{"url":"http://public2.vulnerablecode.io/api/packages/133926?format=json","purl":"pkg:apk/alpine/cacti@1.2.29-r0?arch=x86&distroversion=v3.24&reponame=community","type":"apk","namespace":"alpine","name":"cacti","version":"1.2.29-r0","qualifiers":{"arch":"x86","distroversion":"v3.24","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55948?format=json","vulnerability_id":"VCID-4zew-m18s-fubf","summary":"Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page. Version 1.2.27 contains a patch for the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27082","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58392","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27082"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h","reference_id":"GHSA-j868-7vjp-rp9h","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T14:24:32Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/133926?format=json","purl":"pkg:apk/alpine/cacti@1.2.29-r0?arch=x86&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86&distroversion=v3.24&reponame=community"}],"aliases":["CVE-2024-27082"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4zew-m18s-fubf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31034?format=json","vulnerability_id":"VCID-cy41-xtyc-fug9","summary":"Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54145","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39403","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574","reference_id":"1094574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574"},{"reference_url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_id":"c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/"}],"url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp","reference_id":"GHSA-fh3x-69rr-qqpp","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/133926?format=json","purl":"pkg:apk/alpine/cacti@1.2.29-r0?arch=x86&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86&distroversion=v3.24&reponame=community"}],"aliases":["CVE-2024-54145"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cy41-xtyc-fug9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124289?format=json","vulnerability_id":"VCID-mq8u-bmqv-73aa","summary":"Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24368","reference_id":"","reference_type":"","scores":[{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29211","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24368"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574","reference_id":"1094574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574"},{"reference_url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_id":"c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/"}],"url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c","reference_id":"GHSA-f9c7-7rc3-574c","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/133926?format=json","purl":"pkg:apk/alpine/cacti@1.2.29-r0?arch=x86&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86&distroversion=v3.24&reponame=community"}],"aliases":["CVE-2025-24368"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mq8u-bmqv-73aa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124514?format=json","vulnerability_id":"VCID-t1p7-p932-uuha","summary":"Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24367","reference_id":"","reference_type":"","scores":[{"value":"0.87934","scoring_system":"epss","scoring_elements":"0.99495","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24367"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574","reference_id":"1094574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574"},{"reference_url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_id":"c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/"}],"url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq","reference_id":"GHSA-fxrq-fr7h-9rqq","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/133926?format=json","purl":"pkg:apk/alpine/cacti@1.2.29-r0?arch=x86&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86&distroversion=v3.24&reponame=community"}],"aliases":["CVE-2025-24367"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t1p7-p932-uuha"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86&distroversion=v3.24&reponame=community"}