Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/cacti@1.2.27-r0?arch=ppc64le&distroversion=v3.20&reponame=community
Typeapk
Namespacealpine
Namecacti
Version1.2.27-r0
Qualifiers
arch ppc64le
distroversion v3.20
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.2.28-r0
Latest_non_vulnerable_version1.2.28-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-3y7d-ujep-4ydm
vulnerability_id VCID-3y7d-ujep-4ydm
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34340
reference_id
reference_type
scores
0
value 0.00842
scoring_system epss
scoring_elements 0.74739
published_at 2026-04-13T12:55:00Z
1
value 0.00842
scoring_system epss
scoring_elements 0.74732
published_at 2026-04-08T12:55:00Z
2
value 0.00842
scoring_system epss
scoring_elements 0.74747
published_at 2026-04-09T12:55:00Z
3
value 0.00842
scoring_system epss
scoring_elements 0.7477
published_at 2026-04-11T12:55:00Z
4
value 0.00842
scoring_system epss
scoring_elements 0.74749
published_at 2026-04-12T12:55:00Z
5
value 0.00842
scoring_system epss
scoring_elements 0.74699
published_at 2026-04-02T12:55:00Z
6
value 0.00842
scoring_system epss
scoring_elements 0.74726
published_at 2026-04-04T12:55:00Z
7
value 0.00842
scoring_system epss
scoring_elements 0.747
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34340
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34340
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34340
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m
reference_id GHSA-37x7-mfjv-mm7m
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:13:47Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:13:47Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
4
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.27-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/cacti@1.2.27-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.27-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community
aliases CVE-2024-34340
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3y7d-ujep-4ydm
1
url VCID-44fx-4w2y-y3dy
vulnerability_id VCID-44fx-4w2y-y3dy
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31458
reference_id
reference_type
scores
0
value 0.06015
scoring_system epss
scoring_elements 0.90711
published_at 2026-04-13T12:55:00Z
1
value 0.06015
scoring_system epss
scoring_elements 0.907
published_at 2026-04-08T12:55:00Z
2
value 0.06015
scoring_system epss
scoring_elements 0.90705
published_at 2026-04-09T12:55:00Z
3
value 0.06015
scoring_system epss
scoring_elements 0.90714
published_at 2026-04-11T12:55:00Z
4
value 0.06015
scoring_system epss
scoring_elements 0.90715
published_at 2026-04-12T12:55:00Z
5
value 0.06015
scoring_system epss
scoring_elements 0.9067
published_at 2026-04-02T12:55:00Z
6
value 0.06015
scoring_system epss
scoring_elements 0.9068
published_at 2026-04-04T12:55:00Z
7
value 0.06015
scoring_system epss
scoring_elements 0.90689
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31458
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31458
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31458
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x
reference_id GHSA-jrxg-8wh8-943x
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:19:29Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:19:29Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
4
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.27-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/cacti@1.2.27-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.27-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community
aliases CVE-2024-31458
risk_score 2.0
exploitability 0.5
weighted_severity 4.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44fx-4w2y-y3dy
2
url VCID-6t6n-ws5n-wkay
vulnerability_id VCID-6t6n-ws5n-wkay
summary Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31443
reference_id
reference_type
scores
0
value 0.00493
scoring_system epss
scoring_elements 0.65708
published_at 2026-04-13T12:55:00Z
1
value 0.00493
scoring_system epss
scoring_elements 0.65702
published_at 2026-04-04T12:55:00Z
2
value 0.00493
scoring_system epss
scoring_elements 0.65667
published_at 2026-04-07T12:55:00Z
3
value 0.00493
scoring_system epss
scoring_elements 0.65719
published_at 2026-04-08T12:55:00Z
4
value 0.00493
scoring_system epss
scoring_elements 0.65731
published_at 2026-04-09T12:55:00Z
5
value 0.00493
scoring_system epss
scoring_elements 0.65752
published_at 2026-04-11T12:55:00Z
6
value 0.00493
scoring_system epss
scoring_elements 0.65737
published_at 2026-04-12T12:55:00Z
7
value 0.00493
scoring_system epss
scoring_elements 0.65672
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31443
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31443
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31443
2
reference_url https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf
reference_id f946fa537d19678f938ddbd784a10e3290d275cf
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/
url https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf
3
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3
reference_id GHSA-rqc8-78cm-85j3
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
5
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.27-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/cacti@1.2.27-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.27-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community
aliases CVE-2024-31443
risk_score 2.5
exploitability 0.5
weighted_severity 5.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6t6n-ws5n-wkay
3
url VCID-85gc-u991-z3dw
vulnerability_id VCID-85gc-u991-z3dw
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25641
reference_id
reference_type
scores
0
value 0.88383
scoring_system epss
scoring_elements 0.99491
published_at 2026-04-02T12:55:00Z
1
value 0.88383
scoring_system epss
scoring_elements 0.99498
published_at 2026-04-13T12:55:00Z
2
value 0.88383
scoring_system epss
scoring_elements 0.99497
published_at 2026-04-09T12:55:00Z
3
value 0.88383
scoring_system epss
scoring_elements 0.99496
published_at 2026-04-08T12:55:00Z
4
value 0.88383
scoring_system epss
scoring_elements 0.99495
published_at 2026-04-07T12:55:00Z
5
value 0.88383
scoring_system epss
scoring_elements 0.99493
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25641
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25641
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25641
2
reference_url http://seclists.org/fulldisclosure/2024/May/6
reference_id 6
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/
url http://seclists.org/fulldisclosure/2024/May/6
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52225.txt
reference_id CVE-2024-25641
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52225.txt
4
reference_url https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210
reference_id eff35b0ff26cc27c82d7880469ed6d5e3bef6210
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/
url https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210
5
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88
reference_id GHSA-7cmj-g5qc-pj88
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
7
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.27-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/cacti@1.2.27-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.27-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community
aliases CVE-2024-25641
risk_score 10.0
exploitability 2.0
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-85gc-u991-z3dw
4
url VCID-fhtp-y9a5-vqgj
vulnerability_id VCID-fhtp-y9a5-vqgj
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31445
reference_id
reference_type
scores
0
value 0.39471
scoring_system epss
scoring_elements 0.97293
published_at 2026-04-09T12:55:00Z
1
value 0.39471
scoring_system epss
scoring_elements 0.97298
published_at 2026-04-13T12:55:00Z
2
value 0.39471
scoring_system epss
scoring_elements 0.97297
published_at 2026-04-12T12:55:00Z
3
value 0.39471
scoring_system epss
scoring_elements 0.97296
published_at 2026-04-11T12:55:00Z
4
value 0.39471
scoring_system epss
scoring_elements 0.9728
published_at 2026-04-02T12:55:00Z
5
value 0.39471
scoring_system epss
scoring_elements 0.97285
published_at 2026-04-04T12:55:00Z
6
value 0.39471
scoring_system epss
scoring_elements 0.97286
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31445
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31445
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31445
2
reference_url https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717
reference_id api_automation.php#L717
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/
url https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717
3
reference_url https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856
reference_id api_automation.php#L856
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/
url https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856
4
reference_url https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886
reference_id fd93c6e47651958b77c3bbe6a01fff695f81e886
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/
url https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886
5
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc
reference_id GHSA-vjph-r677-6pcc
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
7
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.27-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/cacti@1.2.27-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.27-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community
aliases CVE-2024-31445
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fhtp-y9a5-vqgj
5
url VCID-jkca-shmj-mbbu
vulnerability_id VCID-jkca-shmj-mbbu
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31459
reference_id
reference_type
scores
0
value 0.01844
scoring_system epss
scoring_elements 0.82968
published_at 2026-04-13T12:55:00Z
1
value 0.01844
scoring_system epss
scoring_elements 0.82921
published_at 2026-04-02T12:55:00Z
2
value 0.01844
scoring_system epss
scoring_elements 0.82933
published_at 2026-04-04T12:55:00Z
3
value 0.01844
scoring_system epss
scoring_elements 0.8293
published_at 2026-04-07T12:55:00Z
4
value 0.01844
scoring_system epss
scoring_elements 0.82955
published_at 2026-04-08T12:55:00Z
5
value 0.01844
scoring_system epss
scoring_elements 0.82962
published_at 2026-04-09T12:55:00Z
6
value 0.01844
scoring_system epss
scoring_elements 0.82977
published_at 2026-04-11T12:55:00Z
7
value 0.01844
scoring_system epss
scoring_elements 0.82972
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31459
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31459
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
reference_id GHSA-cx8g-hvq8-p2rv
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
3
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r
reference_id GHSA-gj3f-p326-gh8r
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
reference_id GHSA-pfh9-gwm6-86vp
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
6
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.27-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/cacti@1.2.27-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.27-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community
aliases CVE-2024-31459
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jkca-shmj-mbbu
6
url VCID-k7kv-za2s-dud5
vulnerability_id VCID-k7kv-za2s-dud5
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31460
reference_id
reference_type
scores
0
value 0.01692
scoring_system epss
scoring_elements 0.82247
published_at 2026-04-13T12:55:00Z
1
value 0.01692
scoring_system epss
scoring_elements 0.82211
published_at 2026-04-04T12:55:00Z
2
value 0.01692
scoring_system epss
scoring_elements 0.82207
published_at 2026-04-07T12:55:00Z
3
value 0.01692
scoring_system epss
scoring_elements 0.82234
published_at 2026-04-08T12:55:00Z
4
value 0.01692
scoring_system epss
scoring_elements 0.82241
published_at 2026-04-09T12:55:00Z
5
value 0.01692
scoring_system epss
scoring_elements 0.8226
published_at 2026-04-11T12:55:00Z
6
value 0.01692
scoring_system epss
scoring_elements 0.82253
published_at 2026-04-12T12:55:00Z
7
value 0.01692
scoring_system epss
scoring_elements 0.82191
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31460
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31460
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
reference_id GHSA-cx8g-hvq8-p2rv
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
3
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r
reference_id GHSA-gj3f-p326-gh8r
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
5
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.27-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/cacti@1.2.27-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.27-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community
aliases CVE-2024-31460
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k7kv-za2s-dud5
7
url VCID-y4py-r1dd-9bcu
vulnerability_id VCID-y4py-r1dd-9bcu
summary Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js to fix CVE-2023-50250 (among others). However, it still generates the code out of unescaped PHP variables `$title` and `$header`. If those variables contain single quotes, they can be used to inject JavaScript code. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. Version 1.2.27 fixes this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-29894
reference_id
reference_type
scores
0
value 0.00162
scoring_system epss
scoring_elements 0.37141
published_at 2026-04-13T12:55:00Z
1
value 0.00162
scoring_system epss
scoring_elements 0.37298
published_at 2026-04-04T12:55:00Z
2
value 0.00162
scoring_system epss
scoring_elements 0.37127
published_at 2026-04-07T12:55:00Z
3
value 0.00162
scoring_system epss
scoring_elements 0.37178
published_at 2026-04-08T12:55:00Z
4
value 0.00162
scoring_system epss
scoring_elements 0.37192
published_at 2026-04-09T12:55:00Z
5
value 0.00162
scoring_system epss
scoring_elements 0.37202
published_at 2026-04-11T12:55:00Z
6
value 0.00162
scoring_system epss
scoring_elements 0.37168
published_at 2026-04-12T12:55:00Z
7
value 0.00162
scoring_system epss
scoring_elements 0.37271
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-29894
1
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh
reference_id GHSA-grj5-8fcj-34gh
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:24:33Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73
reference_id GHSA-xwqc-7jc4-xm73
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:24:33Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:24:33Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
4
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.27-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/cacti@1.2.27-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.27-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community
aliases CVE-2024-29894
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y4py-r1dd-9bcu
8
url VCID-y683-kz6e-afhv
vulnerability_id VCID-y683-kz6e-afhv
summary Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31444
reference_id
reference_type
scores
0
value 0.09401
scoring_system epss
scoring_elements 0.92787
published_at 2026-04-13T12:55:00Z
1
value 0.09401
scoring_system epss
scoring_elements 0.92769
published_at 2026-04-07T12:55:00Z
2
value 0.09401
scoring_system epss
scoring_elements 0.92778
published_at 2026-04-08T12:55:00Z
3
value 0.09401
scoring_system epss
scoring_elements 0.92783
published_at 2026-04-09T12:55:00Z
4
value 0.09401
scoring_system epss
scoring_elements 0.92788
published_at 2026-04-11T12:55:00Z
5
value 0.09401
scoring_system epss
scoring_elements 0.92767
published_at 2026-04-02T12:55:00Z
6
value 0.09401
scoring_system epss
scoring_elements 0.92772
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31444
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31444
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31444
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87
reference_id GHSA-p4ch-7hjw-6m87
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:22:10Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:22:10Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
4
reference_url https://usn.ubuntu.com/6969-1/
reference_id USN-6969-1
reference_type
scores
url https://usn.ubuntu.com/6969-1/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.27-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/cacti@1.2.27-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.27-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community
aliases CVE-2024-31444
risk_score 2.0
exploitability 0.5
weighted_severity 4.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y683-kz6e-afhv
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.27-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community