.7636
published_at 2026-04-13T12:55:00Z
8
value 0.00949
scoring_system epss
scoring_elements 0.76401
published_at 2026-04-16T12:55:00Z
9
value 0.00949
scoring_system epss
scoring_elements 0.76407
published_at 2026-04-18T12:55:00Z
10
value 0.00949
scoring_system epss
scoring_elements 0.76392
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49086
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254
reference_id 1059254
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2023-49086
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ay5a-nkmf-5yar
8
url VCID-c2b8-ss11-9yhq
vulnerability_id VCID-c2b8-ss11-9yhq
summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39360
reference_id
reference_type
scores
0
value 0.00629
scoring_system epss
scoring_elements 0.70215
published_at 2026-04-02T12:55:00Z
1
value 0.00629
scoring_system epss
scoring_elements 0.70232
published_at 2026-04-04T12:55:00Z
2
value 0.00629
scoring_system epss
scoring_elements 0.70209
published_at 2026-04-07T12:55:00Z
3
value 0.00629
scoring_system epss
scoring_elements 0.70255
published_at 2026-04-08T12:55:00Z
4
value 0.00629
scoring_system epss
scoring_elements 0.7027
published_at 2026-04-09T12:55:00Z
5
value 0.00629
scoring_system epss
scoring_elements 0.70294
published_at 2026-04-11T12:55:00Z
6
value 0.00629
scoring_system epss
scoring_elements 0.70279
published_at 2026-04-12T12:55:00Z
7
value 0.00629
scoring_system epss
scoring_elements 0.70267
published_at 2026-04-13T12:55:00Z
8
value 0.00629
scoring_system epss
scoring_elements 0.70308
published_at 2026-04-16T12:55:00Z
9
value 0.00629
scoring_system epss
scoring_elements 0.70317
published_at 2026-04-18T12:55:00Z
10
value 0.00629
scoring_system epss
scoring_elements 0.70298
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39360
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
7
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2023-39360
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c2b8-ss11-9yhq
9
url VCID-cre7-1uhc-bka2
vulnerability_id VCID-cre7-1uhc-bka2
summary 
Multiple vulnerabilities have been found in Cacti, the worst of
    which could lead to the remote execution of arbitrary code.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16723
reference_id
reference_type
scores
0
value 0.00268
scoring_system epss
scoring_elements 0.50293
published_at 2026-04-21T12:55:00Z
1
value 0.00268
scoring_system epss
scoring_elements 0.50319
published_at 2026-04-18T12:55:00Z
2
value 0.00268
scoring_system epss
scoring_elements 0.50221
published_at 2026-04-01T12:55:00Z
3
value 0.00268
scoring_system epss
scoring_elements 0.50261
published_at 2026-04-02T12:55:00Z
4
value 0.00268
scoring_system epss
scoring_elements 0.5029
published_at 2026-04-04T12:55:00Z
5
value 0.00268
scoring_system epss
scoring_elements 0.50238
published_at 2026-04-07T12:55:00Z
6
value 0.00268
scoring_system epss
scoring_elements 0.50292
published_at 2026-04-08T12:55:00Z
7
value 0.00268
scoring_system epss
scoring_elements 0.50284
published_at 2026-04-09T12:55:00Z
8
value 0.00268
scoring_system epss
scoring_elements 0.50312
published_at 2026-04-11T12:55:00Z
9
value 0.00268
scoring_system epss
scoring_elements 0.50286
published_at 2026-04-12T12:55:00Z
10
value 0.00268
scoring_system epss
scoring_elements 0.50274
published_at 2026-04-13T12:55:00Z
11
value 0.00268
scoring_system epss
scoring_elements 0.50318
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16723
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16723
6
reference_url https://github.com/Cacti/cacti/issues/2964
reference_id
reference_type
scores
url https://github.com/Cacti/cacti/issues/2964
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZO3ROHHPKLH2JRW7ES5FYSQTWIPNVLQB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZO3ROHHPKLH2JRW7ES5FYSQTWIPNVLQB/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZSCUUCKSYVZLN3PQE7NU76AFWUGT3E2D/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZSCUUCKSYVZLN3PQE7NU76AFWUGT3E2D/
9
reference_url https://seclists.org/bugtraq/2020/Jan/25
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2020/Jan/25
10
reference_url https://www.debian.org/security/2020/dsa-4604
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4604
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941036
reference_id 941036
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941036
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16723
reference_id CVE-2019-16723
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:N/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2019-16723
14
reference_url https://security.gentoo.org/glsa/202003-40
reference_id GLSA-202003-40
reference_type
scores
url https://security.gentoo.org/glsa/202003-40
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2019-16723
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cre7-1uhc-bka2
10
url VCID-cxs3-zh36-m7en
vulnerability_id VCID-cxs3-zh36-m7en
summary 
Multiple vulnerabilities have been found in Cacti, the worst of
    which could lead to the remote execution of arbitrary code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7106
reference_id
reference_type
scores
0
value 0.04094
scoring_system epss
scoring_elements 0.88531
published_at 2026-04-01T12:55:00Z
1
value 0.04094
scoring_system epss
scoring_elements 0.88539
published_at 2026-04-02T12:55:00Z
2
value 0.04094
scoring_system epss
scoring_elements 0.88556
published_at 2026-04-04T12:55:00Z
3
value 0.04094
scoring_system epss
scoring_elements 0.88559
published_at 2026-04-07T12:55:00Z
4
value 0.04094
scoring_system epss
scoring_elements 0.88577
published_at 2026-04-08T12:55:00Z
5
value 0.04094
scoring_system epss
scoring_elements 0.88582
published_at 2026-04-09T12:55:00Z
6
value 0.04094
scoring_system epss
scoring_elements 0.88594
published_at 2026-04-21T12:55:00Z
7
value 0.04094
scoring_system epss
scoring_elements 0.88586
published_at 2026-04-13T12:55:00Z
8
value 0.04094
scoring_system epss
scoring_elements 0.886
published_at 2026-04-16T12:55:00Z
9
value 0.04094
scoring_system epss
scoring_elements 0.88597
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7106
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7106
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7106
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949996
reference_id 949996
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949996
3
reference_url https://security.gentoo.org/glsa/202003-40
reference_id GLSA-202003-40
reference_type
scores
url https://security.gentoo.org/glsa/202003-40
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2020-7106
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cxs3-zh36-m7en
11
url VCID-d7db-n89n-qyd8
vulnerability_id VCID-d7db-n89n-qyd8
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49084
reference_id
reference_type
scores
0
value 0.88341
scoring_system epss
scoring_elements 0.99488
published_at 2026-04-02T12:55:00Z
1
value 0.88341
scoring_system epss
scoring_elements 0.9949
published_at 2026-04-04T12:55:00Z
2
value 0.88341
scoring_system epss
scoring_elements 0.99492
published_at 2026-04-07T12:55:00Z
3
value 0.88341
scoring_system epss
scoring_elements 0.99493
published_at 2026-04-08T12:55:00Z
4
value 0.88341
scoring_system epss
scoring_elements 0.99494
published_at 2026-04-09T12:55:00Z
5
value 0.88341
scoring_system epss
scoring_elements 0.99495
published_at 2026-04-13T12:55:00Z
6
value 0.88341
scoring_system epss
scoring_elements 0.99498
published_at 2026-04-16T12:55:00Z
7
value 0.88341
scoring_system epss
scoring_elements 0.99499
published_at 2026-04-18T12:55:00Z
8
value 0.88341
scoring_system epss
scoring_elements 0.995
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49084
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254
reference_id 1059254
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2023-49084
risk_score 1.6
exploitability 2.0
weighted_severity 0.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d7db-n89n-qyd8
12
url VCID-e48s-dv1e-4fgn
vulnerability_id VCID-e48s-dv1e-4fgn
summary In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13231
reference_id
reference_type
scores
0
value 0.00453
scoring_system epss
scoring_elements 0.63694
published_at 2026-04-01T12:55:00Z
1
value 0.00453
scoring_system epss
scoring_elements 0.63754
published_at 2026-04-02T12:55:00Z
2
value 0.00453
scoring_system epss
scoring_elements 0.6378
published_at 2026-04-04T12:55:00Z
3
value 0.00453
scoring_system epss
scoring_elements 0.63739
published_at 2026-04-07T12:55:00Z
4
value 0.00453
scoring_system epss
scoring_elements 0.63791
published_at 2026-04-08T12:55:00Z
5
value 0.00453
scoring_system epss
scoring_elements 0.63808
published_at 2026-04-09T12:55:00Z
6
value 0.00453
scoring_system epss
scoring_elements 0.63821
published_at 2026-04-11T12:55:00Z
7
value 0.00453
scoring_system epss
scoring_elements 0.63807
published_at 2026-04-12T12:55:00Z
8
value 0.00453
scoring_system epss
scoring_elements 0.63773
published_at 2026-04-13T12:55:00Z
9
value 0.00453
scoring_system epss
scoring_elements 0.63809
published_at 2026-04-16T12:55:00Z
10
value 0.00453
scoring_system epss
scoring_elements 0.63818
published_at 2026-04-18T12:55:00Z
11
value 0.00453
scoring_system epss
scoring_elements 0.63806
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13231
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13231
2
reference_url https://usn.ubuntu.com/USN-5214-1/
reference_id USN-USN-5214-1
reference_type
scores
url https://usn.ubuntu.com/USN-5214-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2020-13231
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e48s-dv1e-4fgn
13
url VCID-fwp2-z586-ebbq
vulnerability_id VCID-fwp2-z586-ebbq
summary 
Multiple vulnerabilities have been found in Cacti, the worst of
    which could lead to the remote execution of arbitrary code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-17357
reference_id
reference_type
scores
0
value 0.16157
scoring_system epss
scoring_elements 0.94764
published_at 2026-04-01T12:55:00Z
1
value 0.16157
scoring_system epss
scoring_elements 0.94774
published_at 2026-04-02T12:55:00Z
2
value 0.16157
scoring_system epss
scoring_elements 0.94778
published_at 2026-04-04T12:55:00Z
3
value 0.16157
scoring_system epss
scoring_elements 0.94779
published_at 2026-04-07T12:55:00Z
4
value 0.16157
scoring_system epss
scoring_elements 0.94788
published_at 2026-04-08T12:55:00Z
5
value 0.16157
scoring_system epss
scoring_elements 0.94792
published_at 2026-04-09T12:55:00Z
6
value 0.16157
scoring_system epss
scoring_elements 0.94797
published_at 2026-04-11T12:55:00Z
7
value 0.16157
scoring_system epss
scoring_elements 0.948
published_at 2026-04-12T12:55:00Z
8
value 0.16157
scoring_system epss
scoring_elements 0.94801
published_at 2026-04-13T12:55:00Z
9
value 0.16157
scoring_system epss
scoring_elements 0.94808
published_at 2026-04-16T12:55:00Z
10
value 0.16157
scoring_system epss
scoring_elements 0.94812
published_at 2026-04-18T12:55:00Z
11
value 0.16157
scoring_system epss
scoring_elements 0.94814
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-17357
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17357
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17357
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947374
reference_id 947374
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947374
3
reference_url https://security.gentoo.org/glsa/202003-40
reference_id GLSA-202003-40
reference_type
scores
url https://security.gentoo.org/glsa/202003-40
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2019-17357
risk_score 0.1
exploitability 0.5
weighted_severity 0.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fwp2-z586-ebbq
14
url VCID-h3qa-svy4-1fcr
vulnerability_id VCID-h3qa-svy4-1fcr
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49085
reference_id
reference_type
scores
0
value 0.91404
scoring_system epss
scoring_elements 0.99656
published_at 2026-04-02T12:55:00Z
1
value 0.91404
scoring_system epss
scoring_elements 0.99658
published_at 2026-04-04T12:55:00Z
2
value 0.91404
scoring_system epss
scoring_elements 0.99659
published_at 2026-04-07T12:55:00Z
3
value 0.91404
scoring_system epss
scoring_elements 0.9966
published_at 2026-04-09T12:55:00Z
4
value 0.91404
scoring_system epss
scoring_elements 0.99661
published_at 2026-04-12T12:55:00Z
5
value 0.91404
scoring_system epss
scoring_elements 0.99662
published_at 2026-04-13T12:55:00Z
6
value 0.91404
scoring_system epss
scoring_elements 0.99663
published_at 2026-04-16T12:55:00Z
7
value 0.91404
scoring_system epss
scoring_elements 0.99664
published_at 2026-04-18T12:55:00Z
8
value 0.91404
scoring_system epss
scoring_elements 0.99665
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49085
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2023-49085
risk_score 1.6
exploitability 2.0
weighted_severity 0.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h3qa-svy4-1fcr
15
url VCID-huf2-qwju-6bf2
vulnerability_id VCID-huf2-qwju-6bf2
summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39365
reference_id
reference_type
scores
0
value 0.0017
scoring_system epss
scoring_elements 0.38327
published_at 2026-04-02T12:55:00Z
1
value 0.0017
scoring_system epss
scoring_elements 0.38352
published_at 2026-04-04T12:55:00Z
2
value 0.0017
scoring_system epss
scoring_elements 0.38217
published_at 2026-04-07T12:55:00Z
3
value 0.0017
scoring_system epss
scoring_elements 0.38267
published_at 2026-04-08T12:55:00Z
4
value 0.0017
scoring_system epss
scoring_elements 0.38275
published_at 2026-04-09T12:55:00Z
5
value 0.0017
scoring_system epss
scoring_elements 0.38294
published_at 2026-04-11T12:55:00Z
6
value 0.0017
scoring_system epss
scoring_elements 0.38258
published_at 2026-04-12T12:55:00Z
7
value 0.0017
scoring_system epss
scoring_elements 0.38234
published_at 2026-04-13T12:55:00Z
8
value 0.0017
scoring_system epss
scoring_elements 0.38281
published_at 2026-04-16T12:55:00Z
9
value 0.0017
scoring_system epss
scoring_elements 0.3826
published_at 2026-04-18T12:55:00Z
10
value 0.0017
scoring_system epss
scoring_elements 0.38196
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39365
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
reference_id CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
10
reference_url https://www.debian.org/security/2023/dsa-5550
reference_id dsa-5550
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/
url https://www.debian.org/security/2023/dsa-5550
11
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22
reference_id GHSA-v5w7-hww7-2f22
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22
12
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
13
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
reference_id msg00018.html
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
reference_id WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
reference_id WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2023-39365
risk_score 2.0
exploitability 0.5
weighted_severity 4.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-huf2-qwju-6bf2
16
url VCID-k6z6-4pb4-tbeu
vulnerability_id VCID-k6z6-4pb4-tbeu
summary Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-23226
reference_id
reference_type
scores
0
value 0.01252
scoring_system epss
scoring_elements 0.79296
published_at 2026-04-01T12:55:00Z
1
value 0.01252
scoring_system epss
scoring_elements 0.79303
published_at 2026-04-02T12:55:00Z
2
value 0.01252
scoring_system epss
scoring_elements 0.79327
published_at 2026-04-04T12:55:00Z
3
value 0.01252
scoring_system epss
scoring_elements 0.79313
published_at 2026-04-07T12:55:00Z
4
value 0.01252
scoring_system epss
scoring_elements 0.79338
published_at 2026-04-08T12:55:00Z
5
value 0.01252
scoring_system epss
scoring_elements 0.79348
published_at 2026-04-09T12:55:00Z
6
value 0.01252
scoring_system epss
scoring_elements 0.79371
published_at 2026-04-11T12:55:00Z
7
value 0.01252
scoring_system epss
scoring_elements 0.79356
published_at 2026-04-12T12:55:00Z
8
value 0.01252
scoring_system epss
scoring_elements 0.79345
published_at 2026-04-13T12:55:00Z
9
value 0.01252
scoring_system epss
scoring_elements 0.79373
published_at 2026-04-16T12:55:00Z
10
value 0.01252
scoring_system epss
scoring_elements 0.79368
published_at 2026-04-18T12:55:00Z
11
value 0.01252
scoring_system epss
scoring_elements 0.79369
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-23226
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23226
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23226
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2020-23226
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k6z6-4pb4-tbeu
17
url VCID-pau5-hfbv-nucp
vulnerability_id VCID-pau5-hfbv-nucp
summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39513
reference_id
reference_type
scores
0
value 0.00296
scoring_system epss
scoring_elements 0.52839
published_at 2026-04-02T12:55:00Z
1
value 0.00296
scoring_system epss
scoring_elements 0.52865
published_at 2026-04-04T12:55:00Z
2
value 0.00296
scoring_system epss
scoring_elements 0.52832
published_at 2026-04-07T12:55:00Z
3
value 0.00296
scoring_system epss
scoring_elements 0.52884
published_at 2026-04-08T12:55:00Z
4
value 0.00296
scoring_system epss
scoring_elements 0.52878
published_at 2026-04-09T12:55:00Z
5
value 0.00296
scoring_system epss
scoring_elements 0.52928
published_at 2026-04-11T12:55:00Z
6
value 0.00296
scoring_system epss
scoring_elements 0.52912
published_at 2026-04-12T12:55:00Z
7
value 0.00296
scoring_system epss
scoring_elements 0.52895
published_at 2026-04-13T12:55:00Z
8
value 0.00296
scoring_system epss
scoring_elements 0.52933
published_at 2026-04-16T12:55:00Z
9
value 0.00296
scoring_system epss
scoring_elements 0.5294
published_at 2026-04-18T12:55:00Z
10
value 0.00296
scoring_system epss
scoring_elements 0.52923
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39513
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
7
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2023-39513
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pau5-hfbv-nucp
18
url VCID-qvkt-vk55-4bbx
vulnerability_id VCID-qvkt-vk55-4bbx
summary A vulnerability in Cacti could lead to remote code execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35701
reference_id
reference_type
scores
0
value 0.01839
scoring_system epss
scoring_elements 0.82991
published_at 2026-04-21T12:55:00Z
1
value 0.01839
scoring_system epss
scoring_elements 0.82885
published_at 2026-04-01T12:55:00Z
2
value 0.01839
scoring_system epss
scoring_elements 0.82901
published_at 2026-04-02T12:55:00Z
3
value 0.01839
scoring_system epss
scoring_elements 0.82914
published_at 2026-04-04T12:55:00Z
4
value 0.01839
scoring_system epss
scoring_elements 0.8291
published_at 2026-04-07T12:55:00Z
5
value 0.01839
scoring_system epss
scoring_elements 0.82936
published_at 2026-04-08T12:55:00Z
6
value 0.01839
scoring_system epss
scoring_elements 0.82943
published_at 2026-04-09T12:55:00Z
7
value 0.01839
scoring_system epss
scoring_elements 0.82958
published_at 2026-04-11T12:55:00Z
8
value 0.01839
scoring_system epss
scoring_elements 0.82953
published_at 2026-04-12T12:55:00Z
9
value 0.01839
scoring_system epss
scoring_elements 0.82949
published_at 2026-04-13T12:55:00Z
10
value 0.01839
scoring_system epss
scoring_elements 0.82988
published_at 2026-04-16T12:55:00Z
11
value 0.01839
scoring_system epss
scoring_elements 0.82987
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35701
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35701
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35701
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979998
reference_id 979998
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979998
3
reference_url https://security.archlinux.org/AVG-1433
reference_id AVG-1433
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1433
4
reference_url https://security.gentoo.org/glsa/202101-31
reference_id GLSA-202101-31
reference_type
scores
url https://security.gentoo.org/glsa/202101-31
5
reference_url https://usn.ubuntu.com/USN-5214-1/
reference_id USN-USN-5214-1
reference_type
scores
url https://usn.ubuntu.com/USN-5214-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2020-35701
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qvkt-vk55-4bbx
19
url VCID-rftg-byj2-jkh9
vulnerability_id VCID-rftg-byj2-jkh9
summary Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-37543
reference_id
reference_type
scores
0
value 0.00617
scoring_system epss
scoring_elements 0.69978
published_at 2026-04-21T12:55:00Z
1
value 0.00617
scoring_system epss
scoring_elements 0.69996
published_at 2026-04-18T12:55:00Z
2
value 0.00617
scoring_system epss
scoring_elements 0.69893
published_at 2026-04-02T12:55:00Z
3
value 0.00617
scoring_system epss
scoring_elements 0.69907
published_at 2026-04-04T12:55:00Z
4
value 0.00617
scoring_system epss
scoring_elements 0.69884
published_at 2026-04-07T12:55:00Z
5
value 0.00617
scoring_system epss
scoring_elements 0.69932
published_at 2026-04-08T12:55:00Z
6
value 0.00617
scoring_system epss
scoring_elements 0.69949
published_at 2026-04-09T12:55:00Z
7
value 0.00617
scoring_system epss
scoring_elements 0.69972
published_at 2026-04-11T12:55:00Z
8
value 0.00617
scoring_system epss
scoring_elements 0.69957
published_at 2026-04-12T12:55:00Z
9
value 0.00617
scoring_system epss
scoring_elements 0.69943
published_at 2026-04-13T12:55:00Z
10
value 0.00617
scoring_system epss
scoring_elements 0.69986
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-37543
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37543
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37543
2
reference_url https://medium.com/%40hussainfathy99/exciting-news-my-first-cve-discovery-cve-2023-37543-idor-vulnerability-in-cacti-bbb6c386afed
reference_id exciting-news-my-first-cve-discovery-cve-2023-37543-idor-vulnerability-in-cacti-bbb6c386afed
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T20:34:34Z/
url https://medium.com/%40hussainfathy99/exciting-news-my-first-cve-discovery-cve-2023-37543-idor-vulnerability-in-cacti-bbb6c386afed
3
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-4x82-8w8m-w8hj
reference_id GHSA-4x82-8w8m-w8hj
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T20:34:34Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-4x82-8w8m-w8hj
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2023-37543
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rftg-byj2-jkh9
20
url VCID-sb43-hapb-1uf2
vulnerability_id VCID-sb43-hapb-1uf2
summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39357
reference_id
reference_type
scores
0
value 0.03246
scoring_system epss
scoring_elements 0.87071
published_at 2026-04-02T12:55:00Z
1
value 0.03246
scoring_system epss
scoring_elements 0.8709
published_at 2026-04-04T12:55:00Z
2
value 0.03246
scoring_system epss
scoring_elements 0.87083
published_at 2026-04-07T12:55:00Z
3
value 0.03246
scoring_system epss
scoring_elements 0.87103
published_at 2026-04-08T12:55:00Z
4
value 0.03246
scoring_system epss
scoring_elements 0.87111
published_at 2026-04-09T12:55:00Z
5
value 0.03246
scoring_system epss
scoring_elements 0.87124
published_at 2026-04-11T12:55:00Z
6
value 0.03246
scoring_system epss
scoring_elements 0.87119
published_at 2026-04-12T12:55:00Z
7
value 0.03246
scoring_system epss
scoring_elements 0.87114
published_at 2026-04-13T12:55:00Z
8
value 0.03246
scoring_system epss
scoring_elements 0.8713
published_at 2026-04-16T12:55:00Z
9
value 0.03246
scoring_system epss
scoring_elements 0.87134
published_at 2026-04-18T12:55:00Z
10
value 0.03246
scoring_system epss
scoring_elements 0.87131
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39357
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
9
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2023-39357
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sb43-hapb-1uf2
21
url VCID-ses2-y1j2-vbbx
vulnerability_id VCID-ses2-y1j2-vbbx
summary 
Multiple vulnerabilities have been found in Cacti, the worst of
    which could result in the arbitrary execution of code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14295
reference_id
reference_type
scores
0
value 0.81199
scoring_system epss
scoring_elements 0.99156
published_at 2026-04-01T12:55:00Z
1
value 0.81199
scoring_system epss
scoring_elements 0.99157
published_at 2026-04-02T12:55:00Z
2
value 0.81199
scoring_system epss
scoring_elements 0.99159
published_at 2026-04-04T12:55:00Z
3
value 0.81199
scoring_system epss
scoring_elements 0.99162
published_at 2026-04-07T12:55:00Z
4
value 0.81199
scoring_system epss
scoring_elements 0.99164
published_at 2026-04-13T12:55:00Z
5
value 0.81199
scoring_system epss
scoring_elements 0.99165
published_at 2026-04-16T12:55:00Z
6
value 0.81199
scoring_system epss
scoring_elements 0.99167
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14295
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14295
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14295
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963139
reference_id 963139
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963139
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49810.py
reference_id CVE-2020-14295
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49810.py
4
reference_url https://usn.ubuntu.com/USN-5214-1/
reference_id USN-USN-5214-1
reference_type
scores
url https://usn.ubuntu.com/USN-5214-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2020-14295
risk_score 1.4
exploitability 2.0
weighted_severity 0.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ses2-y1j2-vbbx
22
url VCID-uj1s-uuyx-mya5
vulnerability_id VCID-uj1s-uuyx-mya5
summary 
Multiple vulnerabilities have been found in Cacti, the worst of
    which could lead to the remote execution of arbitrary code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7237
reference_id
reference_type
scores
0
value 0.46813
scoring_system epss
scoring_elements 0.97647
published_at 2026-04-01T12:55:00Z
1
value 0.46813
scoring_system epss
scoring_elements 0.97653
published_at 2026-04-02T12:55:00Z
2
value 0.46813
scoring_system epss
scoring_elements 0.97655
published_at 2026-04-04T12:55:00Z
3
value 0.46813
scoring_system epss
scoring_elements 0.97656
published_at 2026-04-07T12:55:00Z
4
value 0.46813
scoring_system epss
scoring_elements 0.9766
published_at 2026-04-08T12:55:00Z
5
value 0.46813
scoring_system epss
scoring_elements 0.97662
published_at 2026-04-09T12:55:00Z
6
value 0.46813
scoring_system epss
scoring_elements 0.97664
published_at 2026-04-11T12:55:00Z
7
value 0.46813
scoring_system epss
scoring_elements 0.97667
published_at 2026-04-13T12:55:00Z
8
value 0.46813
scoring_system epss
scoring_elements 0.97674
published_at 2026-04-16T12:55:00Z
9
value 0.46813
scoring_system epss
scoring_elements 0.97677
published_at 2026-04-18T12:55:00Z
10
value 0.46813
scoring_system epss
scoring_elements 0.97676
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7237
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7237
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7237
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949997
reference_id 949997
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949997
3
reference_url https://security.gentoo.org/glsa/202003-40
reference_id GLSA-202003-40
reference_type
scores
url https://security.gentoo.org/glsa/202003-40
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2020-7237
risk_score 0.2
exploitability 0.5
weighted_severity 0.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uj1s-uuyx-mya5
23
url VCID-vsjt-qjyw-hbfs
vulnerability_id VCID-vsjt-qjyw-hbfs
summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39359
reference_id
reference_type
scores
0
value 0.04724
scoring_system epss
scoring_elements 0.89353
published_at 2026-04-02T12:55:00Z
1
value 0.04724
scoring_system epss
scoring_elements 0.89365
published_at 2026-04-04T12:55:00Z
2
value 0.04724
scoring_system epss
scoring_elements 0.89368
published_at 2026-04-07T12:55:00Z
3
value 0.04724
scoring_system epss
scoring_elements 0.89385
published_at 2026-04-08T12:55:00Z
4
value 0.04724
scoring_system epss
scoring_elements 0.89388
published_at 2026-04-09T12:55:00Z
5
value 0.04724
scoring_system epss
scoring_elements 0.89397
published_at 2026-04-11T12:55:00Z
6
value 0.04724
scoring_system epss
scoring_elements 0.89394
published_at 2026-04-12T12:55:00Z
7
value 0.04724
scoring_system epss
scoring_elements 0.8939
published_at 2026-04-13T12:55:00Z
8
value 0.04724
scoring_system epss
scoring_elements 0.89405
published_at 2026-04-21T12:55:00Z
9
value 0.04724
scoring_system epss
scoring_elements 0.89406
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39359
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
reference_id CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
10
reference_url https://www.debian.org/security/2023/dsa-5550
reference_id dsa-5550
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/
url https://www.debian.org/security/2023/dsa-5550
11
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-q4wh-3f9w-836h
reference_id GHSA-q4wh-3f9w-836h
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-q4wh-3f9w-836h
12
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
reference_id WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
reference_id WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2023-39359
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vsjt-qjyw-hbfs
24
url VCID-wrxa-2us4-vkf9
vulnerability_id VCID-wrxa-2us4-vkf9
summary In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13230
reference_id
reference_type
scores
0
value 0.00799
scoring_system epss
scoring_elements 0.73977
published_at 2026-04-01T12:55:00Z
1
value 0.00799
scoring_system epss
scoring_elements 0.73984
published_at 2026-04-02T12:55:00Z
2
value 0.00799
scoring_system epss
scoring_elements 0.7401
published_at 2026-04-04T12:55:00Z
3
value 0.00799
scoring_system epss
scoring_elements 0.73981
published_at 2026-04-07T12:55:00Z
4
value 0.00799
scoring_system epss
scoring_elements 0.74015
published_at 2026-04-08T12:55:00Z
5
value 0.00799
scoring_system epss
scoring_elements 0.74028
published_at 2026-04-09T12:55:00Z
6
value 0.00799
scoring_system epss
scoring_elements 0.74051
published_at 2026-04-11T12:55:00Z
7
value 0.00799
scoring_system epss
scoring_elements 0.74032
published_at 2026-04-12T12:55:00Z
8
value 0.00799
scoring_system epss
scoring_elements 0.74025
published_at 2026-04-13T12:55:00Z
9
value 0.00799
scoring_system epss
scoring_elements 0.74064
published_at 2026-04-16T12:55:00Z
10
value 0.00799
scoring_system epss
scoring_elements 0.74073
published_at 2026-04-18T12:55:00Z
11
value 0.00799
scoring_system epss
scoring_elements 0.74065
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13230
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13230
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13230
2
reference_url https://usn.ubuntu.com/USN-5214-1/
reference_id USN-USN-5214-1
reference_type
scores
url https://usn.ubuntu.com/USN-5214-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2020-13230
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wrxa-2us4-vkf9
25
url VCID-ws4h-295a-9qgx
vulnerability_id VCID-ws4h-295a-9qgx
summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39516
reference_id
reference_type
scores
0
value 0.00284
scoring_system epss
scoring_elements 0.51728
published_at 2026-04-02T12:55:00Z
1
value 0.00284
scoring_system epss
scoring_elements 0.51754
published_at 2026-04-04T12:55:00Z
2
value 0.00284
scoring_system epss
scoring_elements 0.51714
published_at 2026-04-07T12:55:00Z
3
value 0.00284
scoring_system epss
scoring_elements 0.51768
published_at 2026-04-08T12:55:00Z
4
value 0.00284
scoring_system epss
scoring_elements 0.51765
published_at 2026-04-09T12:55:00Z
5
value 0.00284
scoring_system epss
scoring_elements 0.51815
published_at 2026-04-11T12:55:00Z
6
value 0.00284
scoring_system epss
scoring_elements 0.51794
published_at 2026-04-12T12:55:00Z
7
value 0.00284
scoring_system epss
scoring_elements 0.51778
published_at 2026-04-13T12:55:00Z
8
value 0.00284
scoring_system epss
scoring_elements 0.51819
published_at 2026-04-16T12:55:00Z
9
value 0.00284
scoring_system epss
scoring_elements 0.51826
published_at 2026-04-18T12:55:00Z
10
value 0.00284
scoring_system epss
scoring_elements 0.51807
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39516
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
9
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2023-39516
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ws4h-295a-9qgx
26
url VCID-xbb2-av4z-m3dp
vulnerability_id VCID-xbb2-av4z-m3dp
summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-46169
reference_id
reference_type
scores
0
value 0.94469
scoring_system epss
scoring_elements 0.99997
published_at 2026-04-21T12:55:00Z
1
value 0.94469
scoring_system epss
scoring_elements 0.99998
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-46169
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0730
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0730
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46169
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025648
reference_id 1025648
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025648
5
reference_url https://github.com/Cacti/cacti/commit/7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216
reference_id 7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-05-13T17:39:57Z/
url https://github.com/Cacti/cacti/commit/7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216
6
reference_url https://github.com/Cacti/cacti/commit/a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9
reference_id a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-05-13T17:39:57Z/
url https://github.com/Cacti/cacti/commit/a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9
7
reference_url https://github.com/Cacti/cacti/commit/b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52b
reference_id b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52b
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-05-13T17:39:57Z/
url https://github.com/Cacti/cacti/commit/b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52b
8
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51166.py
reference_id CVE-2022-46169
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51166.py
9
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf
reference_id GHSA-6p93-p743-35gf
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-05-13T17:39:57Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf
10
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
11
reference_url https://usn.ubuntu.com/7226-1/
reference_id USN-7226-1
reference_type
scores
url https://usn.ubuntu.com/7226-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2022-46169
risk_score 10.0
exploitability 2.0
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xbb2-av4z-m3dp
27
url VCID-xpvn-y3b8-skgb
vulnerability_id VCID-xpvn-y3b8-skgb
summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0730
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.53573
published_at 2026-04-01T12:55:00Z
1
value 0.00304
scoring_system epss
scoring_elements 0.53595
published_at 2026-04-02T12:55:00Z
2
value 0.00304
scoring_system epss
scoring_elements 0.53624
published_at 2026-04-04T12:55:00Z
3
value 0.00304
scoring_system epss
scoring_elements 0.53593
published_at 2026-04-07T12:55:00Z
4
value 0.00304
scoring_system epss
scoring_elements 0.53644
published_at 2026-04-08T12:55:00Z
5
value 0.00304
scoring_system epss
scoring_elements 0.53642
published_at 2026-04-09T12:55:00Z
6
value 0.00304
scoring_system epss
scoring_elements 0.53691
published_at 2026-04-11T12:55:00Z
7
value 0.00304
scoring_system epss
scoring_elements 0.53674
published_at 2026-04-12T12:55:00Z
8
value 0.00304
scoring_system epss
scoring_elements 0.53657
published_at 2026-04-13T12:55:00Z
9
value 0.00304
scoring_system epss
scoring_elements 0.53695
published_at 2026-04-16T12:55:00Z
10
value 0.00304
scoring_system epss
scoring_elements 0.537
published_at 2026-04-18T12:55:00Z
11
value 0.00304
scoring_system epss
scoring_elements 0.53682
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0730
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0730
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0730
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46169
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008693
reference_id 1008693
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008693
4
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2022-0730
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xpvn-y3b8-skgb
28
url VCID-ypan-57sx-vyam
vulnerability_id VCID-ypan-57sx-vyam
summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39361
reference_id
reference_type
scores
0
value 0.92278
scoring_system epss
scoring_elements 0.99717
published_at 2026-04-02T12:55:00Z
1
value 0.92278
scoring_system epss
scoring_elements 0.99718
published_at 2026-04-04T12:55:00Z
2
value 0.92278
scoring_system epss
scoring_elements 0.99719
published_at 2026-04-13T12:55:00Z
3
value 0.92278
scoring_system epss
scoring_elements 0.9972
published_at 2026-04-18T12:55:00Z
4
value 0.92278
scoring_system epss
scoring_elements 0.99722
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39361
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
9
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
10
reference_url https://usn.ubuntu.com/6720-1/
reference_id USN-6720-1
reference_type
scores
url https://usn.ubuntu.com/6720-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3y7d-ujep-4ydm
1
vulnerability VCID-44fx-4w2y-y3dy
2
vulnerability VCID-4e5y-1s19-r7g7
3
vulnerability VCID-4twv-1yys-eban
4
vulnerability VCID-6t6n-ws5n-wkay
5
vulnerability VCID-6ze5-dqdn-ykg3
6
vulnerability VCID-7m68-seeq-tuae
7
vulnerability VCID-85gc-u991-z3dw
8
vulnerability VCID-be57-gxmc-vqd4
9
vulnerability VCID-cqr3-wwhj-tyck
10
vulnerability VCID-fhtp-y9a5-vqgj
11
vulnerability VCID-hj89-pnag-3fer
12
vulnerability VCID-jkca-shmj-mbbu
13
vulnerability VCID-k7kv-za2s-dud5
14
vulnerability VCID-khhn-9sja-sfgr
15
vulnerability VCID-mebp-4rfu-vqcq
16
vulnerability VCID-pxqa-nkv3-jqfs
17
vulnerability VCID-qnz1-w7bb-97ee
18
vulnerability VCID-s8du-gzj2-gkc1
19
vulnerability VCID-sx2t-uzae-2fh9
20
vulnerability VCID-vbs9-gben-9kgc
21
vulnerability VCID-xdbp-7rtr-fyb7
22
vulnerability VCID-xkkm-ss3p-1udc
23
vulnerability VCID-y683-kz6e-afhv
24
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3
aliases CVE-2023-39361
risk_score 1.6
exploitability 2.0
weighted_severity 0.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ypan-57sx-vyam
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3