{"url":"http://public2.vulnerablecode.io/api/packages/584477?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie","type":"deb","namespace":"debian","name":"cacti","version":"1.2.16+ds1-2+deb11u5","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.2.19+ds1-1","latest_non_vulnerable_version":"1.2.30+ds1-3","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96527?format=json","vulnerability_id":"VCID-4twv-1yys-eban","summary":"Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22604","reference_id":"","reference_type":"","scores":[{"value":"0.70074","scoring_system":"epss","scoring_elements":"0.98685","published_at":"2026-04-29T12:55:00Z"},{"value":"0.70494","scoring_system":"epss","scoring_elements":"0.98711","published_at":"2026-05-12T12:55:00Z"},{"value":"0.70494","scoring_system":"epss","scoring_elements":"0.9871","published_at":"2026-05-11T12:55:00Z"},{"value":"0.70494","scoring_system":"epss","scoring_elements":"0.98708","published_at":"2026-05-09T12:55:00Z"},{"value":"0.70494","scoring_system":"epss","scoring_elements":"0.98713","published_at":"2026-05-14T12:55:00Z"},{"value":"0.70494","scoring_system":"epss","scoring_elements":"0.98706","published_at":"2026-05-05T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98742","published_at":"2026-04-02T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98758","published_at":"2026-04-21T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98762","published_at":"2026-04-24T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98763","published_at":"2026-04-26T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98757","published_at":"2026-04-18T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98746","published_at":"2026-04-04T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98749","published_at":"2026-04-07T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.9875","published_at":"2026-04-09T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98753","published_at":"2026-04-12T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98754","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574","reference_id":"1094574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574"},{"reference_url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_id":"c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/"}],"url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36","reference_id":"GHSA-c5j8-jxj3-hh36","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584477?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584478?format=json","purl":"pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2025-22604"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4twv-1yys-eban"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96207?format=json","vulnerability_id":"VCID-6ze5-dqdn-ykg3","summary":"Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45598","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19758","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1981","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19532","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19611","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19664","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19668","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24993","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24939","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24951","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24944","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24917","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.2486","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24848","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24804","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25104","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25168","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25228","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25155","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25174","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25252","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574","reference_id":"1094574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584477?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584478?format=json","purl":"pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2024-45598"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ze5-dqdn-ykg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96561?format=json","vulnerability_id":"VCID-7m68-seeq-tuae","summary":"Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24368","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.2139","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21335","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29193","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29093","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29153","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29168","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29092","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29112","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.2964","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29678","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.2968","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29636","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29586","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29605","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29579","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29534","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29418","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29304","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29239","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34947","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24368"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574","reference_id":"1094574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574"},{"reference_url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_id":"c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/"}],"url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c","reference_id":"GHSA-f9c7-7rc3-574c","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584477?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584478?format=json","purl":"pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2025-24368"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7m68-seeq-tuae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96189?format=json","vulnerability_id":"VCID-be57-gxmc-vqd4","summary":"Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43362","reference_id":"","reference_type":"","scores":[{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90214","published_at":"2026-04-24T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.9021","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90213","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90156","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90162","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90177","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90183","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90192","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90191","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90185","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90203","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90204","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.902","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05594","scoring_system":"epss","scoring_elements":"0.90394","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05594","scoring_system":"epss","scoring_elements":"0.90375","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05594","scoring_system":"epss","scoring_elements":"0.90372","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05594","scoring_system":"epss","scoring_elements":"0.90381","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05594","scoring_system":"epss","scoring_elements":"0.90347","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05594","scoring_system":"epss","scoring_elements":"0.90364","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07763","scoring_system":"epss","scoring_elements":"0.91918","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c","reference_id":"GHSA-wh9c-v56x-v77c","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:07:47Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584477?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584524?format=json","purl":"pkg:deb/debian/cacti@1.2.28%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2024-43362"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-be57-gxmc-vqd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96190?format=json","vulnerability_id":"VCID-hj89-pnag-3fer","summary":"Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43363","reference_id":"","reference_type":"","scores":[{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98901","published_at":"2026-05-14T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98897","published_at":"2026-05-11T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98899","published_at":"2026-05-12T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98868","published_at":"2026-04-02T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98869","published_at":"2026-04-04T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98872","published_at":"2026-04-09T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98873","published_at":"2026-04-08T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98875","published_at":"2026-04-11T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98876","published_at":"2026-04-13T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98878","published_at":"2026-04-16T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98879","published_at":"2026-04-18T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98883","published_at":"2026-04-21T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98888","published_at":"2026-04-24T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98887","published_at":"2026-04-26T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98889","published_at":"2026-04-29T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98892","published_at":"2026-05-05T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98893","published_at":"2026-05-07T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98895","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43363"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4","reference_id":"GHSA-gxq4-mv8h-6qj4","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-08T14:21:20Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584477?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584524?format=json","purl":"pkg:deb/debian/cacti@1.2.28%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2024-43363"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hj89-pnag-3fer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96560?format=json","vulnerability_id":"VCID-khhn-9sja-sfgr","summary":"Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24367","reference_id":"","reference_type":"","scores":[{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99621","published_at":"2026-05-14T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99617","published_at":"2026-05-09T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99618","published_at":"2026-05-11T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99619","published_at":"2026-05-12T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99606","published_at":"2026-04-04T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99608","published_at":"2026-04-11T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99609","published_at":"2026-04-13T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.9961","published_at":"2026-04-18T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99611","published_at":"2026-04-21T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99612","published_at":"2026-04-24T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99613","published_at":"2026-04-26T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99614","published_at":"2026-04-29T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99616","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24367"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574","reference_id":"1094574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574"},{"reference_url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_id":"c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/"}],"url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq","reference_id":"GHSA-fxrq-fr7h-9rqq","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584477?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584478?format=json","purl":"pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2025-24367"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"7.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-khhn-9sja-sfgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11742?format=json","vulnerability_id":"VCID-mebp-4rfu-vqcq","summary":"DOMpurify has a nesting-based mXSS\nDOMpurify was vulnerable to nesting-based mXSS \n\nfixed by [0ef5e537](https://github.com/cure53/DOMPurify/tree/0ef5e537a514f904b6aa1d7ad9e749e365d7185f) (2.x) and\n[merge 943](https://github.com/cure53/DOMPurify/pull/943)\n\nBackporter should be aware of GHSA-mmhx-hmjr-r674 (CVE-2024-45801) when cherry-picking\n\nPOC is avaible under [test](https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47875.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47875.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47875","reference_id":"","reference_type":"","scores":[{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.72019","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.72061","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.72026","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.71978","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.71993","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.7201","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.71986","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.71974","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.71935","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.71959","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.71939","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72625","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72534","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72529","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72486","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.7257","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72544","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72581","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72555","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72525","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47875"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875"},{"reference_url":"http://seclists.org/fulldisclosure/2025/Apr/14","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"7.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2025/Apr/14"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/cure53/DOMPurify","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"7.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cure53/DOMPurify"},{"reference_url":"https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"7.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/"}],"url":"https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"},{"reference_url":"https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"7.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/"}],"url":"https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f"},{"reference_url":"https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"7.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/"}],"url":"https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a"},{"reference_url":"https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/"}],"url":"https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"7.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47875","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"7.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47875"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983","reference_id":"1084983","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318052","reference_id":"2318052","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318052"},{"reference_url":"https://github.com/advisories/GHSA-gx9m-whjm-85jf","reference_id":"GHSA-gx9m-whjm-85jf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gx9m-whjm-85jf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10236","reference_id":"RHSA-2024:10236","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10236"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10988","reference_id":"RHSA-2024:10988","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10988"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8683","reference_id":"RHSA-2024:8683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8981","reference_id":"RHSA-2024:8981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9473","reference_id":"RHSA-2024:9473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9629","reference_id":"RHSA-2024:9629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0329","reference_id":"RHSA-2025:0329","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0329"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584477?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583697?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583698?format=json","purl":"pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.26%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2024-47875","GHSA-gx9m-whjm-85jf"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mebp-4rfu-vqcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96191?format=json","vulnerability_id":"VCID-s8du-gzj2-gkc1","summary":"Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43364","reference_id":"","reference_type":"","scores":[{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.9003","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90047","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90048","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89988","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89993","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90009","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90014","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90024","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90022","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90016","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90032","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90033","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90249","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90231","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90226","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90235","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90205","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.9022","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07542","scoring_system":"epss","scoring_elements":"0.91788","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43364"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5","reference_id":"GHSA-fgc6-g8gc-wcg5","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:27Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584477?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584524?format=json","purl":"pkg:deb/debian/cacti@1.2.28%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2024-43364"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s8du-gzj2-gkc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96284?format=json","vulnerability_id":"VCID-sx2t-uzae-2fh9","summary":"Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54145","reference_id":"","reference_type":"","scores":[{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.2464","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24415","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24603","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39346","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39616","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39631","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3964","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39604","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39587","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39638","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39525","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39609","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39248","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3933","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39865","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39835","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39853","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.3977","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39795","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39769","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574","reference_id":"1094574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574"},{"reference_url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_id":"c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/"}],"url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp","reference_id":"GHSA-fh3x-69rr-qqpp","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584477?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584478?format=json","purl":"pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2024-54145"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sx2t-uzae-2fh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11772?format=json","vulnerability_id":"VCID-vbs9-gben-9kgc","summary":"DOMPurify vulnerable to tampering by prototype polution\ndompurify was vulnerable to prototype pollution\n\nFixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48910.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48910.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48910","reference_id":"","reference_type":"","scores":[{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85613","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85649","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85647","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85636","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85547","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85615","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85553","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85573","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85583","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85597","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85594","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.8559","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85619","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02662","scoring_system":"epss","scoring_elements":"0.85857","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02662","scoring_system":"epss","scoring_elements":"0.85943","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02662","scoring_system":"epss","scoring_elements":"0.85897","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02662","scoring_system":"epss","scoring_elements":"0.8588","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02662","scoring_system":"epss","scoring_elements":"0.85908","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02662","scoring_system":"epss","scoring_elements":"0.85895","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02808","scoring_system":"epss","scoring_elements":"0.86074","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48910"},{"reference_url":"https://github.com/cure53/DOMPurify","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cure53/DOMPurify"},{"reference_url":"https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-31T15:52:58Z/"}],"url":"https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc"},{"reference_url":"https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-31T15:52:58Z/"}],"url":"https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48910","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48910"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2322949","reference_id":"2322949","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2322949"},{"reference_url":"https://github.com/advisories/GHSA-p3vf-v8qc-cwcr","reference_id":"GHSA-p3vf-v8qc-cwcr","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p3vf-v8qc-cwcr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10186","reference_id":"RHSA-2024:10186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9583","reference_id":"RHSA-2024:9583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0079","reference_id":"RHSA-2025:0079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0082","reference_id":"RHSA-2025:0082","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0082"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0654","reference_id":"RHSA-2025:0654","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0654"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0875","reference_id":"RHSA-2025:0875","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0875"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18233","reference_id":"RHSA-2025:18233","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18233"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19003","reference_id":"RHSA-2025:19003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19017","reference_id":"RHSA-2025:19017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19047","reference_id":"RHSA-2025:19047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19306","reference_id":"RHSA-2025:19306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19314","reference_id":"RHSA-2025:19314","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19314"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19895","reference_id":"RHSA-2025:19895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22284","reference_id":"RHSA-2025:22284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22284"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584477?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583697?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583698?format=json","purl":"pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.26%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2024-48910","GHSA-p3vf-v8qc-cwcr"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vbs9-gben-9kgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96192?format=json","vulnerability_id":"VCID-xdbp-7rtr-fyb7","summary":"Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43365","reference_id":"","reference_type":"","scores":[{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90048","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90047","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89975","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89988","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89993","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90009","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90014","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90024","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90022","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90016","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90032","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90033","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.9003","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90249","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90226","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90235","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90205","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.9022","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90231","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43365"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr","reference_id":"GHSA-49f2-hwx9-qffr","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:21Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584477?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584524?format=json","purl":"pkg:deb/debian/cacti@1.2.28%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"aliases":["CVE-2024-43365"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xdbp-7rtr-fyb7"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie"}