Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
Typedeb
Namespacedebian
Namecacti
Version1.2.24+ds1-1+deb12u5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.2.30+ds1-1
Latest_non_vulnerable_version1.2.30+ds1-1
Affected_by_vulnerabilities
0
url VCID-4e5y-1s19-r7g7
vulnerability_id VCID-4e5y-1s19-r7g7
summary Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are accepted, stored verbatim in the database, and later embedded into backend SNMP operations. In environments where downstream SNMP tooling or wrappers interpret newline-separated tokens as command boundaries, this can lead to unintended command execution with the privileges of the Cacti process. This vulnerability is fixed in 1.2.29.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66399
reference_id
reference_type
scores
0
value 0.00353
scoring_system epss
scoring_elements 0.57639
published_at 2026-04-02T12:55:00Z
1
value 0.00456
scoring_system epss
scoring_elements 0.63927
published_at 2026-04-24T12:55:00Z
2
value 0.00456
scoring_system epss
scoring_elements 0.63912
published_at 2026-04-21T12:55:00Z
3
value 0.00456
scoring_system epss
scoring_elements 0.63921
published_at 2026-04-18T12:55:00Z
4
value 0.00456
scoring_system epss
scoring_elements 0.63885
published_at 2026-04-04T12:55:00Z
5
value 0.00456
scoring_system epss
scoring_elements 0.63842
published_at 2026-04-07T12:55:00Z
6
value 0.00456
scoring_system epss
scoring_elements 0.63893
published_at 2026-04-08T12:55:00Z
7
value 0.00456
scoring_system epss
scoring_elements 0.6391
published_at 2026-04-09T12:55:00Z
8
value 0.00456
scoring_system epss
scoring_elements 0.63923
published_at 2026-04-11T12:55:00Z
9
value 0.00456
scoring_system epss
scoring_elements 0.63909
published_at 2026-04-12T12:55:00Z
10
value 0.00456
scoring_system epss
scoring_elements 0.63876
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66399
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66399
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66399
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-c7rr-2h93-7gjf
reference_id GHSA-c7rr-2h93-7gjf
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-02T18:25:47Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-c7rr-2h93-7gjf
fixed_packages
0
url pkg:deb/debian/cacti@1.2.30%2Bds1-1
purl pkg:deb/debian/cacti@1.2.30%2Bds1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1
aliases CVE-2025-66399
risk_score 3.4
exploitability 0.5
weighted_severity 6.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4e5y-1s19-r7g7
1
url VCID-pxqa-nkv3-jqfs
vulnerability_id VCID-pxqa-nkv3-jqfs
summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30534
reference_id
reference_type
scores
0
value 0.48534
scoring_system epss
scoring_elements 0.97733
published_at 2026-04-02T12:55:00Z
1
value 0.48534
scoring_system epss
scoring_elements 0.97735
published_at 2026-04-07T12:55:00Z
2
value 0.48534
scoring_system epss
scoring_elements 0.9774
published_at 2026-04-08T12:55:00Z
3
value 0.48534
scoring_system epss
scoring_elements 0.97744
published_at 2026-04-09T12:55:00Z
4
value 0.48534
scoring_system epss
scoring_elements 0.97746
published_at 2026-04-11T12:55:00Z
5
value 0.48534
scoring_system epss
scoring_elements 0.97749
published_at 2026-04-12T12:55:00Z
6
value 0.48534
scoring_system epss
scoring_elements 0.9775
published_at 2026-04-13T12:55:00Z
7
value 0.48534
scoring_system epss
scoring_elements 0.97756
published_at 2026-04-16T12:55:00Z
8
value 0.48534
scoring_system epss
scoring_elements 0.97759
published_at 2026-04-18T12:55:00Z
9
value 0.48534
scoring_system epss
scoring_elements 0.97758
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30534
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30534
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30534
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
reference_id CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
3
reference_url https://www.fastly.com/blog/cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25
reference_id cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/
url https://www.fastly.com/blog/cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p
reference_id GHSA-77rf-774j-6h3p
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p
5
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
reference_id WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
reference_id WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.30%2Bds1-1
purl pkg:deb/debian/cacti@1.2.30%2Bds1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1
aliases CVE-2023-30534
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pxqa-nkv3-jqfs
2
url VCID-xkkm-ss3p-1udc
vulnerability_id VCID-xkkm-ss3p-1udc
summary SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46490
reference_id
reference_type
scores
0
value 0.00207
scoring_system epss
scoring_elements 0.42994
published_at 2026-04-24T12:55:00Z
1
value 0.00207
scoring_system epss
scoring_elements 0.4306
published_at 2026-04-21T12:55:00Z
2
value 0.00207
scoring_system epss
scoring_elements 0.43071
published_at 2026-04-02T12:55:00Z
3
value 0.00207
scoring_system epss
scoring_elements 0.43098
published_at 2026-04-04T12:55:00Z
4
value 0.00207
scoring_system epss
scoring_elements 0.43037
published_at 2026-04-07T12:55:00Z
5
value 0.00207
scoring_system epss
scoring_elements 0.4309
published_at 2026-04-12T12:55:00Z
6
value 0.00207
scoring_system epss
scoring_elements 0.43102
published_at 2026-04-09T12:55:00Z
7
value 0.00207
scoring_system epss
scoring_elements 0.43124
published_at 2026-04-11T12:55:00Z
8
value 0.00207
scoring_system epss
scoring_elements 0.43075
published_at 2026-04-13T12:55:00Z
9
value 0.00207
scoring_system epss
scoring_elements 0.43135
published_at 2026-04-16T12:55:00Z
10
value 0.00207
scoring_system epss
scoring_elements 0.43125
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46490
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46490
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46490
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059286
reference_id 1059286
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059286
3
reference_url https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53
reference_id a95632111138fcd7ccf7432ccb145b53
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T14:48:55Z/
url https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c
reference_id GHSA-f4r3-53jr-654c
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T14:48:55Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c
fixed_packages
0
url pkg:deb/debian/cacti@1.2.30%2Bds1-1
purl pkg:deb/debian/cacti@1.2.30%2Bds1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1
aliases CVE-2023-46490
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xkkm-ss3p-1udc
Fixing_vulnerabilities
0
url VCID-3y7d-ujep-4ydm
vulnerability_id VCID-3y7d-ujep-4ydm
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34340
reference_id
reference_type
scores
0
value 0.00842
scoring_system epss
scoring_elements 0.7481
published_at 2026-04-24T12:55:00Z
1
value 0.00842
scoring_system epss
scoring_elements 0.74739
published_at 2026-04-13T12:55:00Z
2
value 0.00842
scoring_system epss
scoring_elements 0.74776
published_at 2026-04-16T12:55:00Z
3
value 0.00842
scoring_system epss
scoring_elements 0.74784
published_at 2026-04-18T12:55:00Z
4
value 0.00842
scoring_system epss
scoring_elements 0.74774
published_at 2026-04-21T12:55:00Z
5
value 0.00842
scoring_system epss
scoring_elements 0.74699
published_at 2026-04-02T12:55:00Z
6
value 0.00842
scoring_system epss
scoring_elements 0.74726
published_at 2026-04-04T12:55:00Z
7
value 0.00842
scoring_system epss
scoring_elements 0.747
published_at 2026-04-07T12:55:00Z
8
value 0.00842
scoring_system epss
scoring_elements 0.74732
published_at 2026-04-08T12:55:00Z
9
value 0.00842
scoring_system epss
scoring_elements 0.74747
published_at 2026-04-09T12:55:00Z
10
value 0.00842
scoring_system epss
scoring_elements 0.7477
published_at 2026-04-11T12:55:00Z
11
value 0.00842
scoring_system epss
scoring_elements 0.74749
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34340
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34340
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34340
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m
reference_id GHSA-37x7-mfjv-mm7m
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:13:47Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:13:47Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
4
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-34340
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3y7d-ujep-4ydm
1
url VCID-44fx-4w2y-y3dy
vulnerability_id VCID-44fx-4w2y-y3dy
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31458
reference_id
reference_type
scores
0
value 0.06015
scoring_system epss
scoring_elements 0.90739
published_at 2026-04-24T12:55:00Z
1
value 0.06015
scoring_system epss
scoring_elements 0.90711
published_at 2026-04-13T12:55:00Z
2
value 0.06015
scoring_system epss
scoring_elements 0.9073
published_at 2026-04-16T12:55:00Z
3
value 0.06015
scoring_system epss
scoring_elements 0.90728
published_at 2026-04-18T12:55:00Z
4
value 0.06015
scoring_system epss
scoring_elements 0.90726
published_at 2026-04-21T12:55:00Z
5
value 0.06015
scoring_system epss
scoring_elements 0.9067
published_at 2026-04-02T12:55:00Z
6
value 0.06015
scoring_system epss
scoring_elements 0.9068
published_at 2026-04-04T12:55:00Z
7
value 0.06015
scoring_system epss
scoring_elements 0.90689
published_at 2026-04-07T12:55:00Z
8
value 0.06015
scoring_system epss
scoring_elements 0.907
published_at 2026-04-08T12:55:00Z
9
value 0.06015
scoring_system epss
scoring_elements 0.90705
published_at 2026-04-09T12:55:00Z
10
value 0.06015
scoring_system epss
scoring_elements 0.90714
published_at 2026-04-11T12:55:00Z
11
value 0.06015
scoring_system epss
scoring_elements 0.90715
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31458
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31458
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31458
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x
reference_id GHSA-jrxg-8wh8-943x
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:19:29Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:19:29Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
4
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-31458
risk_score 2.0
exploitability 0.5
weighted_severity 4.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44fx-4w2y-y3dy
2
url VCID-4twv-1yys-eban
vulnerability_id VCID-4twv-1yys-eban
summary Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-22604
reference_id
reference_type
scores
0
value 0.72211
scoring_system epss
scoring_elements 0.98762
published_at 2026-04-24T12:55:00Z
1
value 0.72211
scoring_system epss
scoring_elements 0.98754
published_at 2026-04-13T12:55:00Z
2
value 0.72211
scoring_system epss
scoring_elements 0.98757
published_at 2026-04-18T12:55:00Z
3
value 0.72211
scoring_system epss
scoring_elements 0.98758
published_at 2026-04-21T12:55:00Z
4
value 0.72211
scoring_system epss
scoring_elements 0.98742
published_at 2026-04-02T12:55:00Z
5
value 0.72211
scoring_system epss
scoring_elements 0.98746
published_at 2026-04-04T12:55:00Z
6
value 0.72211
scoring_system epss
scoring_elements 0.98749
published_at 2026-04-07T12:55:00Z
7
value 0.72211
scoring_system epss
scoring_elements 0.9875
published_at 2026-04-09T12:55:00Z
8
value 0.72211
scoring_system epss
scoring_elements 0.98753
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-22604
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id 1094574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
3
reference_url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_id c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/
url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36
reference_id GHSA-c5j8-jxj3-hh36
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2025-22604
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4twv-1yys-eban
3
url VCID-6t6n-ws5n-wkay
vulnerability_id VCID-6t6n-ws5n-wkay
summary Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31443
reference_id
reference_type
scores
0
value 0.00493
scoring_system epss
scoring_elements 0.65756
published_at 2026-04-24T12:55:00Z
1
value 0.00493
scoring_system epss
scoring_elements 0.65731
published_at 2026-04-09T12:55:00Z
2
value 0.00493
scoring_system epss
scoring_elements 0.65752
published_at 2026-04-11T12:55:00Z
3
value 0.00493
scoring_system epss
scoring_elements 0.65737
published_at 2026-04-12T12:55:00Z
4
value 0.00493
scoring_system epss
scoring_elements 0.65708
published_at 2026-04-13T12:55:00Z
5
value 0.00493
scoring_system epss
scoring_elements 0.65743
published_at 2026-04-21T12:55:00Z
6
value 0.00493
scoring_system epss
scoring_elements 0.65757
published_at 2026-04-18T12:55:00Z
7
value 0.00493
scoring_system epss
scoring_elements 0.65672
published_at 2026-04-02T12:55:00Z
8
value 0.00493
scoring_system epss
scoring_elements 0.65702
published_at 2026-04-04T12:55:00Z
9
value 0.00493
scoring_system epss
scoring_elements 0.65667
published_at 2026-04-07T12:55:00Z
10
value 0.00493
scoring_system epss
scoring_elements 0.65719
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31443
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31443
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31443
2
reference_url https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf
reference_id f946fa537d19678f938ddbd784a10e3290d275cf
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/
url https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf
3
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3
reference_id GHSA-rqc8-78cm-85j3
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
5
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-31443
risk_score 2.5
exploitability 0.5
weighted_severity 5.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6t6n-ws5n-wkay
4
url VCID-6ze5-dqdn-ykg3
vulnerability_id VCID-6ze5-dqdn-ykg3
summary Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45598
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.19758
published_at 2026-04-02T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.1981
published_at 2026-04-04T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19532
published_at 2026-04-07T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.19611
published_at 2026-04-08T12:55:00Z
4
value 0.00063
scoring_system epss
scoring_elements 0.19664
published_at 2026-04-09T12:55:00Z
5
value 0.00063
scoring_system epss
scoring_elements 0.19668
published_at 2026-04-11T12:55:00Z
6
value 0.00087
scoring_system epss
scoring_elements 0.24993
published_at 2026-04-12T12:55:00Z
7
value 0.00087
scoring_system epss
scoring_elements 0.24939
published_at 2026-04-13T12:55:00Z
8
value 0.00087
scoring_system epss
scoring_elements 0.24951
published_at 2026-04-16T12:55:00Z
9
value 0.00087
scoring_system epss
scoring_elements 0.24944
published_at 2026-04-18T12:55:00Z
10
value 0.00087
scoring_system epss
scoring_elements 0.24917
published_at 2026-04-21T12:55:00Z
11
value 0.00087
scoring_system epss
scoring_elements 0.2486
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45598
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id 1094574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-45598
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ze5-dqdn-ykg3
5
url VCID-7m68-seeq-tuae
vulnerability_id VCID-7m68-seeq-tuae
summary Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-24368
reference_id
reference_type
scores
0
value 0.00069
scoring_system epss
scoring_elements 0.2139
published_at 2026-04-04T12:55:00Z
1
value 0.00069
scoring_system epss
scoring_elements 0.21335
published_at 2026-04-02T12:55:00Z
2
value 0.00112
scoring_system epss
scoring_elements 0.29418
published_at 2026-04-24T12:55:00Z
3
value 0.00112
scoring_system epss
scoring_elements 0.29636
published_at 2026-04-12T12:55:00Z
4
value 0.00112
scoring_system epss
scoring_elements 0.29586
published_at 2026-04-13T12:55:00Z
5
value 0.00112
scoring_system epss
scoring_elements 0.29605
published_at 2026-04-16T12:55:00Z
6
value 0.00112
scoring_system epss
scoring_elements 0.29579
published_at 2026-04-18T12:55:00Z
7
value 0.00112
scoring_system epss
scoring_elements 0.29534
published_at 2026-04-21T12:55:00Z
8
value 0.00112
scoring_system epss
scoring_elements 0.2964
published_at 2026-04-08T12:55:00Z
9
value 0.00112
scoring_system epss
scoring_elements 0.29678
published_at 2026-04-09T12:55:00Z
10
value 0.00112
scoring_system epss
scoring_elements 0.2968
published_at 2026-04-11T12:55:00Z
11
value 0.00146
scoring_system epss
scoring_elements 0.34947
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-24368
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id 1094574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
3
reference_url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_id c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/
url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c
reference_id GHSA-f9c7-7rc3-574c
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2025-24368
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7m68-seeq-tuae
6
url VCID-85gc-u991-z3dw
vulnerability_id VCID-85gc-u991-z3dw
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25641
reference_id
reference_type
scores
0
value 0.88383
scoring_system epss
scoring_elements 0.99503
published_at 2026-04-24T12:55:00Z
1
value 0.88383
scoring_system epss
scoring_elements 0.99491
published_at 2026-04-02T12:55:00Z
2
value 0.88383
scoring_system epss
scoring_elements 0.99493
published_at 2026-04-04T12:55:00Z
3
value 0.88383
scoring_system epss
scoring_elements 0.99495
published_at 2026-04-07T12:55:00Z
4
value 0.88383
scoring_system epss
scoring_elements 0.99496
published_at 2026-04-08T12:55:00Z
5
value 0.88383
scoring_system epss
scoring_elements 0.99497
published_at 2026-04-09T12:55:00Z
6
value 0.88383
scoring_system epss
scoring_elements 0.99498
published_at 2026-04-13T12:55:00Z
7
value 0.88383
scoring_system epss
scoring_elements 0.99501
published_at 2026-04-16T12:55:00Z
8
value 0.88383
scoring_system epss
scoring_elements 0.99502
published_at 2026-04-18T12:55:00Z
9
value 0.88501
scoring_system epss
scoring_elements 0.99506
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25641
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25641
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25641
2
reference_url http://seclists.org/fulldisclosure/2024/May/6
reference_id 6
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/
url http://seclists.org/fulldisclosure/2024/May/6
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52225.txt
reference_id CVE-2024-25641
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52225.txt
4
reference_url https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210
reference_id eff35b0ff26cc27c82d7880469ed6d5e3bef6210
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/
url https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210
5
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88
reference_id GHSA-7cmj-g5qc-pj88
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
7
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-25641
risk_score 10.0
exploitability 2.0
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-85gc-u991-z3dw
7
url VCID-be57-gxmc-vqd4
vulnerability_id VCID-be57-gxmc-vqd4
summary Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43362
reference_id
reference_type
scores
0
value 0.05453
scoring_system epss
scoring_elements 0.90214
published_at 2026-04-24T12:55:00Z
1
value 0.05453
scoring_system epss
scoring_elements 0.90203
published_at 2026-04-16T12:55:00Z
2
value 0.05453
scoring_system epss
scoring_elements 0.90204
published_at 2026-04-18T12:55:00Z
3
value 0.05453
scoring_system epss
scoring_elements 0.902
published_at 2026-04-21T12:55:00Z
4
value 0.05453
scoring_system epss
scoring_elements 0.90156
published_at 2026-04-04T12:55:00Z
5
value 0.05453
scoring_system epss
scoring_elements 0.90162
published_at 2026-04-07T12:55:00Z
6
value 0.05453
scoring_system epss
scoring_elements 0.90177
published_at 2026-04-08T12:55:00Z
7
value 0.05453
scoring_system epss
scoring_elements 0.90183
published_at 2026-04-09T12:55:00Z
8
value 0.05453
scoring_system epss
scoring_elements 0.90192
published_at 2026-04-11T12:55:00Z
9
value 0.05453
scoring_system epss
scoring_elements 0.90191
published_at 2026-04-12T12:55:00Z
10
value 0.05453
scoring_system epss
scoring_elements 0.90185
published_at 2026-04-13T12:55:00Z
11
value 0.07763
scoring_system epss
scoring_elements 0.91918
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43362
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c
reference_id GHSA-wh9c-v56x-v77c
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:07:47Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-43362
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-be57-gxmc-vqd4
8
url VCID-cqr3-wwhj-tyck
vulnerability_id VCID-cqr3-wwhj-tyck
summary In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-48538
reference_id
reference_type
scores
0
value 0.00068
scoring_system epss
scoring_elements 0.20847
published_at 2026-04-24T12:55:00Z
1
value 0.00068
scoring_system epss
scoring_elements 0.20976
published_at 2026-04-21T12:55:00Z
2
value 0.00068
scoring_system epss
scoring_elements 0.21177
published_at 2026-04-02T12:55:00Z
3
value 0.00068
scoring_system epss
scoring_elements 0.21232
published_at 2026-04-04T12:55:00Z
4
value 0.00068
scoring_system epss
scoring_elements 0.20945
published_at 2026-04-07T12:55:00Z
5
value 0.00068
scoring_system epss
scoring_elements 0.21026
published_at 2026-04-08T12:55:00Z
6
value 0.00068
scoring_system epss
scoring_elements 0.21085
published_at 2026-04-09T12:55:00Z
7
value 0.00068
scoring_system epss
scoring_elements 0.21103
published_at 2026-04-11T12:55:00Z
8
value 0.00068
scoring_system epss
scoring_elements 0.21059
published_at 2026-04-12T12:55:00Z
9
value 0.00068
scoring_system epss
scoring_elements 0.21007
published_at 2026-04-13T12:55:00Z
10
value 0.00068
scoring_system epss
scoring_elements 0.20997
published_at 2026-04-16T12:55:00Z
11
value 0.00068
scoring_system epss
scoring_elements 0.20996
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-48538
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48538
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48538
2
reference_url https://github.com/Cacti/cacti/issues/5189
reference_id 5189
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:17:25Z/
url https://github.com/Cacti/cacti/issues/5189
3
reference_url https://docs.cacti.net/Settings-Auth-LDAP.md
reference_id Settings-Auth-LDAP.md
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:17:25Z/
url https://docs.cacti.net/Settings-Auth-LDAP.md
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2022-48538
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cqr3-wwhj-tyck
9
url VCID-fhtp-y9a5-vqgj
vulnerability_id VCID-fhtp-y9a5-vqgj
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31445
reference_id
reference_type
scores
0
value 0.39471
scoring_system epss
scoring_elements 0.9731
published_at 2026-04-24T12:55:00Z
1
value 0.39471
scoring_system epss
scoring_elements 0.9728
published_at 2026-04-02T12:55:00Z
2
value 0.39471
scoring_system epss
scoring_elements 0.97285
published_at 2026-04-04T12:55:00Z
3
value 0.39471
scoring_system epss
scoring_elements 0.97286
published_at 2026-04-07T12:55:00Z
4
value 0.39471
scoring_system epss
scoring_elements 0.97293
published_at 2026-04-09T12:55:00Z
5
value 0.39471
scoring_system epss
scoring_elements 0.97296
published_at 2026-04-11T12:55:00Z
6
value 0.39471
scoring_system epss
scoring_elements 0.97297
published_at 2026-04-12T12:55:00Z
7
value 0.39471
scoring_system epss
scoring_elements 0.97298
published_at 2026-04-13T12:55:00Z
8
value 0.39471
scoring_system epss
scoring_elements 0.97306
published_at 2026-04-16T12:55:00Z
9
value 0.39471
scoring_system epss
scoring_elements 0.97308
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31445
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31445
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31445
2
reference_url https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717
reference_id api_automation.php#L717
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/
url https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717
3
reference_url https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856
reference_id api_automation.php#L856
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/
url https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856
4
reference_url https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886
reference_id fd93c6e47651958b77c3bbe6a01fff695f81e886
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/
url https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886
5
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc
reference_id GHSA-vjph-r677-6pcc
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
7
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-31445
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fhtp-y9a5-vqgj
10
url VCID-hj89-pnag-3fer
vulnerability_id VCID-hj89-pnag-3fer
summary Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43363
reference_id
reference_type
scores
0
value 0.75133
scoring_system epss
scoring_elements 0.98888
published_at 2026-04-24T12:55:00Z
1
value 0.75133
scoring_system epss
scoring_elements 0.98879
published_at 2026-04-18T12:55:00Z
2
value 0.75133
scoring_system epss
scoring_elements 0.98883
published_at 2026-04-21T12:55:00Z
3
value 0.75133
scoring_system epss
scoring_elements 0.98868
published_at 2026-04-02T12:55:00Z
4
value 0.75133
scoring_system epss
scoring_elements 0.98869
published_at 2026-04-04T12:55:00Z
5
value 0.75133
scoring_system epss
scoring_elements 0.98872
published_at 2026-04-09T12:55:00Z
6
value 0.75133
scoring_system epss
scoring_elements 0.98873
published_at 2026-04-08T12:55:00Z
7
value 0.75133
scoring_system epss
scoring_elements 0.98875
published_at 2026-04-11T12:55:00Z
8
value 0.75133
scoring_system epss
scoring_elements 0.98876
published_at 2026-04-13T12:55:00Z
9
value 0.75133
scoring_system epss
scoring_elements 0.98878
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43363
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4
reference_id GHSA-gxq4-mv8h-6qj4
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-08T14:21:20Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-43363
risk_score 3.2
exploitability 0.5
weighted_severity 6.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hj89-pnag-3fer
11
url VCID-jkca-shmj-mbbu
vulnerability_id VCID-jkca-shmj-mbbu
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31459
reference_id
reference_type
scores
0
value 0.01844
scoring_system epss
scoring_elements 0.83034
published_at 2026-04-24T12:55:00Z
1
value 0.01844
scoring_system epss
scoring_elements 0.82955
published_at 2026-04-08T12:55:00Z
2
value 0.01844
scoring_system epss
scoring_elements 0.82962
published_at 2026-04-09T12:55:00Z
3
value 0.01844
scoring_system epss
scoring_elements 0.82977
published_at 2026-04-11T12:55:00Z
4
value 0.01844
scoring_system epss
scoring_elements 0.82972
published_at 2026-04-12T12:55:00Z
5
value 0.01844
scoring_system epss
scoring_elements 0.82968
published_at 2026-04-13T12:55:00Z
6
value 0.01844
scoring_system epss
scoring_elements 0.83007
published_at 2026-04-16T12:55:00Z
7
value 0.01844
scoring_system epss
scoring_elements 0.83006
published_at 2026-04-18T12:55:00Z
8
value 0.01844
scoring_system epss
scoring_elements 0.8301
published_at 2026-04-21T12:55:00Z
9
value 0.01844
scoring_system epss
scoring_elements 0.82921
published_at 2026-04-02T12:55:00Z
10
value 0.01844
scoring_system epss
scoring_elements 0.82933
published_at 2026-04-04T12:55:00Z
11
value 0.01844
scoring_system epss
scoring_elements 0.8293
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31459
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31459
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
reference_id GHSA-cx8g-hvq8-p2rv
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
3
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r
reference_id GHSA-gj3f-p326-gh8r
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
reference_id GHSA-pfh9-gwm6-86vp
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
6
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-31459
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jkca-shmj-mbbu
12
url VCID-k7kv-za2s-dud5
vulnerability_id VCID-k7kv-za2s-dud5
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31460
reference_id
reference_type
scores
0
value 0.01692
scoring_system epss
scoring_elements 0.82306
published_at 2026-04-24T12:55:00Z
1
value 0.01692
scoring_system epss
scoring_elements 0.82241
published_at 2026-04-09T12:55:00Z
2
value 0.01692
scoring_system epss
scoring_elements 0.8226
published_at 2026-04-11T12:55:00Z
3
value 0.01692
scoring_system epss
scoring_elements 0.82253
published_at 2026-04-12T12:55:00Z
4
value 0.01692
scoring_system epss
scoring_elements 0.82247
published_at 2026-04-13T12:55:00Z
5
value 0.01692
scoring_system epss
scoring_elements 0.82284
published_at 2026-04-18T12:55:00Z
6
value 0.01692
scoring_system epss
scoring_elements 0.82285
published_at 2026-04-21T12:55:00Z
7
value 0.01692
scoring_system epss
scoring_elements 0.82191
published_at 2026-04-02T12:55:00Z
8
value 0.01692
scoring_system epss
scoring_elements 0.82211
published_at 2026-04-04T12:55:00Z
9
value 0.01692
scoring_system epss
scoring_elements 0.82207
published_at 2026-04-07T12:55:00Z
10
value 0.01692
scoring_system epss
scoring_elements 0.82234
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31460
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31460
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
reference_id GHSA-cx8g-hvq8-p2rv
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
3
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r
reference_id GHSA-gj3f-p326-gh8r
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
5
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-31460
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k7kv-za2s-dud5
13
url VCID-khhn-9sja-sfgr
vulnerability_id VCID-khhn-9sja-sfgr
summary Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-24367
reference_id
reference_type
scores
0
value 0.90486
scoring_system epss
scoring_elements 0.99612
published_at 2026-04-24T12:55:00Z
1
value 0.90486
scoring_system epss
scoring_elements 0.99609
published_at 2026-04-13T12:55:00Z
2
value 0.90486
scoring_system epss
scoring_elements 0.9961
published_at 2026-04-18T12:55:00Z
3
value 0.90486
scoring_system epss
scoring_elements 0.99611
published_at 2026-04-21T12:55:00Z
4
value 0.90486
scoring_system epss
scoring_elements 0.99606
published_at 2026-04-04T12:55:00Z
5
value 0.90486
scoring_system epss
scoring_elements 0.99608
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-24367
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id 1094574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
3
reference_url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_id c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/
url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq
reference_id GHSA-fxrq-fr7h-9rqq
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2025-24367
risk_score 10.0
exploitability 2.0
weighted_severity 7.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khhn-9sja-sfgr
14
url VCID-mebp-4rfu-vqcq
vulnerability_id VCID-mebp-4rfu-vqcq
summary 
DOMpurify has a nesting-based mXSS
DOMpurify was vulnerable to nesting-based mXSS 

fixed by [0ef5e537](https://github.com/cure53/DOMPurify/tree/0ef5e537a514f904b6aa1d7ad9e749e365d7185f) (2.x) and
[merge 943](https://github.com/cure53/DOMPurify/pull/943)

Backporter should be aware of GHSA-mmhx-hmjr-r674 (CVE-2024-45801) when cherry-picking

POC is avaible under [test](https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47875.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47875.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47875
reference_id
reference_type
scores
0
value 0.00699
scoring_system epss
scoring_elements 0.71939
published_at 2026-04-02T12:55:00Z
1
value 0.00699
scoring_system epss
scoring_elements 0.72019
published_at 2026-04-16T12:55:00Z
2
value 0.00699
scoring_system epss
scoring_elements 0.71978
published_at 2026-04-13T12:55:00Z
3
value 0.00699
scoring_system epss
scoring_elements 0.71993
published_at 2026-04-12T12:55:00Z
4
value 0.00699
scoring_system epss
scoring_elements 0.7201
published_at 2026-04-11T12:55:00Z
5
value 0.00699
scoring_system epss
scoring_elements 0.71986
published_at 2026-04-09T12:55:00Z
6
value 0.00699
scoring_system epss
scoring_elements 0.71974
published_at 2026-04-08T12:55:00Z
7
value 0.00699
scoring_system epss
scoring_elements 0.71935
published_at 2026-04-07T12:55:00Z
8
value 0.00699
scoring_system epss
scoring_elements 0.71959
published_at 2026-04-04T12:55:00Z
9
value 0.00699
scoring_system epss
scoring_elements 0.72026
published_at 2026-04-18T12:55:00Z
10
value 0.00719
scoring_system epss
scoring_elements 0.72529
published_at 2026-04-24T12:55:00Z
11
value 0.00719
scoring_system epss
scoring_elements 0.72486
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47875
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875
3
reference_url http://seclists.org/fulldisclosure/2025/Apr/14
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2025/Apr/14
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/cure53/DOMPurify
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/cure53/DOMPurify
6
reference_url https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
2
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/
url https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098
7
reference_url https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
2
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/
url https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f
8
reference_url https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
2
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/
url https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a
9
reference_url https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/
url https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf
10
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47875
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47875
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983
reference_id 1084983
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2318052
reference_id 2318052
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2318052
14
reference_url https://github.com/advisories/GHSA-gx9m-whjm-85jf
reference_id GHSA-gx9m-whjm-85jf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gx9m-whjm-85jf
15
reference_url https://access.redhat.com/errata/RHSA-2024:10236
reference_id RHSA-2024:10236
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10236
16
reference_url https://access.redhat.com/errata/RHSA-2024:10988
reference_id RHSA-2024:10988
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10988
17
reference_url https://access.redhat.com/errata/RHSA-2024:8683
reference_id RHSA-2024:8683
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8683
18
reference_url https://access.redhat.com/errata/RHSA-2024:8981
reference_id RHSA-2024:8981
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8981
19
reference_url https://access.redhat.com/errata/RHSA-2024:9473
reference_id RHSA-2024:9473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9473
20
reference_url https://access.redhat.com/errata/RHSA-2024:9629
reference_id RHSA-2024:9629
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9629
21
reference_url https://access.redhat.com/errata/RHSA-2025:0329
reference_id RHSA-2025:0329
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0329
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-47875, GHSA-gx9m-whjm-85jf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mebp-4rfu-vqcq
15
url VCID-qnz1-w7bb-97ee
vulnerability_id VCID-qnz1-w7bb-97ee
summary Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41444
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.51846
published_at 2026-04-24T12:55:00Z
1
value 0.00285
scoring_system epss
scoring_elements 0.51812
published_at 2026-04-02T12:55:00Z
2
value 0.00285
scoring_system epss
scoring_elements 0.51838
published_at 2026-04-04T12:55:00Z
3
value 0.00285
scoring_system epss
scoring_elements 0.51799
published_at 2026-04-07T12:55:00Z
4
value 0.00285
scoring_system epss
scoring_elements 0.51854
published_at 2026-04-08T12:55:00Z
5
value 0.00285
scoring_system epss
scoring_elements 0.51851
published_at 2026-04-09T12:55:00Z
6
value 0.00285
scoring_system epss
scoring_elements 0.51903
published_at 2026-04-11T12:55:00Z
7
value 0.00285
scoring_system epss
scoring_elements 0.51885
published_at 2026-04-12T12:55:00Z
8
value 0.00285
scoring_system epss
scoring_elements 0.5187
published_at 2026-04-13T12:55:00Z
9
value 0.00285
scoring_system epss
scoring_elements 0.51912
published_at 2026-04-16T12:55:00Z
10
value 0.00285
scoring_system epss
scoring_elements 0.51919
published_at 2026-04-18T12:55:00Z
11
value 0.00285
scoring_system epss
scoring_elements 0.51899
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41444
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41444
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41444
2
reference_url https://gist.github.com/enferas/9079535112e4f4ff2c1d2ce1c099d4c2
reference_id 9079535112e4f4ff2c1d2ce1c099d4c2
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:41:35Z/
url https://gist.github.com/enferas/9079535112e4f4ff2c1d2ce1c099d4c2
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2022-41444
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qnz1-w7bb-97ee
16
url VCID-s8du-gzj2-gkc1
vulnerability_id VCID-s8du-gzj2-gkc1
summary Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43364
reference_id
reference_type
scores
0
value 0.05293
scoring_system epss
scoring_elements 0.90048
published_at 2026-04-24T12:55:00Z
1
value 0.05293
scoring_system epss
scoring_elements 0.90032
published_at 2026-04-16T12:55:00Z
2
value 0.05293
scoring_system epss
scoring_elements 0.90033
published_at 2026-04-18T12:55:00Z
3
value 0.05293
scoring_system epss
scoring_elements 0.9003
published_at 2026-04-21T12:55:00Z
4
value 0.05293
scoring_system epss
scoring_elements 0.89988
published_at 2026-04-04T12:55:00Z
5
value 0.05293
scoring_system epss
scoring_elements 0.89993
published_at 2026-04-07T12:55:00Z
6
value 0.05293
scoring_system epss
scoring_elements 0.90009
published_at 2026-04-08T12:55:00Z
7
value 0.05293
scoring_system epss
scoring_elements 0.90014
published_at 2026-04-09T12:55:00Z
8
value 0.05293
scoring_system epss
scoring_elements 0.90024
published_at 2026-04-11T12:55:00Z
9
value 0.05293
scoring_system epss
scoring_elements 0.90022
published_at 2026-04-12T12:55:00Z
10
value 0.05293
scoring_system epss
scoring_elements 0.90016
published_at 2026-04-13T12:55:00Z
11
value 0.07542
scoring_system epss
scoring_elements 0.91788
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43364
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5
reference_id GHSA-fgc6-g8gc-wcg5
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:27Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-43364
risk_score 2.5
exploitability 0.5
weighted_severity 5.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s8du-gzj2-gkc1
17
url VCID-sx2t-uzae-2fh9
vulnerability_id VCID-sx2t-uzae-2fh9
summary Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-54145
reference_id
reference_type
scores
0
value 0.00084
scoring_system epss
scoring_elements 0.24603
published_at 2026-04-02T12:55:00Z
1
value 0.00084
scoring_system epss
scoring_elements 0.24415
published_at 2026-04-07T12:55:00Z
2
value 0.00084
scoring_system epss
scoring_elements 0.2464
published_at 2026-04-04T12:55:00Z
3
value 0.0018
scoring_system epss
scoring_elements 0.39346
published_at 2026-04-24T12:55:00Z
4
value 0.0018
scoring_system epss
scoring_elements 0.39587
published_at 2026-04-13T12:55:00Z
5
value 0.0018
scoring_system epss
scoring_elements 0.39638
published_at 2026-04-16T12:55:00Z
6
value 0.0018
scoring_system epss
scoring_elements 0.39609
published_at 2026-04-18T12:55:00Z
7
value 0.0018
scoring_system epss
scoring_elements 0.39525
published_at 2026-04-21T12:55:00Z
8
value 0.0018
scoring_system epss
scoring_elements 0.39616
published_at 2026-04-08T12:55:00Z
9
value 0.0018
scoring_system epss
scoring_elements 0.39631
published_at 2026-04-09T12:55:00Z
10
value 0.0018
scoring_system epss
scoring_elements 0.3964
published_at 2026-04-11T12:55:00Z
11
value 0.0018
scoring_system epss
scoring_elements 0.39604
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-54145
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id 1094574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
3
reference_url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_id c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/
url https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp
reference_id GHSA-fh3x-69rr-qqpp
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-54145
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sx2t-uzae-2fh9
18
url VCID-vbs9-gben-9kgc
vulnerability_id VCID-vbs9-gben-9kgc
summary 
DOMPurify vulnerable to tampering by prototype polution
dompurify was vulnerable to prototype pollution

Fixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48910.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48910.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-48910
reference_id
reference_type
scores
0
value 0.02592
scoring_system epss
scoring_elements 0.85636
published_at 2026-04-24T12:55:00Z
1
value 0.02592
scoring_system epss
scoring_elements 0.85615
published_at 2026-04-21T12:55:00Z
2
value 0.02592
scoring_system epss
scoring_elements 0.85619
published_at 2026-04-18T12:55:00Z
3
value 0.02592
scoring_system epss
scoring_elements 0.85613
published_at 2026-04-16T12:55:00Z
4
value 0.02592
scoring_system epss
scoring_elements 0.8559
published_at 2026-04-13T12:55:00Z
5
value 0.02592
scoring_system epss
scoring_elements 0.85553
published_at 2026-04-07T12:55:00Z
6
value 0.02592
scoring_system epss
scoring_elements 0.85547
published_at 2026-04-04T12:55:00Z
7
value 0.02592
scoring_system epss
scoring_elements 0.85573
published_at 2026-04-08T12:55:00Z
8
value 0.02592
scoring_system epss
scoring_elements 0.85594
published_at 2026-04-12T12:55:00Z
9
value 0.02592
scoring_system epss
scoring_elements 0.85597
published_at 2026-04-11T12:55:00Z
10
value 0.02592
scoring_system epss
scoring_elements 0.85583
published_at 2026-04-09T12:55:00Z
11
value 0.02808
scoring_system epss
scoring_elements 0.86074
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-48910
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48910
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48910
3
reference_url https://github.com/cure53/DOMPurify
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/cure53/DOMPurify
4
reference_url https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-31T15:52:58Z/
url https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc
5
reference_url https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-31T15:52:58Z/
url https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr
6
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-48910
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-48910
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2322949
reference_id 2322949
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2322949
9
reference_url https://github.com/advisories/GHSA-p3vf-v8qc-cwcr
reference_id GHSA-p3vf-v8qc-cwcr
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p3vf-v8qc-cwcr
10
reference_url https://access.redhat.com/errata/RHSA-2024:10186
reference_id RHSA-2024:10186
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10186
11
reference_url https://access.redhat.com/errata/RHSA-2024:9583
reference_id RHSA-2024:9583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9583
12
reference_url https://access.redhat.com/errata/RHSA-2025:0079
reference_id RHSA-2025:0079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0079
13
reference_url https://access.redhat.com/errata/RHSA-2025:0082
reference_id RHSA-2025:0082
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0082
14
reference_url https://access.redhat.com/errata/RHSA-2025:0654
reference_id RHSA-2025:0654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0654
15
reference_url https://access.redhat.com/errata/RHSA-2025:0875
reference_id RHSA-2025:0875
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0875
16
reference_url https://access.redhat.com/errata/RHSA-2025:18233
reference_id RHSA-2025:18233
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18233
17
reference_url https://access.redhat.com/errata/RHSA-2025:19003
reference_id RHSA-2025:19003
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19003
18
reference_url https://access.redhat.com/errata/RHSA-2025:19017
reference_id RHSA-2025:19017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19017
19
reference_url https://access.redhat.com/errata/RHSA-2025:19047
reference_id RHSA-2025:19047
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19047
20
reference_url https://access.redhat.com/errata/RHSA-2025:19306
reference_id RHSA-2025:19306
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19306
21
reference_url https://access.redhat.com/errata/RHSA-2025:19314
reference_id RHSA-2025:19314
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19314
22
reference_url https://access.redhat.com/errata/RHSA-2025:19895
reference_id RHSA-2025:19895
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19895
23
reference_url https://access.redhat.com/errata/RHSA-2025:22284
reference_id RHSA-2025:22284
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22284
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-48910, GHSA-p3vf-v8qc-cwcr
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vbs9-gben-9kgc
19
url VCID-xdbp-7rtr-fyb7
vulnerability_id VCID-xdbp-7rtr-fyb7
summary Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43365
reference_id
reference_type
scores
0
value 0.05293
scoring_system epss
scoring_elements 0.90048
published_at 2026-04-24T12:55:00Z
1
value 0.05293
scoring_system epss
scoring_elements 0.90033
published_at 2026-04-18T12:55:00Z
2
value 0.05293
scoring_system epss
scoring_elements 0.9003
published_at 2026-04-21T12:55:00Z
3
value 0.05293
scoring_system epss
scoring_elements 0.89975
published_at 2026-04-02T12:55:00Z
4
value 0.05293
scoring_system epss
scoring_elements 0.89988
published_at 2026-04-04T12:55:00Z
5
value 0.05293
scoring_system epss
scoring_elements 0.89993
published_at 2026-04-07T12:55:00Z
6
value 0.05293
scoring_system epss
scoring_elements 0.90009
published_at 2026-04-08T12:55:00Z
7
value 0.05293
scoring_system epss
scoring_elements 0.90014
published_at 2026-04-09T12:55:00Z
8
value 0.05293
scoring_system epss
scoring_elements 0.90024
published_at 2026-04-11T12:55:00Z
9
value 0.05293
scoring_system epss
scoring_elements 0.90022
published_at 2026-04-12T12:55:00Z
10
value 0.05293
scoring_system epss
scoring_elements 0.90016
published_at 2026-04-13T12:55:00Z
11
value 0.05293
scoring_system epss
scoring_elements 0.90032
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43365
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr
reference_id GHSA-49f2-hwx9-qffr
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:21Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-43365
risk_score 2.5
exploitability 0.5
weighted_severity 5.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xdbp-7rtr-fyb7
20
url VCID-y683-kz6e-afhv
vulnerability_id VCID-y683-kz6e-afhv
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31444
reference_id
reference_type
scores
0
value 0.09401
scoring_system epss
scoring_elements 0.92809
published_at 2026-04-24T12:55:00Z
1
value 0.09401
scoring_system epss
scoring_elements 0.92788
published_at 2026-04-11T12:55:00Z
2
value 0.09401
scoring_system epss
scoring_elements 0.92787
published_at 2026-04-13T12:55:00Z
3
value 0.09401
scoring_system epss
scoring_elements 0.92798
published_at 2026-04-18T12:55:00Z
4
value 0.09401
scoring_system epss
scoring_elements 0.92802
published_at 2026-04-21T12:55:00Z
5
value 0.09401
scoring_system epss
scoring_elements 0.92767
published_at 2026-04-02T12:55:00Z
6
value 0.09401
scoring_system epss
scoring_elements 0.92772
published_at 2026-04-04T12:55:00Z
7
value 0.09401
scoring_system epss
scoring_elements 0.92769
published_at 2026-04-07T12:55:00Z
8
value 0.09401
scoring_system epss
scoring_elements 0.92778
published_at 2026-04-08T12:55:00Z
9
value 0.09401
scoring_system epss
scoring_elements 0.92783
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31444
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31444
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31444
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87
reference_id GHSA-p4ch-7hjw-6m87
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:22:10Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:22:10Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
4
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2024-31444
risk_score 2.0
exploitability 0.5
weighted_severity 4.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y683-kz6e-afhv
21
url VCID-zxu5-equ9-1kam
vulnerability_id VCID-zxu5-equ9-1kam
summary A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper sanitization. As a result, attackers can inject arbitrary HTML elements (e.g., <h1>, <b>, <svg>) into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-45160
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01733
published_at 2026-04-04T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01724
published_at 2026-04-02T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02697
published_at 2026-04-24T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02606
published_at 2026-04-13T12:55:00Z
4
value 0.00014
scoring_system epss
scoring_elements 0.02589
published_at 2026-04-16T12:55:00Z
5
value 0.00014
scoring_system epss
scoring_elements 0.02597
published_at 2026-04-18T12:55:00Z
6
value 0.00014
scoring_system epss
scoring_elements 0.02706
published_at 2026-04-21T12:55:00Z
7
value 0.00014
scoring_system epss
scoring_elements 0.02617
published_at 2026-04-07T12:55:00Z
8
value 0.00014
scoring_system epss
scoring_elements 0.02621
published_at 2026-04-08T12:55:00Z
9
value 0.00014
scoring_system epss
scoring_elements 0.02641
published_at 2026-04-09T12:55:00Z
10
value 0.00014
scoring_system epss
scoring_elements 0.0262
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-45160
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-45160
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-45160
2
reference_url https://gist.github.com/BEND0US/49d76897a5bb676d8c3f51425553cc32
reference_id 49d76897a5bb676d8c3f51425553cc32
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T17:51:08Z/
url https://gist.github.com/BEND0US/49d76897a5bb676d8c3f51425553cc32
3
reference_url https://github.com/Cacti/cacti
reference_id cacti
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T17:51:08Z/
url https://github.com/Cacti/cacti
fixed_packages
0
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5
aliases CVE-2025-45160
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxu5-equ9-1kam
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5