{"url":"http://public2.vulnerablecode.io/api/packages/408192?format=json","purl":"pkg:apk/alpine/cacti@1.2.26-r0?arch=aarch64&distroversion=edge&reponame=community","type":"apk","namespace":"alpine","name":"cacti","version":"1.2.26-r0","qualifiers":{"arch":"aarch64","distroversion":"edge","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.2.27-r0","latest_non_vulnerable_version":"1.2.29-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266467?format=json","vulnerability_id":"VCID-8max-2avj-hkdt","summary":"Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51448","reference_id":"","reference_type":"","scores":[{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.96804","published_at":"2026-04-02T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.96806","published_at":"2026-04-04T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.96809","published_at":"2026-04-07T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.96817","published_at":"2026-04-08T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.96818","published_at":"2026-04-09T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.9682","published_at":"2026-04-11T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.96821","published_at":"2026-04-12T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.96822","published_at":"2026-04-13T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.96827","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51448"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/408192?format=json","purl":"pkg:apk/alpine/cacti@1.2.26-r0?arch=aarch64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=aarch64&distroversion=edge&reponame=community"}],"aliases":["CVE-2023-51448"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8max-2avj-hkdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95821?format=json","vulnerability_id":"VCID-ay5a-nkmf-5yar","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49086","reference_id":"","reference_type":"","scores":[{"value":"0.00949","scoring_system":"epss","scoring_elements":"0.76305","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00949","scoring_system":"epss","scoring_elements":"0.76335","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00949","scoring_system":"epss","scoring_elements":"0.76314","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00949","scoring_system":"epss","scoring_elements":"0.76347","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00949","scoring_system":"epss","scoring_elements":"0.76361","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00949","scoring_system":"epss","scoring_elements":"0.76387","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00949","scoring_system":"epss","scoring_elements":"0.76365","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00949","scoring_system":"epss","scoring_elements":"0.7636","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00949","scoring_system":"epss","scoring_elements":"0.76401","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254","reference_id":"1059254","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/408192?format=json","purl":"pkg:apk/alpine/cacti@1.2.26-r0?arch=aarch64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=aarch64&distroversion=edge&reponame=community"}],"aliases":["CVE-2023-49086"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ay5a-nkmf-5yar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95819?format=json","vulnerability_id":"VCID-d7db-n89n-qyd8","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49084","reference_id":"","reference_type":"","scores":[{"value":"0.88341","scoring_system":"epss","scoring_elements":"0.99488","published_at":"2026-04-02T12:55:00Z"},{"value":"0.88341","scoring_system":"epss","scoring_elements":"0.9949","published_at":"2026-04-04T12:55:00Z"},{"value":"0.88341","scoring_system":"epss","scoring_elements":"0.99492","published_at":"2026-04-07T12:55:00Z"},{"value":"0.88341","scoring_system":"epss","scoring_elements":"0.99493","published_at":"2026-04-08T12:55:00Z"},{"value":"0.88341","scoring_system":"epss","scoring_elements":"0.99494","published_at":"2026-04-09T12:55:00Z"},{"value":"0.88341","scoring_system":"epss","scoring_elements":"0.99495","published_at":"2026-04-13T12:55:00Z"},{"value":"0.88341","scoring_system":"epss","scoring_elements":"0.99498","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49084"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254","reference_id":"1059254","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/408192?format=json","purl":"pkg:apk/alpine/cacti@1.2.26-r0?arch=aarch64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=aarch64&distroversion=edge&reponame=community"}],"aliases":["CVE-2023-49084"],"risk_score":1.6,"exploitability":"2.0","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d7db-n89n-qyd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95820?format=json","vulnerability_id":"VCID-h3qa-svy4-1fcr","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49085","reference_id":"","reference_type":"","scores":[{"value":"0.91404","scoring_system":"epss","scoring_elements":"0.99656","published_at":"2026-04-02T12:55:00Z"},{"value":"0.91404","scoring_system":"epss","scoring_elements":"0.99658","published_at":"2026-04-04T12:55:00Z"},{"value":"0.91404","scoring_system":"epss","scoring_elements":"0.99659","published_at":"2026-04-07T12:55:00Z"},{"value":"0.91404","scoring_system":"epss","scoring_elements":"0.9966","published_at":"2026-04-09T12:55:00Z"},{"value":"0.91404","scoring_system":"epss","scoring_elements":"0.99661","published_at":"2026-04-12T12:55:00Z"},{"value":"0.91404","scoring_system":"epss","scoring_elements":"0.99662","published_at":"2026-04-13T12:55:00Z"},{"value":"0.91404","scoring_system":"epss","scoring_elements":"0.99663","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49085"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/408192?format=json","purl":"pkg:apk/alpine/cacti@1.2.26-r0?arch=aarch64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=aarch64&distroversion=edge&reponame=community"}],"aliases":["CVE-2023-49085"],"risk_score":1.6,"exploitability":"2.0","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h3qa-svy4-1fcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266453?format=json","vulnerability_id":"VCID-mwbm-aphc-akgu","summary":"Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50250","reference_id":"","reference_type":"","scores":[{"value":"0.02686","scoring_system":"epss","scoring_elements":"0.85793","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02686","scoring_system":"epss","scoring_elements":"0.85811","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03596","scoring_system":"epss","scoring_elements":"0.87735","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03596","scoring_system":"epss","scoring_elements":"0.87756","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03596","scoring_system":"epss","scoring_elements":"0.87762","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03596","scoring_system":"epss","scoring_elements":"0.87773","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03596","scoring_system":"epss","scoring_elements":"0.87768","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03596","scoring_system":"epss","scoring_elements":"0.87766","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03596","scoring_system":"epss","scoring_elements":"0.8778","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50250"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/408192?format=json","purl":"pkg:apk/alpine/cacti@1.2.26-r0?arch=aarch64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=aarch64&distroversion=edge&reponame=community"}],"aliases":["CVE-2023-50250"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mwbm-aphc-akgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95769?format=json","vulnerability_id":"VCID-xkkm-ss3p-1udc","summary":"SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46490","reference_id":"","reference_type":"","scores":[{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43135","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43075","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43071","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43098","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43037","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.4309","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43102","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43124","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46490"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059286","reference_id":"1059286","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059286"},{"reference_url":"https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53","reference_id":"a95632111138fcd7ccf7432ccb145b53","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T14:48:55Z/"}],"url":"https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c","reference_id":"GHSA-f4r3-53jr-654c","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T14:48:55Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/408192?format=json","purl":"pkg:apk/alpine/cacti@1.2.26-r0?arch=aarch64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=aarch64&distroversion=edge&reponame=community"}],"aliases":["CVE-2023-46490"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xkkm-ss3p-1udc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266496?format=json","vulnerability_id":"VCID-zkmp-kgyq-tfeh","summary":"Rejected reason: DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2023-50250. Reason: This record is a reservation duplicate of CVE-2023-50250. Notes: All CVE users should reference CVE-2023-50250 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/408192?format=json","purl":"pkg:apk/alpine/cacti@1.2.26-r0?arch=aarch64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=aarch64&distroversion=edge&reponame=community"}],"aliases":["CVE-2023-50569"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zkmp-kgyq-tfeh"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=aarch64&distroversion=edge&reponame=community"}