{"url":"http://public2.vulnerablecode.io/api/packages/167599?format=json","purl":"pkg:apk/alpine/cacti@1.2.25-r0?arch=loongarch64&distroversion=v3.22&reponame=community","type":"apk","namespace":"alpine","name":"cacti","version":"1.2.25-r0","qualifiers":{"arch":"loongarch64","distroversion":"v3.22","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.2.26-r0","latest_non_vulnerable_version":"1.2.29-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182315?format=json","vulnerability_id":"VCID-195g-capa-wkff","summary":"Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39513","reference_id":"","reference_type":"","scores":[{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56924","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.57044","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.57058","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.57051","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/167599?format=json","purl":"pkg:apk/alpine/cacti@1.2.25-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2023-39513"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-195g-capa-wkff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182312?format=json","vulnerability_id":"VCID-361r-7x26-uygd","summary":"Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39357","reference_id":"","reference_type":"","scores":[{"value":"0.03846","scoring_system":"epss","scoring_elements":"0.88456","published_at":"2026-06-11T12:55:00Z"},{"value":"0.03846","scoring_system":"epss","scoring_elements":"0.88495","published_at":"2026-06-12T12:55:00Z"},{"value":"0.03846","scoring_system":"epss","scoring_elements":"0.88502","published_at":"2026-06-13T12:55:00Z"},{"value":"0.03846","scoring_system":"epss","scoring_elements":"0.88501","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/167599?format=json","purl":"pkg:apk/alpine/cacti@1.2.25-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2023-39357"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-361r-7x26-uygd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182316?format=json","vulnerability_id":"VCID-6vex-xguy-v7h1","summary":"Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39516","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55807","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55927","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55942","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.5593","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39516"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/167599?format=json","purl":"pkg:apk/alpine/cacti@1.2.25-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2023-39516"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6vex-xguy-v7h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139582?format=json","vulnerability_id":"VCID-935h-fann-3bf1","summary":"Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The `data_sources.php` script displays the data source management information (e.g. data source path, polling configuration etc.) for different data visualizations of the _cacti_ app. \nCENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39366","reference_id":"","reference_type":"","scores":[{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.62091","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.62089","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.6198","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.62081","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39366"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/","reference_id":"CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5550","reference_id":"dsa-5550","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:41Z/"}],"url":"https://www.debian.org/security/2023/dsa-5550"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-rwhh-xxm6-vcrv","reference_id":"GHSA-rwhh-xxm6-vcrv","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:41Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-rwhh-xxm6-vcrv"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/","reference_id":"WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/","reference_id":"WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/167599?format=json","purl":"pkg:apk/alpine/cacti@1.2.25-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2023-39366"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-935h-fann-3bf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139507?format=json","vulnerability_id":"VCID-9ekq-dhsd-r3hb","summary":"Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_sources.php` displays the data source management information (e.g. data source path, polling configuration, device name related to the datasource etc.) for different data visualizations of the _cacti_ app. _CENSUS_ found that an adversary that is able to configure a malicious device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39512","reference_id":"","reference_type":"","scores":[{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68917","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68914","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68811","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68905","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39512"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/","reference_id":"CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:14Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5550","reference_id":"dsa-5550","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:14Z/"}],"url":"https://www.debian.org/security/2023/dsa-5550"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-vqcc-5v63-g9q7","reference_id":"GHSA-vqcc-5v63-g9q7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:14Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-vqcc-5v63-g9q7"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/","reference_id":"WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:14Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/","reference_id":"WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:14Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/167599?format=json","purl":"pkg:apk/alpine/cacti@1.2.25-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2023-39512"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ekq-dhsd-r3hb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139572?format=json","vulnerability_id":"VCID-c5z9-rt48-4ffx","summary":"Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39362","reference_id":"","reference_type":"","scores":[{"value":"0.87228","scoring_system":"epss","scoring_elements":"0.99469","published_at":"2026-06-11T12:55:00Z"},{"value":"0.87228","scoring_system":"epss","scoring_elements":"0.99471","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516"},{"reference_url":"http://packetstormsecurity.com/files/175029/Cacti-1.2.24-Command-Injection.html","reference_id":"Cacti-1.2.24-Command-Injection.html","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/"}],"url":"http://packetstormsecurity.com/files/175029/Cacti-1.2.24-Command-Injection.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/","reference_id":"CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51740.txt","reference_id":"CVE-2023-39362","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51740.txt"},{"reference_url":"https://www.debian.org/security/2023/dsa-5550","reference_id":"dsa-5550","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/"}],"url":"https://www.debian.org/security/2023/dsa-5550"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp","reference_id":"GHSA-g6ff-58cj-x3cp","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html","reference_id":"msg00018.html","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/","reference_id":"WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/","reference_id":"WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/167599?format=json","purl":"pkg:apk/alpine/cacti@1.2.25-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2023-39362"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c5z9-rt48-4ffx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139328?format=json","vulnerability_id":"VCID-e7r4-kycq-fyhn","summary":"Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `reports_user.php` file. In `ajax_get_branches`, the `tree_id` parameter is passed to the `reports_get_branch_select` function without any validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39358","reference_id":"","reference_type":"","scores":[{"value":"0.04722","scoring_system":"epss","scoring_elements":"0.89627","published_at":"2026-06-11T12:55:00Z"},{"value":"0.04722","scoring_system":"epss","scoring_elements":"0.89668","published_at":"2026-06-14T12:55:00Z"},{"value":"0.04722","scoring_system":"epss","scoring_elements":"0.89669","published_at":"2026-06-13T12:55:00Z"},{"value":"0.04722","scoring_system":"epss","scoring_elements":"0.89662","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39358"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/","reference_id":"CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:08:55Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-gj95-7xr8-9p7g","reference_id":"GHSA-gj95-7xr8-9p7g","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:08:55Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-gj95-7xr8-9p7g"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/","reference_id":"WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:08:55Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/","reference_id":"WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:08:55Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/167599?format=json","purl":"pkg:apk/alpine/cacti@1.2.25-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2023-39358"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e7r4-kycq-fyhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139708?format=json","vulnerability_id":"VCID-enu7-fbex-2bdr","summary":"Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The`reports_admin.php` script displays reporting information about graphs, devices, data sources etc.\nCENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/reports_admin.php` when the a graph with the maliciously altered device name is linked to the report. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39510","reference_id":"","reference_type":"","scores":[{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68917","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68914","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68811","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68905","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39510"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/","reference_id":"CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:00Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5550","reference_id":"dsa-5550","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:00Z/"}],"url":"https://www.debian.org/security/2023/dsa-5550"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-24w4-4hp2-3j8h","reference_id":"GHSA-24w4-4hp2-3j8h","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:00Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-24w4-4hp2-3j8h"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/","reference_id":"WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:00Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/","reference_id":"WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:00Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/167599?format=json","purl":"pkg:apk/alpine/cacti@1.2.25-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2023-39510"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-enu7-fbex-2bdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15738?format=json","vulnerability_id":"VCID-gn3e-uynd-gkfe","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39515","reference_id":"","reference_type":"","scores":[{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.53085","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.53215","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.53228","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.53212","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/","reference_id":"CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5550","reference_id":"dsa-5550","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/"}],"url":"https://www.debian.org/security/2023/dsa-5550"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h","reference_id":"GHSA-hrg9-qqqx-wc4h","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html","reference_id":"msg00018.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/","reference_id":"WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/","reference_id":"WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/167599?format=json","purl":"pkg:apk/alpine/cacti@1.2.25-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2023-39515"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gn3e-uynd-gkfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129845?format=json","vulnerability_id":"VCID-h2mr-s15u-sfcf","summary":"Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory (phpseclib), the necessary gadgets are not included, making them inaccessible and the insecure deserializations not exploitable. Each instance of insecure deserialization is due to using the unserialize function without sanitizing the user input. Cacti has a “safe” deserialization that attempts to sanitize the content and check for specific values before calling unserialize, but it isn’t used in these instances. The vulnerable code lies in graphs_new.php, specifically within the host_new_graphs_save function. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30534","reference_id":"","reference_type":"","scores":[{"value":"0.52473","scoring_system":"epss","scoring_elements":"0.97993","published_at":"2026-06-11T12:55:00Z"},{"value":"0.52473","scoring_system":"epss","scoring_elements":"0.98002","published_at":"2026-06-14T12:55:00Z"},{"value":"0.52473","scoring_system":"epss","scoring_elements":"0.98001","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30534"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/","reference_id":"CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/"},{"reference_url":"https://www.fastly.com/blog/cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25","reference_id":"cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/"}],"url":"https://www.fastly.com/blog/cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p","reference_id":"GHSA-77rf-774j-6h3p","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/","reference_id":"WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/","reference_id":"WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/167599?format=json","purl":"pkg:apk/alpine/cacti@1.2.25-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2023-30534"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h2mr-s15u-sfcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139295?format=json","vulnerability_id":"VCID-hm41-qrdt-wqa5","summary":"Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39365","reference_id":"","reference_type":"","scores":[{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41242","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41417","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41426","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41408","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39365"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/","reference_id":"CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5550","reference_id":"dsa-5550","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/"}],"url":"https://www.debian.org/security/2023/dsa-5550"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22","reference_id":"GHSA-v5w7-hww7-2f22","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html","reference_id":"msg00018.html","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/","reference_id":"WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/","reference_id":"WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/167599?format=json","purl":"pkg:apk/alpine/cacti@1.2.25-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2023-39365"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hm41-qrdt-wqa5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139371?format=json","vulnerability_id":"VCID-hxv4-cczk-13gu","summary":"Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `graphs.php` displays graph details such as data-source paths, data template information and graph related fields. _CENSUS_ found that an adversary that is able to configure either a data-source template with malicious code appended in the data-source name or a device with a malicious payload injected in the device name, may deploy a stored XSS attack against any user with _General Administration>Graphs_ privileges. A user that possesses the _Template Editor>Data Templates_ permissions can configure the data-source name in _cacti_. Please note that this may be a _low privileged_ user. This configuration occurs through `http://<HOST>/cacti/data_templates.php` by editing an existing or adding a new data template. If a template is linked to a graph then the formatted template name will be rendered in the graph's management page. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device name in _cacti_. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to upgrade should add manual HTML escaping.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39514","reference_id":"","reference_type":"","scores":[{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58926","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.59039","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.5905","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.59038","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39514"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/","reference_id":"CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:26Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5550","reference_id":"dsa-5550","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:26Z/"}],"url":"https://www.debian.org/security/2023/dsa-5550"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7","reference_id":"GHSA-6hrc-2cfc-8hm7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:26Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/","reference_id":"WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:26Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/","reference_id":"WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:26Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/167599?format=json","purl":"pkg:apk/alpine/cacti@1.2.25-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2023-39514"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hxv4-cczk-13gu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182313?format=json","vulnerability_id":"VCID-q5p8-rj9z-7qcj","summary":"Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39360","reference_id":"","reference_type":"","scores":[{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70759","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70849","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70862","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.7086","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/167599?format=json","purl":"pkg:apk/alpine/cacti@1.2.25-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2023-39360"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q5p8-rj9z-7qcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182314?format=json","vulnerability_id":"VCID-quny-cjsn-uqdu","summary":"Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39361","reference_id":"","reference_type":"","scores":[{"value":"0.92641","scoring_system":"epss","scoring_elements":"0.99759","published_at":"2026-06-11T12:55:00Z"},{"value":"0.92641","scoring_system":"epss","scoring_elements":"0.99761","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"},{"reference_url":"https://usn.ubuntu.com/6720-1/","reference_id":"USN-6720-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6720-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/167599?format=json","purl":"pkg:apk/alpine/cacti@1.2.25-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2023-39361"],"risk_score":1.6,"exploitability":"2.0","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-quny-cjsn-uqdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139425?format=json","vulnerability_id":"VCID-xvqz-wwt2-h7cd","summary":"Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `graphs.php` file. When dealing with the cases of ajax_hosts and ajax_hosts_noany, if the `site_id` parameter is greater than 0, it is directly reflected in the WHERE clause of the SQL statement. This creates an SQL injection vulnerability. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39359","reference_id":"","reference_type":"","scores":[{"value":"0.05576","scoring_system":"epss","scoring_elements":"0.90497","published_at":"2026-06-11T12:55:00Z"},{"value":"0.05576","scoring_system":"epss","scoring_elements":"0.90534","published_at":"2026-06-14T12:55:00Z"},{"value":"0.05576","scoring_system":"epss","scoring_elements":"0.90535","published_at":"2026-06-13T12:55:00Z"},{"value":"0.05576","scoring_system":"epss","scoring_elements":"0.90527","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/","reference_id":"CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5550","reference_id":"dsa-5550","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/"}],"url":"https://www.debian.org/security/2023/dsa-5550"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-q4wh-3f9w-836h","reference_id":"GHSA-q4wh-3f9w-836h","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-q4wh-3f9w-836h"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/","reference_id":"WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/","reference_id":"WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/167599?format=json","purl":"pkg:apk/alpine/cacti@1.2.25-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2023-39359"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xvqz-wwt2-h7cd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209915?format=json","vulnerability_id":"VCID-zy5u-4x9u-e7h7","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39364","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40634","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40801","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40824","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40811","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39364"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/167599?format=json","purl":"pkg:apk/alpine/cacti@1.2.25-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2023-39364"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zy5u-4x9u-e7h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133014?format=json","vulnerability_id":"VCID-zyyy-p6nu-m7aj","summary":"Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration>Sites/Devices/Data`. The victim of this attack could be any account with permissions to view `http://<HOST>/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49088","reference_id":"","reference_type":"","scores":[{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77647","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77722","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77729","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77715","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49088"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088"},{"reference_url":"https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php","reference_id":"data_debug.php","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/"}],"url":"https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h","reference_id":"GHSA-hrg9-qqqx-wc4h","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x","reference_id":"GHSA-q7g7-gcf6-wh4x","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html","reference_id":"msg00018.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/","reference_id":"RBEOAFKRARQHTDIYSL723XAFJ2Q6624X","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/167599?format=json","purl":"pkg:apk/alpine/cacti@1.2.25-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2023-49088"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zyyy-p6nu-m7aj"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"}