{"url":"http://public2.vulnerablecode.io/api/packages/582137?format=json","purl":"pkg:deb/debian/cacti@0?distro=trixie","type":"deb","namespace":"debian","name":"cacti","version":"0","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.6.8-1","latest_non_vulnerable_version":"1.2.30+ds1-3","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266467?format=json","vulnerability_id":"VCID-8max-2avj-hkdt","summary":"Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51448","reference_id":"","reference_type":"","scores":[{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.96804","published_at":"2026-04-02T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.96806","published_at":"2026-04-04T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.96809","published_at":"2026-04-07T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.96817","published_at":"2026-04-08T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.96818","published_at":"2026-04-09T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.9682","published_at":"2026-04-11T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.96821","published_at":"2026-04-12T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.96822","published_at":"2026-04-13T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.96827","published_at":"2026-04-16T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.96831","published_at":"2026-04-18T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.96834","published_at":"2026-04-24T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.96836","published_at":"2026-04-26T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.9684","published_at":"2026-04-29T12:55:00Z"},{"value":"0.32076","scoring_system":"epss","scoring_elements":"0.96846","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51448"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582137?format=json","purl":"pkg:deb/debian/cacti@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583698?format=json","purl":"pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.26%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2023-51448"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8max-2avj-hkdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/243855?format=json","vulnerability_id":"VCID-a1a1-zuaj-mqaa","summary":"Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page. Version 1.2.27 contains a patch for the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27082","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5793","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5799","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57972","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57976","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57995","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57971","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58027","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58029","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58046","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58024","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58003","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58034","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58032","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5801","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57973","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27082"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h","reference_id":"GHSA-j868-7vjp-rp9h","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T14:24:32Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582137?format=json","purl":"pkg:deb/debian/cacti@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582141?format=json","purl":"pkg:deb/debian/cacti@1.2.27%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.27%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2024-27082"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a1a1-zuaj-mqaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51603?format=json","vulnerability_id":"VCID-a4qr-bw5v-t3hx","summary":"Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31132","reference_id":"","reference_type":"","scores":[{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30349","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30876","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30907","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30887","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30853","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.3069","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30574","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.3049","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.31006","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.31054","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30872","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.3093","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.3096","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30964","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30921","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31132"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/","reference_id":"CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:08:43Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-rf5w-pq3f-9876","reference_id":"GHSA-rf5w-pq3f-9876","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:08:43Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-rf5w-pq3f-9876"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/","reference_id":"WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:08:43Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/","reference_id":"WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:08:43Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582137?format=json","purl":"pkg:deb/debian/cacti@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2023-31132"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a4qr-bw5v-t3hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224812?format=json","vulnerability_id":"VCID-bzm7-peh5-nqba","summary":"Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d contains a patch for the issue, but this commit was reverted in commit 99633903cad0de5ace636249de16f77e57a3c8fc.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29895","reference_id":"","reference_type":"","scores":[{"value":"0.93223","scoring_system":"epss","scoring_elements":"0.998","published_at":"2026-04-04T12:55:00Z"},{"value":"0.93223","scoring_system":"epss","scoring_elements":"0.99806","published_at":"2026-05-05T12:55:00Z"},{"value":"0.93223","scoring_system":"epss","scoring_elements":"0.99804","published_at":"2026-04-26T12:55:00Z"},{"value":"0.93223","scoring_system":"epss","scoring_elements":"0.99803","published_at":"2026-04-18T12:55:00Z"},{"value":"0.93223","scoring_system":"epss","scoring_elements":"0.99802","published_at":"2026-04-13T12:55:00Z"},{"value":"0.93223","scoring_system":"epss","scoring_elements":"0.99801","published_at":"2026-04-12T12:55:00Z"},{"value":"0.93223","scoring_system":"epss","scoring_elements":"0.99799","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29895"},{"reference_url":"https://github.com/Cacti/cacti/commit/53e8014d1f082034e0646edc6286cde3800c683d","reference_id":"53e8014d1f082034e0646edc6286cde3800c683d","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-13T17:31:11Z/"}],"url":"https://github.com/Cacti/cacti/commit/53e8014d1f082034e0646edc6286cde3800c683d"},{"reference_url":"https://github.com/Cacti/cacti/commit/99633903cad0de5ace636249de16f77e57a3c8fc","reference_id":"99633903cad0de5ace636249de16f77e57a3c8fc","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-13T17:31:11Z/"}],"url":"https://github.com/Cacti/cacti/commit/99633903cad0de5ace636249de16f77e57a3c8fc"},{"reference_url":"https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/cmd_realtime.php#L119","reference_id":"cmd_realtime.php#L119","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-13T17:31:11Z/"}],"url":"https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/cmd_realtime.php#L119"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m","reference_id":"GHSA-cr28-x256-xf5m","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-13T17:31:11Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582137?format=json","purl":"pkg:deb/debian/cacti@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2024-29895"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bzm7-peh5-nqba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51605?format=json","vulnerability_id":"VCID-d7t8-6cty-sqde","summary":"Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39358","reference_id":"","reference_type":"","scores":[{"value":"0.03993","scoring_system":"epss","scoring_elements":"0.88459","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03993","scoring_system":"epss","scoring_elements":"0.88418","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03993","scoring_system":"epss","scoring_elements":"0.88417","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03993","scoring_system":"epss","scoring_elements":"0.88432","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03993","scoring_system":"epss","scoring_elements":"0.88428","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03993","scoring_system":"epss","scoring_elements":"0.88426","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03993","scoring_system":"epss","scoring_elements":"0.88443","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03993","scoring_system":"epss","scoring_elements":"0.88447","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03993","scoring_system":"epss","scoring_elements":"0.88376","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03993","scoring_system":"epss","scoring_elements":"0.88385","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03993","scoring_system":"epss","scoring_elements":"0.88389","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03993","scoring_system":"epss","scoring_elements":"0.88408","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03993","scoring_system":"epss","scoring_elements":"0.88415","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03993","scoring_system":"epss","scoring_elements":"0.88425","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39358"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/","reference_id":"CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:08:55Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-gj95-7xr8-9p7g","reference_id":"GHSA-gj95-7xr8-9p7g","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:08:55Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-gj95-7xr8-9p7g"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/","reference_id":"WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:08:55Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/","reference_id":"WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:08:55Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582137?format=json","purl":"pkg:deb/debian/cacti@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583748?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583749?format=json","purl":"pkg:deb/debian/cacti@1.2.25%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.25%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2023-39358"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d7t8-6cty-sqde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266530?format=json","vulnerability_id":"VCID-du4b-tbxt-mqfr","summary":"Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The `data_sources.php` script displays the data source management information (e.g. data source path, polling configuration etc.) for different data visualizations of the _cacti_ app. \nCENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39366","reference_id":"","reference_type":"","scores":[{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58313","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58415","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58394","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58375","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58407","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58411","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58388","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.5835","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58362","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58348","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58345","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58365","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58339","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58392","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58398","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39366"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/","reference_id":"CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5550","reference_id":"dsa-5550","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:41Z/"}],"url":"https://www.debian.org/security/2023/dsa-5550"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-rwhh-xxm6-vcrv","reference_id":"GHSA-rwhh-xxm6-vcrv","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:41Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-rwhh-xxm6-vcrv"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/","reference_id":"WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/","reference_id":"WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582137?format=json","purl":"pkg:deb/debian/cacti@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583748?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583749?format=json","purl":"pkg:deb/debian/cacti@1.2.25%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.25%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2023-39366"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-du4b-tbxt-mqfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/318030?format=json","vulnerability_id":"VCID-dup5-9qdp-5udn","summary":"Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-26520","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20092","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20217","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20212","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20178","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20502","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2056","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20289","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2037","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20427","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20457","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20411","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20356","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20345","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20347","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20344","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-26520"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095721","reference_id":"1095721","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095721"},{"reference_url":"https://github.com/Cacti/cacti/pull/6096","reference_id":"6096","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:01:49Z/"}],"url":"https://github.com/Cacti/cacti/pull/6096"},{"reference_url":"https://github.com/Cacti/cacti/commit/7fa60c03ad4a69c701ac6b77c85a8927df7acd51","reference_id":"7fa60c03ad4a69c701ac6b77c85a8927df7acd51","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:01:49Z/"}],"url":"https://github.com/Cacti/cacti/commit/7fa60c03ad4a69c701ac6b77c85a8927df7acd51"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582137?format=json","purl":"pkg:deb/debian/cacti@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2025-26520"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dup5-9qdp-5udn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51611?format=json","vulnerability_id":"VCID-h6vp-37u4-b7f3","summary":"Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39510","reference_id":"","reference_type":"","scores":[{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65744","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65672","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65723","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65735","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65757","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65742","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65713","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65747","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65761","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65771","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65677","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65707","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39510"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/","reference_id":"CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:00Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5550","reference_id":"dsa-5550","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:00Z/"}],"url":"https://www.debian.org/security/2023/dsa-5550"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-24w4-4hp2-3j8h","reference_id":"GHSA-24w4-4hp2-3j8h","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:00Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-24w4-4hp2-3j8h"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/","reference_id":"WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:00Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/","reference_id":"WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:00Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582137?format=json","purl":"pkg:deb/debian/cacti@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583748?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583749?format=json","purl":"pkg:deb/debian/cacti@1.2.25%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.25%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2023-39510"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h6vp-37u4-b7f3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51598?format=json","vulnerability_id":"VCID-hdjk-szxs-5bdu","summary":"Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14424","reference_id":"","reference_type":"","scores":[{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59781","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59857","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59882","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59852","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59903","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59916","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59938","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59922","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59904","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59943","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59949","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59934","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59921","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59908","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59869","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14424"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"},{"reference_url":"https://usn.ubuntu.com/USN-5214-1/","reference_id":"USN-USN-5214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582137?format=json","purl":"pkg:deb/debian/cacti@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/586247?format=json","purl":"pkg:deb/debian/cacti@1.2.19%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.19%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2020-14424"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hdjk-szxs-5bdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266453?format=json","vulnerability_id":"VCID-mwbm-aphc-akgu","summary":"Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50250","reference_id":"","reference_type":"","scores":[{"value":"0.02686","scoring_system":"epss","scoring_elements":"0.85793","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02686","scoring_system":"epss","scoring_elements":"0.85811","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03596","scoring_system":"epss","scoring_elements":"0.87735","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03596","scoring_system":"epss","scoring_elements":"0.87756","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03596","scoring_system":"epss","scoring_elements":"0.87762","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03596","scoring_system":"epss","scoring_elements":"0.87773","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03596","scoring_system":"epss","scoring_elements":"0.87768","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03596","scoring_system":"epss","scoring_elements":"0.87766","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03596","scoring_system":"epss","scoring_elements":"0.8778","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03596","scoring_system":"epss","scoring_elements":"0.87779","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03596","scoring_system":"epss","scoring_elements":"0.87778","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03596","scoring_system":"epss","scoring_elements":"0.87795","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03596","scoring_system":"epss","scoring_elements":"0.87801","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03596","scoring_system":"epss","scoring_elements":"0.87798","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03596","scoring_system":"epss","scoring_elements":"0.87813","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50250"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582137?format=json","purl":"pkg:deb/debian/cacti@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583697?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583698?format=json","purl":"pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.26%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2023-50250"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mwbm-aphc-akgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/146437?format=json","vulnerability_id":"VCID-myxu-h49e-77f1","summary":"In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7464","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39391","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39553","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39576","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39491","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39546","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39562","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39572","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39534","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39517","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39567","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3954","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39455","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39261","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39245","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39164","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39038","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7464"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582137?format=json","purl":"pkg:deb/debian/cacti@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2013-7464"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-myxu-h49e-77f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51612?format=json","vulnerability_id":"VCID-w11p-1pr3-7ybp","summary":"Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39511","reference_id":"","reference_type":"","scores":[{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68349","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68285","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68324","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68335","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68315","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68358","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68366","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68371","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68243","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68262","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68238","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68288","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68304","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.6833","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68318","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39511"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/","reference_id":"CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T20:03:12Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-5hpr-4hhc-8q42","reference_id":"GHSA-5hpr-4hhc-8q42","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T20:03:12Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-5hpr-4hhc-8q42"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/","reference_id":"WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T20:03:12Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/","reference_id":"WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T20:03:12Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582137?format=json","purl":"pkg:deb/debian/cacti@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583748?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583749?format=json","purl":"pkg:deb/debian/cacti@1.2.25%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.25%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2023-39511"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w11p-1pr3-7ybp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97729?format=json","vulnerability_id":"VCID-y4py-r1dd-9bcu","summary":"Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js to fix CVE-2023-50250 (among others). However, it still generates the code out of unescaped PHP variables `$title` and `$header`. If those variables contain single quotes, they can be used to inject JavaScript code. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. Version 1.2.27 fixes this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29894","reference_id":"","reference_type":"","scores":[{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36652","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37187","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.3717","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37114","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36889","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36857","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.3677","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37271","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37298","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37127","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37178","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37192","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37202","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37141","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29894"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh","reference_id":"GHSA-grj5-8fcj-34gh","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:24:33Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73","reference_id":"GHSA-xwqc-7jc4-xm73","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:24:33Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/","reference_id":"RBEOAFKRARQHTDIYSL723XAFJ2Q6624X","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:24:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"},{"reference_url":"https://usn.ubuntu.com/6969-1/","reference_id":"USN-6969-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6969-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582137?format=json","purl":"pkg:deb/debian/cacti@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582139?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582141?format=json","purl":"pkg:deb/debian/cacti@1.2.27%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.27%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2024-29894"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y4py-r1dd-9bcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/181523?format=json","vulnerability_id":"VCID-ye6u-vkxs-w7fz","summary":"Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54146","reference_id":"","reference_type":"","scores":[{"value":"0.09021","scoring_system":"epss","scoring_elements":"0.92645","published_at":"2026-04-29T12:55:00Z"},{"value":"0.09244","scoring_system":"epss","scoring_elements":"0.92746","published_at":"2026-05-05T12:55:00Z"},{"value":"0.09817","scoring_system":"epss","scoring_elements":"0.9297","published_at":"2026-04-11T12:55:00Z"},{"value":"0.09817","scoring_system":"epss","scoring_elements":"0.92981","published_at":"2026-04-18T12:55:00Z"},{"value":"0.09817","scoring_system":"epss","scoring_elements":"0.92988","published_at":"2026-04-21T12:55:00Z"},{"value":"0.09817","scoring_system":"epss","scoring_elements":"0.92992","published_at":"2026-04-24T12:55:00Z"},{"value":"0.09817","scoring_system":"epss","scoring_elements":"0.92993","published_at":"2026-04-26T12:55:00Z"},{"value":"0.09817","scoring_system":"epss","scoring_elements":"0.92949","published_at":"2026-04-02T12:55:00Z"},{"value":"0.09817","scoring_system":"epss","scoring_elements":"0.92954","published_at":"2026-04-04T12:55:00Z"},{"value":"0.09817","scoring_system":"epss","scoring_elements":"0.92953","published_at":"2026-04-07T12:55:00Z"},{"value":"0.09817","scoring_system":"epss","scoring_elements":"0.92961","published_at":"2026-04-08T12:55:00Z"},{"value":"0.09817","scoring_system":"epss","scoring_elements":"0.92965","published_at":"2026-04-09T12:55:00Z"},{"value":"0.09817","scoring_system":"epss","scoring_elements":"0.92968","published_at":"2026-04-12T12:55:00Z"},{"value":"0.09817","scoring_system":"epss","scoring_elements":"0.92969","published_at":"2026-04-13T12:55:00Z"},{"value":"0.09817","scoring_system":"epss","scoring_elements":"0.92979","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54146"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574","reference_id":"1094574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574"},{"reference_url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_id":"c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:47:46Z/"}],"url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-vj9g-p7f2-4wqj","reference_id":"GHSA-vj9g-p7f2-4wqj","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:47:46Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-vj9g-p7f2-4wqj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582137?format=json","purl":"pkg:deb/debian/cacti@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584478?format=json","purl":"pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2024-54146"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ye6u-vkxs-w7fz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185287?format=json","vulnerability_id":"VCID-yp44-k5kc-kqbd","summary":"Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit a38b9046e9772612fda847b46308f9391a49891e.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-30268","reference_id":"","reference_type":"","scores":[{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3436","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34889","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34873","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34828","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34593","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34573","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34486","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34928","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34954","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34834","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34879","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34907","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3491","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34874","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3485","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-30268"},{"reference_url":"https://github.com/Cacti/cacti/commit/a38b9046e9772612fda847b46308f9391a49891e","reference_id":"a38b9046e9772612fda847b46308f9391a49891e","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T16:33:01Z/"}],"url":"https://github.com/Cacti/cacti/commit/a38b9046e9772612fda847b46308f9391a49891e"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-9m3v-whmr-pc2q","reference_id":"GHSA-9m3v-whmr-pc2q","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T16:33:01Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-9m3v-whmr-pc2q"},{"reference_url":"https://github.com/Cacti/cacti/blob/08497b8bcc6a6037f7b1aae303ad8f7dfaf7364e/settings.php#L66","reference_id":"settings.php#L66","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T16:33:01Z/"}],"url":"https://github.com/Cacti/cacti/blob/08497b8bcc6a6037f7b1aae303ad8f7dfaf7364e/settings.php#L66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582137?format=json","purl":"pkg:deb/debian/cacti@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2024-30268"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yp44-k5kc-kqbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51613?format=json","vulnerability_id":"VCID-zf92-pzgz-dfg7","summary":"Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39512","reference_id":"","reference_type":"","scores":[{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65744","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65672","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65723","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65735","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65757","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65742","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65713","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65747","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65761","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65771","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65677","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65707","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39512"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/","reference_id":"CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:14Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5550","reference_id":"dsa-5550","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:14Z/"}],"url":"https://www.debian.org/security/2023/dsa-5550"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-vqcc-5v63-g9q7","reference_id":"GHSA-vqcc-5v63-g9q7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:14Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-vqcc-5v63-g9q7"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/","reference_id":"WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:14Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/","reference_id":"WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:14Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582137?format=json","purl":"pkg:deb/debian/cacti@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583748?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583749?format=json","purl":"pkg:deb/debian/cacti@1.2.25%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.25%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2023-39512"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zf92-pzgz-dfg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51615?format=json","vulnerability_id":"VCID-znew-xktt-p7hy","summary":"Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39514","reference_id":"","reference_type":"","scores":[{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.54999","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55127","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55138","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55118","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55139","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55142","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55122","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55057","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55048","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55076","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55101","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55077","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39514"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/","reference_id":"CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:26Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5550","reference_id":"dsa-5550","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:26Z/"}],"url":"https://www.debian.org/security/2023/dsa-5550"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7","reference_id":"GHSA-6hrc-2cfc-8hm7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:26Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/","reference_id":"WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:26Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/","reference_id":"WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:26Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582137?format=json","purl":"pkg:deb/debian/cacti@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583748?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583749?format=json","purl":"pkg:deb/debian/cacti@1.2.25%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.25%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2023-39514"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-znew-xktt-p7hy"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie"}