Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/586384?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "type": "deb", "namespace": "debian", "name": "cacti", "version": "1.2.16+ds1-2+deb11u3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.2.30+ds1-1", "latest_non_vulnerable_version": "1.2.30+ds1-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96094?format=api", "vulnerability_id": "VCID-3y7d-ujep-4ydm", "summary": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.7481", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74739", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74776", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74784", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74774", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74699", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74726", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.747", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74732", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74747", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.7477", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74749", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34340" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34340", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34340" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m", "reference_id": "GHSA-37x7-mfjv-mm7m", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:13:47Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "reference_id": "RBEOAFKRARQHTDIYSL723XAFJ2Q6624X", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:13:47Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/" }, { "reference_url": "https://usn.ubuntu.com/6969-1/", "reference_id": "USN-6969-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6969-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2024-34340" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3y7d-ujep-4ydm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96069?format=api", "vulnerability_id": "VCID-44fx-4w2y-y3dy", "summary": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31458", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06015", "scoring_system": "epss", "scoring_elements": "0.90739", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.06015", "scoring_system": "epss", "scoring_elements": "0.90711", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06015", "scoring_system": "epss", "scoring_elements": "0.9073", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06015", "scoring_system": "epss", "scoring_elements": "0.90728", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.06015", "scoring_system": "epss", "scoring_elements": "0.90726", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.06015", "scoring_system": "epss", "scoring_elements": "0.9067", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06015", "scoring_system": "epss", "scoring_elements": "0.9068", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06015", "scoring_system": "epss", "scoring_elements": "0.90689", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06015", "scoring_system": "epss", "scoring_elements": "0.907", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06015", "scoring_system": "epss", "scoring_elements": "0.90705", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06015", "scoring_system": "epss", "scoring_elements": "0.90714", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06015", "scoring_system": "epss", "scoring_elements": "0.90715", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31458" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31458", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31458" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x", "reference_id": "GHSA-jrxg-8wh8-943x", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:19:29Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "reference_id": "RBEOAFKRARQHTDIYSL723XAFJ2Q6624X", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:19:29Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/" }, { "reference_url": "https://usn.ubuntu.com/6969-1/", "reference_id": "USN-6969-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6969-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2024-31458" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-44fx-4w2y-y3dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96902?format=api", "vulnerability_id": "VCID-4e5y-1s19-r7g7", "summary": "Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are accepted, stored verbatim in the database, and later embedded into backend SNMP operations. In environments where downstream SNMP tooling or wrappers interpret newline-separated tokens as command boundaries, this can lead to unintended command execution with the privileges of the Cacti process. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57639", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.63927", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.63912", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.63921", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.63885", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.63842", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.63893", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.6391", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.63923", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.63909", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.63876", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66399" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-c7rr-2h93-7gjf", "reference_id": "GHSA-c7rr-2h93-7gjf", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-02T18:25:47Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-c7rr-2h93-7gjf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586386?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1" } ], "aliases": [ "CVE-2025-66399" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4e5y-1s19-r7g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96527?format=api", "vulnerability_id": "VCID-4twv-1yys-eban", "summary": "Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22604", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.98762", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.98754", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.98757", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.98758", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.98742", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.98746", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.98749", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.9875", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.98753", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574", "reference_id": "1094574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574" }, { "reference_url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_id": "c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/" } ], "url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36", "reference_id": "GHSA-c5j8-jxj3-hh36", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-22604" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4twv-1yys-eban" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96066?format=api", "vulnerability_id": "VCID-6t6n-ws5n-wkay", "summary": "Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31443", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65756", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65731", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65752", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65737", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65708", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65743", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65757", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65672", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65702", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65667", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65719", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31443" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31443" }, { "reference_url": "https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf", "reference_id": "f946fa537d19678f938ddbd784a10e3290d275cf", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/" } ], "url": "https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3", "reference_id": "GHSA-rqc8-78cm-85j3", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "reference_id": "RBEOAFKRARQHTDIYSL723XAFJ2Q6624X", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/" }, { "reference_url": "https://usn.ubuntu.com/6969-1/", "reference_id": "USN-6969-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6969-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2024-31443" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6t6n-ws5n-wkay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96207?format=api", "vulnerability_id": "VCID-6ze5-dqdn-ykg3", "summary": "Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45598", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19758", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1981", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19532", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19611", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19664", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19668", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24993", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24939", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24951", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24944", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24917", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.2486", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574", "reference_id": "1094574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2024-45598" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ze5-dqdn-ykg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96561?format=api", "vulnerability_id": "VCID-7m68-seeq-tuae", "summary": "Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24368", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2139", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21335", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29418", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29636", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29586", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29605", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29579", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29534", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.2964", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29678", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.2968", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34947", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574", "reference_id": "1094574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574" }, { "reference_url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_id": "c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/" } ], "url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c", "reference_id": "GHSA-f9c7-7rc3-574c", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-24368" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7m68-seeq-tuae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96001?format=api", "vulnerability_id": "VCID-85gc-u991-z3dw", "summary": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the \"Package Import\" feature, allows authenticated users having the \"Import Templates\" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25641", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.88383", "scoring_system": "epss", "scoring_elements": "0.99503", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.88383", "scoring_system": "epss", "scoring_elements": "0.99491", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.88383", "scoring_system": "epss", "scoring_elements": "0.99493", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.88383", "scoring_system": "epss", "scoring_elements": "0.99495", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.88383", "scoring_system": "epss", "scoring_elements": "0.99496", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.88383", "scoring_system": "epss", "scoring_elements": "0.99497", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.88383", "scoring_system": "epss", "scoring_elements": "0.99498", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.88383", "scoring_system": "epss", "scoring_elements": "0.99501", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.88383", "scoring_system": "epss", "scoring_elements": "0.99502", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.88501", "scoring_system": "epss", "scoring_elements": "0.99506", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25641" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/May/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/May/6" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52225.txt", "reference_id": "CVE-2024-25641", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52225.txt" }, { "reference_url": "https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210", "reference_id": "eff35b0ff26cc27c82d7880469ed6d5e3bef6210", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/" } ], "url": "https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88", "reference_id": "GHSA-7cmj-g5qc-pj88", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "reference_id": "RBEOAFKRARQHTDIYSL723XAFJ2Q6624X", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/" }, { "reference_url": "https://usn.ubuntu.com/6969-1/", "reference_id": "USN-6969-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6969-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2024-25641" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-85gc-u991-z3dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96189?format=api", "vulnerability_id": "VCID-be57-gxmc-vqd4", "summary": "Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90214", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90203", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90204", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.902", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90156", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90162", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90177", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90183", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90192", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90191", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90185", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07763", "scoring_system": "epss", "scoring_elements": "0.91918", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c", "reference_id": "GHSA-wh9c-v56x-v77c", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:07:47Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2024-43362" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-be57-gxmc-vqd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95328?format=api", "vulnerability_id": "VCID-cqr3-wwhj-tyck", "summary": "In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48538", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20847", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20976", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21177", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21232", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20945", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21026", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21085", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21103", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21059", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21007", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20997", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20996", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48538" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48538", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48538" }, { "reference_url": "https://github.com/Cacti/cacti/issues/5189", "reference_id": "5189", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:17:25Z/" } ], "url": "https://github.com/Cacti/cacti/issues/5189" }, { "reference_url": "https://docs.cacti.net/Settings-Auth-LDAP.md", "reference_id": "Settings-Auth-LDAP.md", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:17:25Z/" } ], "url": "https://docs.cacti.net/Settings-Auth-LDAP.md" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2022-48538" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cqr3-wwhj-tyck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96068?format=api", "vulnerability_id": "VCID-fhtp-y9a5-vqgj", "summary": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31445", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.39471", "scoring_system": "epss", "scoring_elements": "0.9731", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.39471", "scoring_system": "epss", "scoring_elements": "0.9728", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.39471", "scoring_system": "epss", "scoring_elements": "0.97285", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.39471", "scoring_system": "epss", "scoring_elements": "0.97286", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.39471", "scoring_system": "epss", "scoring_elements": "0.97293", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.39471", "scoring_system": "epss", "scoring_elements": "0.97296", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.39471", "scoring_system": "epss", "scoring_elements": "0.97297", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.39471", "scoring_system": "epss", "scoring_elements": "0.97298", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.39471", "scoring_system": "epss", "scoring_elements": "0.97306", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.39471", "scoring_system": "epss", "scoring_elements": "0.97308", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31445" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31445", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31445" }, { "reference_url": "https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717", "reference_id": "api_automation.php#L717", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/" } ], "url": "https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717" }, { "reference_url": "https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856", "reference_id": "api_automation.php#L856", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/" } ], "url": "https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856" }, { "reference_url": "https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886", "reference_id": "fd93c6e47651958b77c3bbe6a01fff695f81e886", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/" } ], "url": "https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc", "reference_id": "GHSA-vjph-r677-6pcc", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "reference_id": "RBEOAFKRARQHTDIYSL723XAFJ2Q6624X", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/" }, { "reference_url": "https://usn.ubuntu.com/6969-1/", "reference_id": "USN-6969-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6969-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2024-31445" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fhtp-y9a5-vqgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96190?format=api", "vulnerability_id": "VCID-hj89-pnag-3fer", "summary": "Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98888", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98879", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98883", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98868", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98869", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98872", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98873", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98875", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98876", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98878", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43363" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4", "reference_id": "GHSA-gxq4-mv8h-6qj4", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-08T14:21:20Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2024-43363" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hj89-pnag-3fer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96070?format=api", "vulnerability_id": "VCID-jkca-shmj-mbbu", "summary": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01844", "scoring_system": "epss", "scoring_elements": "0.83034", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01844", "scoring_system": "epss", "scoring_elements": "0.82955", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01844", "scoring_system": "epss", "scoring_elements": "0.82962", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01844", "scoring_system": "epss", "scoring_elements": "0.82977", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01844", "scoring_system": "epss", "scoring_elements": "0.82972", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01844", "scoring_system": "epss", "scoring_elements": "0.82968", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01844", "scoring_system": "epss", "scoring_elements": "0.83007", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01844", "scoring_system": "epss", "scoring_elements": "0.83006", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01844", "scoring_system": "epss", "scoring_elements": "0.8301", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01844", "scoring_system": "epss", "scoring_elements": "0.82921", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01844", "scoring_system": "epss", "scoring_elements": "0.82933", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01844", "scoring_system": "epss", "scoring_elements": "0.8293", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31459" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv", "reference_id": "GHSA-cx8g-hvq8-p2rv", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r", "reference_id": "GHSA-gj3f-p326-gh8r", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp", "reference_id": "GHSA-pfh9-gwm6-86vp", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "reference_id": "RBEOAFKRARQHTDIYSL723XAFJ2Q6624X", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/" }, { "reference_url": "https://usn.ubuntu.com/6969-1/", "reference_id": "USN-6969-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6969-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2024-31459" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jkca-shmj-mbbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96071?format=api", "vulnerability_id": "VCID-k7kv-za2s-dud5", "summary": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31460", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01692", "scoring_system": "epss", "scoring_elements": "0.82306", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01692", "scoring_system": "epss", "scoring_elements": "0.82241", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01692", "scoring_system": "epss", "scoring_elements": "0.8226", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01692", "scoring_system": "epss", "scoring_elements": "0.82253", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01692", "scoring_system": "epss", "scoring_elements": "0.82247", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01692", "scoring_system": "epss", "scoring_elements": "0.82284", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01692", "scoring_system": "epss", "scoring_elements": "0.82285", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01692", "scoring_system": "epss", "scoring_elements": "0.82191", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01692", "scoring_system": "epss", "scoring_elements": "0.82211", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01692", "scoring_system": "epss", "scoring_elements": "0.82207", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01692", "scoring_system": "epss", "scoring_elements": "0.82234", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31460" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31460" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv", "reference_id": "GHSA-cx8g-hvq8-p2rv", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r", "reference_id": "GHSA-gj3f-p326-gh8r", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "reference_id": "RBEOAFKRARQHTDIYSL723XAFJ2Q6624X", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/" }, { "reference_url": "https://usn.ubuntu.com/6969-1/", "reference_id": "USN-6969-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6969-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2024-31460" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k7kv-za2s-dud5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96560?format=api", "vulnerability_id": "VCID-khhn-9sja-sfgr", "summary": "Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24367", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90486", "scoring_system": "epss", "scoring_elements": "0.99612", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.90486", "scoring_system": "epss", "scoring_elements": "0.99609", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.90486", "scoring_system": "epss", "scoring_elements": "0.9961", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.90486", "scoring_system": "epss", "scoring_elements": "0.99611", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.90486", "scoring_system": "epss", "scoring_elements": "0.99606", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.90486", "scoring_system": "epss", "scoring_elements": "0.99608", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574", "reference_id": "1094574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574" }, { "reference_url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_id": "c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/" } ], "url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq", "reference_id": "GHSA-fxrq-fr7h-9rqq", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-24367" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-khhn-9sja-sfgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11742?format=api", "vulnerability_id": "VCID-mebp-4rfu-vqcq", "summary": "DOMpurify has a nesting-based mXSS\nDOMpurify was vulnerable to nesting-based mXSS \n\nfixed by [0ef5e537](https://github.com/cure53/DOMPurify/tree/0ef5e537a514f904b6aa1d7ad9e749e365d7185f) (2.x) and\n[merge 943](https://github.com/cure53/DOMPurify/pull/943)\n\nBackporter should be aware of GHSA-mmhx-hmjr-r674 (CVE-2024-45801) when cherry-picking\n\nPOC is avaible under [test](https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47875.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47875.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47875", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71939", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.72019", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71978", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71993", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.7201", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71986", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71974", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71935", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71959", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.72026", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00719", "scoring_system": "epss", "scoring_elements": "0.72529", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00719", "scoring_system": "epss", "scoring_elements": "0.72486", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875" }, { "reference_url": "http://seclists.org/fulldisclosure/2025/Apr/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2025/Apr/14" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/cure53/DOMPurify", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/cure53/DOMPurify" }, { "reference_url": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/" } ], "url": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098" }, { "reference_url": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/" } ], "url": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f" }, { "reference_url": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/" } ], "url": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a" }, { "reference_url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/" } ], "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47875", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47875" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983", "reference_id": "1084983", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318052", "reference_id": "2318052", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318052" }, { "reference_url": "https://github.com/advisories/GHSA-gx9m-whjm-85jf", "reference_id": "GHSA-gx9m-whjm-85jf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gx9m-whjm-85jf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10236", "reference_id": "RHSA-2024:10236", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10988", "reference_id": "RHSA-2024:10988", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10988" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8683", "reference_id": "RHSA-2024:8683", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8683" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8981", "reference_id": "RHSA-2024:8981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9473", "reference_id": "RHSA-2024:9473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9629", "reference_id": "RHSA-2024:9629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0329", "reference_id": "RHSA-2025:0329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0329" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2024-47875", "GHSA-gx9m-whjm-85jf" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mebp-4rfu-vqcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51602?format=api", "vulnerability_id": "VCID-pxqa-nkv3-jqfs", "summary": "Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30534", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.48534", "scoring_system": "epss", "scoring_elements": "0.97733", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.48534", "scoring_system": "epss", "scoring_elements": "0.97735", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.48534", "scoring_system": "epss", "scoring_elements": "0.9774", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.48534", "scoring_system": "epss", "scoring_elements": "0.97744", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.48534", "scoring_system": "epss", "scoring_elements": "0.97746", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.48534", "scoring_system": "epss", "scoring_elements": "0.97749", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.48534", "scoring_system": "epss", "scoring_elements": "0.9775", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.48534", "scoring_system": "epss", "scoring_elements": "0.97756", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.48534", "scoring_system": "epss", "scoring_elements": "0.97759", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.48534", "scoring_system": "epss", "scoring_elements": "0.97758", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30534" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30534", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30534" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/", "reference_id": "CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/" }, { "reference_url": "https://www.fastly.com/blog/cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25", "reference_id": "cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/" } ], "url": "https://www.fastly.com/blog/cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p", "reference_id": "GHSA-77rf-774j-6h3p", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p" }, { "reference_url": "https://security.gentoo.org/glsa/202412-02", "reference_id": "GLSA-202412-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-02" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/", "reference_id": "WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/", "reference_id": "WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586386?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1" } ], "aliases": [ "CVE-2023-30534" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pxqa-nkv3-jqfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95271?format=api", "vulnerability_id": "VCID-qnz1-w7bb-97ee", "summary": "Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41444", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.51846", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.51812", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.51838", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.51799", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.51854", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.51851", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.51903", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.51885", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.5187", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.51912", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.51919", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.51899", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41444" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41444", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41444" }, { "reference_url": "https://gist.github.com/enferas/9079535112e4f4ff2c1d2ce1c099d4c2", "reference_id": "9079535112e4f4ff2c1d2ce1c099d4c2", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:41:35Z/" } ], "url": "https://gist.github.com/enferas/9079535112e4f4ff2c1d2ce1c099d4c2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2022-41444" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qnz1-w7bb-97ee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96191?format=api", "vulnerability_id": "VCID-s8du-gzj2-gkc1", "summary": "Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90048", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90032", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90033", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.9003", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.89988", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.89993", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90009", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90014", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90024", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90022", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90016", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07542", "scoring_system": "epss", "scoring_elements": "0.91788", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5", "reference_id": "GHSA-fgc6-g8gc-wcg5", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:27Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2024-43364" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s8du-gzj2-gkc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96284?format=api", "vulnerability_id": "VCID-sx2t-uzae-2fh9", "summary": "Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54145", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24603", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24415", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.2464", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39346", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39587", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39638", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39609", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39525", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39616", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39631", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.3964", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39604", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574", "reference_id": "1094574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574" }, { "reference_url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_id": "c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/" } ], "url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp", "reference_id": "GHSA-fh3x-69rr-qqpp", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2024-54145" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sx2t-uzae-2fh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11772?format=api", "vulnerability_id": "VCID-vbs9-gben-9kgc", "summary": "DOMPurify vulnerable to tampering by prototype polution\ndompurify was vulnerable to prototype pollution\n\nFixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48910.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48910.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48910", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85636", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85615", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85619", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85613", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.8559", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85553", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85547", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85573", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85594", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85597", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85583", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02808", "scoring_system": "epss", "scoring_elements": "0.86074", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48910" }, { "reference_url": "https://github.com/cure53/DOMPurify", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/cure53/DOMPurify" }, { "reference_url": "https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-31T15:52:58Z/" } ], "url": "https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc" }, { "reference_url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-31T15:52:58Z/" } ], "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48910", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48910" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322949", "reference_id": "2322949", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322949" }, { "reference_url": "https://github.com/advisories/GHSA-p3vf-v8qc-cwcr", "reference_id": "GHSA-p3vf-v8qc-cwcr", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p3vf-v8qc-cwcr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10186", "reference_id": "RHSA-2024:10186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9583", "reference_id": "RHSA-2024:9583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0079", "reference_id": "RHSA-2025:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0082", "reference_id": "RHSA-2025:0082", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0082" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0654", "reference_id": "RHSA-2025:0654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0875", "reference_id": "RHSA-2025:0875", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0875" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18233", "reference_id": "RHSA-2025:18233", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18233" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19003", "reference_id": "RHSA-2025:19003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19017", "reference_id": "RHSA-2025:19017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19047", "reference_id": "RHSA-2025:19047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19306", "reference_id": "RHSA-2025:19306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19306" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19314", "reference_id": "RHSA-2025:19314", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19895", "reference_id": "RHSA-2025:19895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22284", "reference_id": "RHSA-2025:22284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22284" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2024-48910", "GHSA-p3vf-v8qc-cwcr" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vbs9-gben-9kgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96192?format=api", "vulnerability_id": "VCID-xdbp-7rtr-fyb7", "summary": "Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90048", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90033", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.9003", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.89975", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.89988", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.89993", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90009", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90014", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90024", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90022", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90016", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90032", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr", "reference_id": "GHSA-49f2-hwx9-qffr", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:21Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2024-43365" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xdbp-7rtr-fyb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95769?format=api", "vulnerability_id": "VCID-xkkm-ss3p-1udc", "summary": "SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46490", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.42994", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.4306", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43071", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43098", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43037", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.4309", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43102", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43124", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43075", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43135", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43125", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46490" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46490" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059286", "reference_id": "1059286", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059286" }, { "reference_url": "https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53", "reference_id": "a95632111138fcd7ccf7432ccb145b53", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T14:48:55Z/" } ], "url": "https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c", "reference_id": "GHSA-f4r3-53jr-654c", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T14:48:55Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586386?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1" } ], "aliases": [ "CVE-2023-46490" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xkkm-ss3p-1udc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96067?format=api", "vulnerability_id": "VCID-y683-kz6e-afhv", "summary": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31444", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09401", "scoring_system": "epss", "scoring_elements": "0.92809", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.09401", "scoring_system": "epss", "scoring_elements": "0.92788", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.09401", "scoring_system": "epss", "scoring_elements": "0.92787", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09401", "scoring_system": "epss", "scoring_elements": "0.92798", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.09401", "scoring_system": "epss", "scoring_elements": "0.92802", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.09401", "scoring_system": "epss", "scoring_elements": "0.92767", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09401", "scoring_system": "epss", "scoring_elements": "0.92772", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.09401", "scoring_system": "epss", "scoring_elements": "0.92769", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.09401", "scoring_system": "epss", "scoring_elements": "0.92778", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.09401", "scoring_system": "epss", "scoring_elements": "0.92783", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31444" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31444", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31444" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87", "reference_id": "GHSA-p4ch-7hjw-6m87", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:22:10Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "reference_id": "RBEOAFKRARQHTDIYSL723XAFJ2Q6624X", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:22:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/" }, { "reference_url": "https://usn.ubuntu.com/6969-1/", "reference_id": "USN-6969-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6969-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2024-31444" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y683-kz6e-afhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96697?format=api", "vulnerability_id": "VCID-zxu5-equ9-1kam", "summary": "A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper sanitization. As a result, attackers can inject arbitrary HTML elements (e.g., <h1>, <b>, <svg>) into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-45160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01733", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01724", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02697", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02606", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02589", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02597", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02706", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02617", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02621", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02641", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0262", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-45160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-45160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-45160" }, { "reference_url": "https://gist.github.com/BEND0US/49d76897a5bb676d8c3f51425553cc32", "reference_id": "49d76897a5bb676d8c3f51425553cc32", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T17:51:08Z/" } ], "url": "https://gist.github.com/BEND0US/49d76897a5bb676d8c3f51425553cc32" }, { "reference_url": "https://github.com/Cacti/cacti", "reference_id": "cacti", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T17:51:08Z/" } ], "url": "https://github.com/Cacti/cacti" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586385?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-45160" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxu5-equ9-1kam" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51616?format=api", "vulnerability_id": "VCID-34z4-1zqk-afcm", "summary": "Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49161", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49131", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49174", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49205", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49207", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.4916", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49155", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49181", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49164", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49167", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49113", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/", "reference_id": "CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5550", "reference_id": "dsa-5550", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5550" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h", "reference_id": "GHSA-hrg9-qqqx-wc4h", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h" }, { "reference_url": "https://security.gentoo.org/glsa/202412-02", "reference_id": "GLSA-202412-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-02" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html", "reference_id": "msg00018.html", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/", "reference_id": "WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/", "reference_id": "WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-39515" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-34z4-1zqk-afcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94514?format=api", "vulnerability_id": "VCID-3tqy-g42y-9fef", "summary": "A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25706", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01458", "scoring_system": "epss", "scoring_elements": "0.80772", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01458", "scoring_system": "epss", "scoring_elements": "0.80781", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01458", "scoring_system": "epss", "scoring_elements": "0.80802", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01458", "scoring_system": "epss", "scoring_elements": "0.80799", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01458", "scoring_system": "epss", "scoring_elements": "0.80826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01458", "scoring_system": "epss", "scoring_elements": "0.80835", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01458", "scoring_system": "epss", "scoring_elements": "0.80851", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01458", "scoring_system": "epss", "scoring_elements": "0.80836", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01458", "scoring_system": "epss", "scoring_elements": "0.80829", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01458", "scoring_system": "epss", "scoring_elements": "0.80866", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01458", "scoring_system": "epss", "scoring_elements": "0.80868", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01458", "scoring_system": "epss", "scoring_elements": "0.8087", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01458", "scoring_system": "epss", "scoring_elements": "0.80891", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25706" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2020-25706" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3tqy-g42y-9fef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51609?format=api", "vulnerability_id": "VCID-5ykb-6nvx-k3e4", "summary": "Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.87228", "scoring_system": "epss", "scoring_elements": "0.99443", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.87228", "scoring_system": "epss", "scoring_elements": "0.99445", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.87228", "scoring_system": "epss", "scoring_elements": "0.99446", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.87228", "scoring_system": "epss", "scoring_elements": "0.99447", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.87228", "scoring_system": "epss", "scoring_elements": "0.99448", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.87228", "scoring_system": "epss", "scoring_elements": "0.99449", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.87228", "scoring_system": "epss", "scoring_elements": "0.99452", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.87228", "scoring_system": "epss", "scoring_elements": "0.99453", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.87228", "scoring_system": "epss", "scoring_elements": "0.99454", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516" }, { "reference_url": "http://packetstormsecurity.com/files/175029/Cacti-1.2.24-Command-Injection.html", "reference_id": "Cacti-1.2.24-Command-Injection.html", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/" } ], "url": "http://packetstormsecurity.com/files/175029/Cacti-1.2.24-Command-Injection.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/", "reference_id": "CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51740.txt", "reference_id": "CVE-2023-39362", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51740.txt" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5550", "reference_id": "dsa-5550", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5550" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp", "reference_id": "GHSA-g6ff-58cj-x3cp", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp" }, { "reference_url": "https://security.gentoo.org/glsa/202412-02", "reference_id": "GLSA-202412-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-02" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html", "reference_id": "msg00018.html", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/", "reference_id": "WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/", "reference_id": "WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-39362" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ykb-6nvx-k3e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41772?format=api", "vulnerability_id": "VCID-8nbc-ethb-6kcn", "summary": "Multiple vulnerabilities have been found in Cacti, the worst of\n which could lead to the remote execution of arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17358", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02298", "scoring_system": "epss", "scoring_elements": "0.84657", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02298", "scoring_system": "epss", "scoring_elements": "0.84671", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02298", "scoring_system": "epss", "scoring_elements": "0.84692", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02298", "scoring_system": "epss", "scoring_elements": "0.84694", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02298", "scoring_system": "epss", "scoring_elements": "0.84716", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02298", "scoring_system": "epss", "scoring_elements": "0.84723", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02298", "scoring_system": "epss", "scoring_elements": "0.84741", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02298", "scoring_system": "epss", "scoring_elements": "0.84736", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02298", "scoring_system": "epss", "scoring_elements": "0.8473", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02298", "scoring_system": "epss", "scoring_elements": "0.84751", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02298", "scoring_system": "epss", "scoring_elements": "0.84753", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02298", "scoring_system": "epss", "scoring_elements": "0.84754", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02298", "scoring_system": "epss", "scoring_elements": "0.84781", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17358" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947375", "reference_id": "947375", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947375" }, { "reference_url": "https://security.gentoo.org/glsa/202003-40", "reference_id": "GLSA-202003-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037314?format=api", "purl": "pkg:deb/debian/cacti@0.8.8h%2Bds1-10%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ff1-vhuj-hkdc" }, { "vulnerability": "VCID-29q9-twke-2bdx" }, { "vulnerability": "VCID-2z9e-eg1f-bqg5" }, { "vulnerability": "VCID-34z4-1zqk-afcm" }, { "vulnerability": "VCID-3tqy-g42y-9fef" }, { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-5ykb-6nvx-k3e4" }, { "vulnerability": "VCID-6n31-d4xy-d3fj" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7dp4-9zks-mbgd" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-86gq-jsgy-8uep" }, { "vulnerability": "VCID-89pf-69jk-syfk" }, { "vulnerability": "VCID-8nbc-ethb-6kcn" }, { "vulnerability": "VCID-9snd-k1cz-gyb5" }, { "vulnerability": "VCID-9swv-zvke-ubet" }, { "vulnerability": "VCID-9vce-mkth-v3gn" }, { "vulnerability": "VCID-a8j1-24bw-gudu" }, { "vulnerability": "VCID-aajr-s1n1-4ybu" }, { "vulnerability": "VCID-afss-mcgj-7bce" }, { "vulnerability": "VCID-akj7-kh8f-97ct" }, { "vulnerability": "VCID-ay5a-nkmf-5yar" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-bj2d-v5dw-ykc7" }, { "vulnerability": "VCID-c2b8-ss11-9yhq" }, { "vulnerability": "VCID-c4w5-q88d-z3hg" }, { "vulnerability": "VCID-cre7-1uhc-bka2" }, { "vulnerability": "VCID-cxs3-zh36-m7en" }, { "vulnerability": "VCID-d7db-n89n-qyd8" }, { "vulnerability": "VCID-e48s-dv1e-4fgn" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-fwp2-z586-ebbq" }, { "vulnerability": "VCID-gdfw-gryt-8qhg" }, { "vulnerability": "VCID-h3qa-svy4-1fcr" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-huf2-qwju-6bf2" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k6z6-4pb4-tbeu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-kkn3-ars7-gkbk" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-nbfc-ex1y-37he" }, { "vulnerability": "VCID-pau5-hfbv-nucp" }, { "vulnerability": "VCID-q88b-smmh-77ga" }, { "vulnerability": "VCID-qbvv-frc2-rqbk" }, { "vulnerability": "VCID-qncj-2u1d-7bgu" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-qvkt-vk55-4bbx" }, { "vulnerability": "VCID-rftg-byj2-jkh9" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sb43-hapb-1uf2" }, { "vulnerability": "VCID-ses2-y1j2-vbbx" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-u478-39pb-tkay" }, { "vulnerability": "VCID-uj1s-uuyx-mya5" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-vsjt-qjyw-hbfs" }, { "vulnerability": "VCID-w1vc-ugdq-aygx" }, { "vulnerability": "VCID-wrxa-2us4-vkf9" }, { "vulnerability": "VCID-ws4h-295a-9qgx" }, { "vulnerability": "VCID-x1fg-6mq4-d7ds" }, { "vulnerability": "VCID-xbb2-av4z-m3dp" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xpvn-y3b8-skgb" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-yjny-ubdp-7few" }, { "vulnerability": "VCID-ypan-57sx-vyam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0.8.8h%252Bds1-10%252Bdeb9u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037942?format=api", "purl": "pkg:deb/debian/cacti@1.2.2%2Bds1-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z4-1zqk-afcm" }, { "vulnerability": "VCID-3tqy-g42y-9fef" }, { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-5ykb-6nvx-k3e4" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-8nbc-ethb-6kcn" }, { "vulnerability": "VCID-9swv-zvke-ubet" }, { "vulnerability": "VCID-a8j1-24bw-gudu" }, { "vulnerability": "VCID-akj7-kh8f-97ct" }, { "vulnerability": "VCID-ay5a-nkmf-5yar" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-c2b8-ss11-9yhq" }, { "vulnerability": "VCID-cre7-1uhc-bka2" }, { "vulnerability": "VCID-cxs3-zh36-m7en" }, { "vulnerability": "VCID-d7db-n89n-qyd8" }, { "vulnerability": "VCID-e48s-dv1e-4fgn" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-fwp2-z586-ebbq" }, { "vulnerability": "VCID-h3qa-svy4-1fcr" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-huf2-qwju-6bf2" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k6z6-4pb4-tbeu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pau5-hfbv-nucp" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-qvkt-vk55-4bbx" }, { "vulnerability": "VCID-rftg-byj2-jkh9" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sb43-hapb-1uf2" }, { "vulnerability": "VCID-ses2-y1j2-vbbx" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-uj1s-uuyx-mya5" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-vsjt-qjyw-hbfs" }, { "vulnerability": "VCID-wrxa-2us4-vkf9" }, { "vulnerability": "VCID-ws4h-295a-9qgx" }, { "vulnerability": "VCID-xbb2-av4z-m3dp" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xpvn-y3b8-skgb" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-ypan-57sx-vyam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.2%252Bds1-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2019-17358" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8nbc-ethb-6kcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49288?format=api", "vulnerability_id": "VCID-9swv-zvke-ubet", "summary": "Multiple vulnerabilities have been found in Cacti, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93926", "scoring_system": "epss", "scoring_elements": "0.99879", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.93926", "scoring_system": "epss", "scoring_elements": "0.9988", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.93926", "scoring_system": "epss", "scoring_elements": "0.99881", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.94091", "scoring_system": "epss", "scoring_elements": "0.99904", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.94091", "scoring_system": "epss", "scoring_elements": "0.99905", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8813" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951832", "reference_id": "951832", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951832" }, { "reference_url": "https://github.com/mhaskar/CVE-2020-8813/blob/4877c2b2f378ce5937f56b259b69b02840514d4c/Cacti-postauth-rce.py", "reference_id": "CVE-2020-8813", "reference_type": "exploit", "scores": [], "url": "https://github.com/mhaskar/CVE-2020-8813/blob/4877c2b2f378ce5937f56b259b69b02840514d4c/Cacti-postauth-rce.py" }, { "reference_url": "https://github.com/mhaskar/CVE-2020-8813/blob/dfb48378f39249ff54ecf24ccd3b89db26971ccf/Cacti-preauth-rce.py", "reference_id": "CVE-2020-8813", "reference_type": "exploit", "scores": [], "url": "https://github.com/mhaskar/CVE-2020-8813/blob/dfb48378f39249ff54ecf24ccd3b89db26971ccf/Cacti-preauth-rce.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/48144.py", "reference_id": "CVE-2020-8813", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/48144.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/48145.py", "reference_id": "CVE-2020-8813", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/48145.py" }, { "reference_url": "https://security.gentoo.org/glsa/202004-16", "reference_id": "GLSA-202004-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202004-16" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2020-8813" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9swv-zvke-ubet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95673?format=api", "vulnerability_id": "VCID-a8j1-24bw-gudu", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.3773", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37755", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37633", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37684", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37697", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37711", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37676", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37648", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37695", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37678", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37616", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37379", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-39364" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a8j1-24bw-gudu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95822?format=api", "vulnerability_id": "VCID-akj7-kh8f-97ct", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49088", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0102", "scoring_system": "epss", "scoring_elements": "0.77288", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0102", "scoring_system": "epss", "scoring_elements": "0.77177", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0102", "scoring_system": "epss", "scoring_elements": "0.7721", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0102", "scoring_system": "epss", "scoring_elements": "0.77218", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0102", "scoring_system": "epss", "scoring_elements": "0.77246", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0102", "scoring_system": "epss", "scoring_elements": "0.77225", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0102", "scoring_system": "epss", "scoring_elements": "0.77221", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0102", "scoring_system": "epss", "scoring_elements": "0.77261", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0102", "scoring_system": "epss", "scoring_elements": "0.77262", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0102", "scoring_system": "epss", "scoring_elements": "0.77254", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0102", "scoring_system": "epss", "scoring_elements": "0.77167", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0102", "scoring_system": "epss", "scoring_elements": "0.77196", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49088" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088" }, { "reference_url": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php", "reference_id": "data_debug.php", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/" } ], "url": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h", "reference_id": "GHSA-hrg9-qqqx-wc4h", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x", "reference_id": "GHSA-q7g7-gcf6-wh4x", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html", "reference_id": "msg00018.html", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "reference_id": "RBEOAFKRARQHTDIYSL723XAFJ2Q6624X", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-49088" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-akj7-kh8f-97ct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95821?format=api", "vulnerability_id": "VCID-ay5a-nkmf-5yar", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49086", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76305", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76335", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76314", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76347", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76361", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76387", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76365", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.7636", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76401", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76407", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76392", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76426", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254", "reference_id": "1059254", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-49086" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ay5a-nkmf-5yar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51607?format=api", "vulnerability_id": "VCID-c2b8-ss11-9yhq", "summary": "Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39360", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70215", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70232", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70209", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70255", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.7027", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70294", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70279", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70267", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70308", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70317", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70298", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70351", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088" }, { "reference_url": "https://security.gentoo.org/glsa/202412-02", "reference_id": "GLSA-202412-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-39360" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c2b8-ss11-9yhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41770?format=api", "vulnerability_id": "VCID-cre7-1uhc-bka2", "summary": "Multiple vulnerabilities have been found in Cacti, the worst of\n which could lead to the remote execution of arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16723", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50267", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50293", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50221", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50261", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.5029", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50238", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50292", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50284", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50312", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50286", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50274", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50318", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50319", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16723" }, { "reference_url": "https://github.com/Cacti/cacti/issues/2964", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Cacti/cacti/issues/2964" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZO3ROHHPKLH2JRW7ES5FYSQTWIPNVLQB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZO3ROHHPKLH2JRW7ES5FYSQTWIPNVLQB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZSCUUCKSYVZLN3PQE7NU76AFWUGT3E2D/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZSCUUCKSYVZLN3PQE7NU76AFWUGT3E2D/" }, { "reference_url": "https://seclists.org/bugtraq/2020/Jan/25", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2020/Jan/25" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4604" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941036", "reference_id": "941036", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941036" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16723", "reference_id": "CVE-2019-16723", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16723" }, { "reference_url": "https://security.gentoo.org/glsa/202003-40", "reference_id": "GLSA-202003-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2019-16723" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cre7-1uhc-bka2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41773?format=api", "vulnerability_id": "VCID-cxs3-zh36-m7en", "summary": "Multiple vulnerabilities have been found in Cacti, the worst of\n which could lead to the remote execution of arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7106", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04094", "scoring_system": "epss", "scoring_elements": "0.88531", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04094", "scoring_system": "epss", "scoring_elements": "0.88539", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04094", "scoring_system": "epss", "scoring_elements": "0.88556", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04094", "scoring_system": "epss", "scoring_elements": "0.88559", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04094", "scoring_system": "epss", "scoring_elements": "0.88577", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04094", "scoring_system": "epss", "scoring_elements": "0.88582", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04094", "scoring_system": "epss", "scoring_elements": "0.88594", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04094", "scoring_system": "epss", "scoring_elements": "0.88586", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04094", "scoring_system": "epss", "scoring_elements": "0.886", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04094", "scoring_system": "epss", "scoring_elements": "0.88597", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04094", "scoring_system": "epss", "scoring_elements": "0.8861", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7106" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7106", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7106" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949996", "reference_id": "949996", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949996" }, { "reference_url": "https://security.gentoo.org/glsa/202003-40", "reference_id": "GLSA-202003-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2020-7106" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cxs3-zh36-m7en" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95819?format=api", "vulnerability_id": "VCID-d7db-n89n-qyd8", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49084", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.88341", "scoring_system": "epss", "scoring_elements": "0.99488", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.88341", "scoring_system": "epss", "scoring_elements": "0.9949", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.88341", "scoring_system": "epss", "scoring_elements": "0.99492", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.88341", "scoring_system": "epss", "scoring_elements": "0.99493", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.88341", "scoring_system": "epss", "scoring_elements": "0.99494", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.88341", "scoring_system": "epss", "scoring_elements": "0.99495", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.88341", "scoring_system": "epss", "scoring_elements": "0.99498", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.88341", "scoring_system": "epss", "scoring_elements": "0.99499", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.88341", "scoring_system": "epss", "scoring_elements": "0.995", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.88341", "scoring_system": "epss", "scoring_elements": "0.99501", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254", "reference_id": "1059254", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-49084" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d7db-n89n-qyd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94356?format=api", "vulnerability_id": "VCID-e48s-dv1e-4fgn", "summary": "In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63694", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63754", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.6378", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63739", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63791", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63808", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63821", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63807", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63773", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63809", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63818", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63806", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63823", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13231" }, { "reference_url": "https://usn.ubuntu.com/USN-5214-1/", "reference_id": "USN-USN-5214-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5214-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2020-13231" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e48s-dv1e-4fgn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41771?format=api", "vulnerability_id": "VCID-fwp2-z586-ebbq", "summary": "Multiple vulnerabilities have been found in Cacti, the worst of\n which could lead to the remote execution of arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17357", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16157", "scoring_system": "epss", "scoring_elements": "0.94764", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.16157", "scoring_system": "epss", "scoring_elements": "0.94774", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.16157", "scoring_system": "epss", "scoring_elements": "0.94778", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.16157", "scoring_system": "epss", "scoring_elements": "0.94779", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.16157", "scoring_system": "epss", "scoring_elements": "0.94788", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.16157", "scoring_system": "epss", "scoring_elements": "0.94792", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.16157", "scoring_system": "epss", "scoring_elements": "0.94797", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.16157", "scoring_system": "epss", "scoring_elements": "0.948", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.16157", "scoring_system": "epss", "scoring_elements": "0.94801", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.16157", "scoring_system": "epss", "scoring_elements": "0.94808", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.16157", "scoring_system": "epss", "scoring_elements": "0.94812", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.16157", "scoring_system": "epss", "scoring_elements": "0.94814", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.16157", "scoring_system": "epss", "scoring_elements": "0.94816", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17357" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947374", "reference_id": "947374", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947374" }, { "reference_url": "https://security.gentoo.org/glsa/202003-40", "reference_id": "GLSA-202003-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2019-17357" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwp2-z586-ebbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95820?format=api", "vulnerability_id": "VCID-h3qa-svy4-1fcr", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49085", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91404", "scoring_system": "epss", "scoring_elements": "0.99656", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.91404", "scoring_system": "epss", "scoring_elements": "0.99658", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.91404", "scoring_system": "epss", "scoring_elements": "0.99659", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.91404", "scoring_system": "epss", "scoring_elements": "0.9966", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.91404", "scoring_system": "epss", "scoring_elements": "0.99661", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.91404", "scoring_system": "epss", "scoring_elements": "0.99662", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.91404", "scoring_system": "epss", "scoring_elements": "0.99663", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.91404", "scoring_system": "epss", "scoring_elements": "0.99664", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.91404", "scoring_system": "epss", "scoring_elements": "0.99665", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.91404", "scoring_system": "epss", "scoring_elements": "0.99667", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-49085" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h3qa-svy4-1fcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51610?format=api", "vulnerability_id": "VCID-huf2-qwju-6bf2", "summary": "Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38327", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38352", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38217", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38267", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38275", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38294", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38258", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38234", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38281", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.3826", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38196", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38031", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/", "reference_id": "CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5550", "reference_id": "dsa-5550", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5550" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22", "reference_id": "GHSA-v5w7-hww7-2f22", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22" }, { "reference_url": "https://security.gentoo.org/glsa/202412-02", "reference_id": "GLSA-202412-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-02" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html", "reference_id": "msg00018.html", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/", "reference_id": "WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/", "reference_id": "WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-39365" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-huf2-qwju-6bf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94474?format=api", "vulnerability_id": "VCID-k6z6-4pb4-tbeu", "summary": "Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-23226", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01252", "scoring_system": "epss", "scoring_elements": "0.79296", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01252", "scoring_system": "epss", "scoring_elements": "0.79303", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01252", "scoring_system": "epss", "scoring_elements": "0.79327", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01252", "scoring_system": "epss", "scoring_elements": "0.79313", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01252", "scoring_system": "epss", "scoring_elements": "0.79338", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01252", "scoring_system": "epss", "scoring_elements": "0.79348", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01252", "scoring_system": "epss", "scoring_elements": "0.79371", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01252", "scoring_system": "epss", "scoring_elements": "0.79356", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01252", "scoring_system": "epss", "scoring_elements": "0.79345", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01252", "scoring_system": "epss", "scoring_elements": "0.79373", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01252", "scoring_system": "epss", "scoring_elements": "0.79368", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01252", "scoring_system": "epss", "scoring_elements": "0.79369", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01252", "scoring_system": "epss", "scoring_elements": "0.79402", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-23226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23226" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2020-23226" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k6z6-4pb4-tbeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51614?format=api", "vulnerability_id": "VCID-pau5-hfbv-nucp", "summary": "Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52839", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52865", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52832", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52884", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52878", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52928", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52912", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52895", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52933", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.5294", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52923", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.5289", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088" }, { "reference_url": "https://security.gentoo.org/glsa/202412-02", "reference_id": "GLSA-202412-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-39513" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pau5-hfbv-nucp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32093?format=api", "vulnerability_id": "VCID-qvkt-vk55-4bbx", "summary": "A vulnerability in Cacti could lead to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35701", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.83013", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82885", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82901", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82914", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.8291", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82936", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82943", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82958", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82953", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82949", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82988", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82987", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82991", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35701" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35701", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35701" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979998", "reference_id": "979998", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979998" }, { "reference_url": "https://security.archlinux.org/AVG-1433", "reference_id": "AVG-1433", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1433" }, { "reference_url": "https://security.gentoo.org/glsa/202101-31", "reference_id": "GLSA-202101-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202101-31" }, { "reference_url": "https://usn.ubuntu.com/USN-5214-1/", "reference_id": "USN-USN-5214-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5214-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2020-35701" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qvkt-vk55-4bbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95623?format=api", "vulnerability_id": "VCID-rftg-byj2-jkh9", "summary": "Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37543", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.70029", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69978", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69893", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69907", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69884", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69932", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69949", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69972", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69957", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69943", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69986", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69996", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37543" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37543", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37543" }, { "reference_url": "https://medium.com/%40hussainfathy99/exciting-news-my-first-cve-discovery-cve-2023-37543-idor-vulnerability-in-cacti-bbb6c386afed", "reference_id": "exciting-news-my-first-cve-discovery-cve-2023-37543-idor-vulnerability-in-cacti-bbb6c386afed", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T20:34:34Z/" } ], "url": "https://medium.com/%40hussainfathy99/exciting-news-my-first-cve-discovery-cve-2023-37543-idor-vulnerability-in-cacti-bbb6c386afed" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-4x82-8w8m-w8hj", "reference_id": "GHSA-4x82-8w8m-w8hj", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T20:34:34Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-4x82-8w8m-w8hj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-37543" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rftg-byj2-jkh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51604?format=api", "vulnerability_id": "VCID-sb43-hapb-1uf2", "summary": "Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39357", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03246", "scoring_system": "epss", "scoring_elements": "0.87071", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03246", "scoring_system": "epss", "scoring_elements": "0.8709", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03246", "scoring_system": "epss", "scoring_elements": "0.87083", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03246", "scoring_system": "epss", "scoring_elements": "0.87103", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03246", "scoring_system": "epss", "scoring_elements": "0.87111", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03246", "scoring_system": "epss", "scoring_elements": "0.87124", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03246", "scoring_system": "epss", "scoring_elements": "0.87119", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03246", "scoring_system": "epss", "scoring_elements": "0.87114", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03246", "scoring_system": "epss", "scoring_elements": "0.8713", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03246", "scoring_system": "epss", "scoring_elements": "0.87134", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03246", "scoring_system": "epss", "scoring_elements": "0.87131", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03246", "scoring_system": "epss", "scoring_elements": "0.8715", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516" }, { "reference_url": "https://security.gentoo.org/glsa/202412-02", "reference_id": "GLSA-202412-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-39357" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sb43-hapb-1uf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61392?format=api", "vulnerability_id": "VCID-ses2-y1j2-vbbx", "summary": "Multiple vulnerabilities have been found in Cacti, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14295", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.81199", "scoring_system": "epss", "scoring_elements": "0.99156", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.81199", "scoring_system": "epss", "scoring_elements": "0.99157", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.81199", "scoring_system": "epss", "scoring_elements": "0.99159", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.81199", "scoring_system": "epss", "scoring_elements": "0.99162", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.81199", "scoring_system": "epss", "scoring_elements": "0.99164", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.81199", "scoring_system": "epss", "scoring_elements": "0.99165", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.81199", "scoring_system": "epss", "scoring_elements": "0.99167", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.81199", "scoring_system": "epss", "scoring_elements": "0.99169", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14295" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14295", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14295" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963139", "reference_id": "963139", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963139" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49810.py", "reference_id": "CVE-2020-14295", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49810.py" }, { "reference_url": "https://usn.ubuntu.com/USN-5214-1/", "reference_id": "USN-USN-5214-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5214-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2020-14295" ], "risk_score": 1.4, "exploitability": "2.0", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ses2-y1j2-vbbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41774?format=api", "vulnerability_id": "VCID-uj1s-uuyx-mya5", "summary": "Multiple vulnerabilities have been found in Cacti, the worst of\n which could lead to the remote execution of arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7237", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.46813", "scoring_system": "epss", "scoring_elements": "0.97647", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.46813", "scoring_system": "epss", "scoring_elements": "0.97653", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.46813", "scoring_system": "epss", "scoring_elements": "0.97655", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.46813", "scoring_system": "epss", "scoring_elements": "0.97656", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.46813", "scoring_system": "epss", "scoring_elements": "0.9766", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.46813", "scoring_system": "epss", "scoring_elements": "0.97662", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.46813", "scoring_system": "epss", "scoring_elements": "0.97664", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.46813", "scoring_system": "epss", "scoring_elements": "0.97667", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.46813", "scoring_system": "epss", "scoring_elements": "0.97674", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.46813", "scoring_system": "epss", "scoring_elements": "0.97677", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.46813", "scoring_system": "epss", "scoring_elements": "0.97676", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7237" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7237", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7237" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949997", "reference_id": "949997", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949997" }, { "reference_url": "https://security.gentoo.org/glsa/202003-40", "reference_id": "GLSA-202003-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2020-7237" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uj1s-uuyx-mya5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51606?format=api", "vulnerability_id": "VCID-vsjt-qjyw-hbfs", "summary": "Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39359", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04724", "scoring_system": "epss", "scoring_elements": "0.89353", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04724", "scoring_system": "epss", "scoring_elements": "0.89365", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04724", "scoring_system": "epss", "scoring_elements": "0.89368", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04724", "scoring_system": "epss", "scoring_elements": "0.89385", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04724", "scoring_system": "epss", "scoring_elements": "0.89388", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04724", "scoring_system": "epss", "scoring_elements": "0.89397", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04724", "scoring_system": "epss", "scoring_elements": "0.89394", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04724", "scoring_system": "epss", "scoring_elements": "0.8939", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04724", "scoring_system": "epss", "scoring_elements": "0.89405", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04724", "scoring_system": "epss", "scoring_elements": "0.89406", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04724", "scoring_system": "epss", "scoring_elements": "0.89422", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/", "reference_id": "CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5550", "reference_id": "dsa-5550", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5550" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-q4wh-3f9w-836h", "reference_id": "GHSA-q4wh-3f9w-836h", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-q4wh-3f9w-836h" }, { "reference_url": "https://security.gentoo.org/glsa/202412-02", "reference_id": "GLSA-202412-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-02" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/", "reference_id": "WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/", "reference_id": "WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-39359" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vsjt-qjyw-hbfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94355?format=api", "vulnerability_id": "VCID-wrxa-2us4-vkf9", "summary": "In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.73977", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.73984", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.7401", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.73981", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74015", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74028", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74051", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74032", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74025", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74064", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74073", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74065", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74099", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13230" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13230", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13230" }, { "reference_url": "https://usn.ubuntu.com/USN-5214-1/", "reference_id": "USN-USN-5214-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5214-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2020-13230" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wrxa-2us4-vkf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51617?format=api", "vulnerability_id": "VCID-ws4h-295a-9qgx", "summary": "Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39516", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51728", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51754", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51714", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51768", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51765", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51815", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51794", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51778", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51819", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51826", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51807", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51757", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39516" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516" }, { "reference_url": "https://security.gentoo.org/glsa/202412-02", "reference_id": "GLSA-202412-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-39516" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ws4h-295a-9qgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51600?format=api", "vulnerability_id": "VCID-xbb2-av4z-m3dp", "summary": "Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-46169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94469", "scoring_system": "epss", "scoring_elements": "0.99997", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.94469", "scoring_system": "epss", "scoring_elements": "0.99998", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-46169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0730", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0730" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46169" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025648", "reference_id": "1025648", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025648" }, { "reference_url": "https://github.com/Cacti/cacti/commit/7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216", "reference_id": "7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-05-13T17:39:57Z/" } ], "url": "https://github.com/Cacti/cacti/commit/7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216" }, { "reference_url": "https://github.com/Cacti/cacti/commit/a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9", "reference_id": "a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-05-13T17:39:57Z/" } ], "url": "https://github.com/Cacti/cacti/commit/a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9" }, { "reference_url": "https://github.com/Cacti/cacti/commit/b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52b", "reference_id": "b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52b", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-05-13T17:39:57Z/" } ], "url": "https://github.com/Cacti/cacti/commit/b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52b" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51166.py", "reference_id": "CVE-2022-46169", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51166.py" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf", "reference_id": "GHSA-6p93-p743-35gf", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-05-13T17:39:57Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf" }, { "reference_url": "https://security.gentoo.org/glsa/202412-02", "reference_id": "GLSA-202412-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-02" }, { "reference_url": "https://usn.ubuntu.com/7226-1/", "reference_id": "USN-7226-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7226-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2022-46169" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xbb2-av4z-m3dp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51599?format=api", "vulnerability_id": "VCID-xpvn-y3b8-skgb", "summary": "Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0730", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53573", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53595", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53624", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53593", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53644", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53642", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53691", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53674", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53657", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53695", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.537", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53682", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53645", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0730" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0730", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0730" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46169" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008693", "reference_id": "1008693", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008693" }, { "reference_url": "https://security.gentoo.org/glsa/202412-02", "reference_id": "GLSA-202412-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2022-0730" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xpvn-y3b8-skgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51608?format=api", "vulnerability_id": "VCID-ypan-57sx-vyam", "summary": "Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39361", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92278", "scoring_system": "epss", "scoring_elements": "0.99717", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.92278", "scoring_system": "epss", "scoring_elements": "0.99718", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.92278", "scoring_system": "epss", "scoring_elements": "0.99719", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.92278", "scoring_system": "epss", "scoring_elements": "0.9972", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.92278", "scoring_system": "epss", "scoring_elements": "0.99722", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.92278", "scoring_system": "epss", "scoring_elements": "0.99723", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516" }, { "reference_url": "https://security.gentoo.org/glsa/202412-02", "reference_id": "GLSA-202412-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-02" }, { "reference_url": "https://usn.ubuntu.com/6720-1/", "reference_id": "USN-6720-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6720-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586384?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y7d-ujep-4ydm" }, { "vulnerability": "VCID-44fx-4w2y-y3dy" }, { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-4twv-1yys-eban" }, { "vulnerability": "VCID-6t6n-ws5n-wkay" }, { "vulnerability": "VCID-6ze5-dqdn-ykg3" }, { "vulnerability": "VCID-7m68-seeq-tuae" }, { "vulnerability": "VCID-85gc-u991-z3dw" }, { "vulnerability": "VCID-be57-gxmc-vqd4" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-fhtp-y9a5-vqgj" }, { "vulnerability": "VCID-hj89-pnag-3fer" }, { "vulnerability": "VCID-jkca-shmj-mbbu" }, { "vulnerability": "VCID-k7kv-za2s-dud5" }, { "vulnerability": "VCID-khhn-9sja-sfgr" }, { "vulnerability": "VCID-mebp-4rfu-vqcq" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-qnz1-w7bb-97ee" }, { "vulnerability": "VCID-s8du-gzj2-gkc1" }, { "vulnerability": "VCID-sx2t-uzae-2fh9" }, { "vulnerability": "VCID-vbs9-gben-9kgc" }, { "vulnerability": "VCID-xdbp-7rtr-fyb7" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-y683-kz6e-afhv" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-39361" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ypan-57sx-vyam" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3" }