{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","type":"deb","namespace":"debian","name":"cacti","version":"1.2.24+ds1-1+deb12u5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.2.30+ds1-1","latest_non_vulnerable_version":"1.2.30+ds1-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96902?format=json","vulnerability_id":"VCID-4e5y-1s19-r7g7","summary":"Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are accepted, stored verbatim in the database, and later embedded into backend SNMP operations. In environments where downstream SNMP tooling or wrappers interpret newline-separated tokens as command boundaries, this can lead to unintended command execution with the privileges of the Cacti process. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66399","reference_id":"","reference_type":"","scores":[{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54907","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55052","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54992","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54966","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55007","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54949","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57639","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63923","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63909","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63876","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63912","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63921","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63927","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63939","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63937","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.6391","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63893","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63842","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63885","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66399"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-c7rr-2h93-7gjf","reference_id":"GHSA-c7rr-2h93-7gjf","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-02T18:25:47Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-c7rr-2h93-7gjf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586386?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1"}],"aliases":["CVE-2025-66399"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4e5y-1s19-r7g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51602?format=json","vulnerability_id":"VCID-pxqa-nkv3-jqfs","summary":"Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30534","reference_id":"","reference_type":"","scores":[{"value":"0.48534","scoring_system":"epss","scoring_elements":"0.97733","published_at":"2026-04-02T12:55:00Z"},{"value":"0.48534","scoring_system":"epss","scoring_elements":"0.97735","published_at":"2026-04-07T12:55:00Z"},{"value":"0.48534","scoring_system":"epss","scoring_elements":"0.9774","published_at":"2026-04-08T12:55:00Z"},{"value":"0.48534","scoring_system":"epss","scoring_elements":"0.97744","published_at":"2026-04-09T12:55:00Z"},{"value":"0.48534","scoring_system":"epss","scoring_elements":"0.97746","published_at":"2026-04-11T12:55:00Z"},{"value":"0.48534","scoring_system":"epss","scoring_elements":"0.97749","published_at":"2026-04-12T12:55:00Z"},{"value":"0.48534","scoring_system":"epss","scoring_elements":"0.9775","published_at":"2026-04-13T12:55:00Z"},{"value":"0.48534","scoring_system":"epss","scoring_elements":"0.97756","published_at":"2026-04-16T12:55:00Z"},{"value":"0.48534","scoring_system":"epss","scoring_elements":"0.97759","published_at":"2026-04-26T12:55:00Z"},{"value":"0.48534","scoring_system":"epss","scoring_elements":"0.97758","published_at":"2026-04-24T12:55:00Z"},{"value":"0.5495","scoring_system":"epss","scoring_elements":"0.98065","published_at":"2026-05-07T12:55:00Z"},{"value":"0.5495","scoring_system":"epss","scoring_elements":"0.98066","published_at":"2026-05-11T12:55:00Z"},{"value":"0.5495","scoring_system":"epss","scoring_elements":"0.98069","published_at":"2026-05-12T12:55:00Z"},{"value":"0.5495","scoring_system":"epss","scoring_elements":"0.98074","published_at":"2026-05-14T12:55:00Z"},{"value":"0.5495","scoring_system":"epss","scoring_elements":"0.9806","published_at":"2026-04-29T12:55:00Z"},{"value":"0.5495","scoring_system":"epss","scoring_elements":"0.98068","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30534"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/","reference_id":"CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/"},{"reference_url":"https://www.fastly.com/blog/cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25","reference_id":"cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/"}],"url":"https://www.fastly.com/blog/cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p","reference_id":"GHSA-77rf-774j-6h3p","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/","reference_id":"WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/","reference_id":"WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586386?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1"}],"aliases":["CVE-2023-30534"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pxqa-nkv3-jqfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95769?format=json","vulnerability_id":"VCID-xkkm-ss3p-1udc","summary":"SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46490","reference_id":"","reference_type":"","scores":[{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42908","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42842","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43071","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43098","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43037","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.4309","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43102","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43124","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43075","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43135","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43125","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.4306","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42994","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42915","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42778","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42855","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42873","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42813","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46490"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059286","reference_id":"1059286","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059286"},{"reference_url":"https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53","reference_id":"a95632111138fcd7ccf7432ccb145b53","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T14:48:55Z/"}],"url":"https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c","reference_id":"GHSA-f4r3-53jr-654c","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T14:48:55Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586386?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1"}],"aliases":["CVE-2023-46490"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xkkm-ss3p-1udc"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96094?format=json","vulnerability_id":"VCID-3y7d-ujep-4ydm","summary":"Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34340","reference_id":"","reference_type":"","scores":[{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.70896","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.70843","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.70849","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.70815","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.70772","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.70813","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.7477","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74749","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74739","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74784","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74774","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.7481","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74817","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.7482","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74776","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74699","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74726","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.747","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74732","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74747","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34340"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m","reference_id":"GHSA-37x7-mfjv-mm7m","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:13:47Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/","reference_id":"RBEOAFKRARQHTDIYSL723XAFJ2Q6624X","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:13:47Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"},{"reference_url":"https://usn.ubuntu.com/6969-1/","reference_id":"USN-6969-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6969-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2024-34340"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3y7d-ujep-4ydm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96069?format=json","vulnerability_id":"VCID-44fx-4w2y-y3dy","summary":"Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-31458","reference_id":"","reference_type":"","scores":[{"value":"0.06015","scoring_system":"epss","scoring_elements":"0.90802","published_at":"2026-05-14T12:55:00Z"},{"value":"0.06015","scoring_system":"epss","scoring_elements":"0.9077","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06015","scoring_system":"epss","scoring_elements":"0.90782","published_at":"2026-05-09T12:55:00Z"},{"value":"0.06015","scoring_system":"epss","scoring_elements":"0.9078","published_at":"2026-05-11T12:55:00Z"},{"value":"0.06015","scoring_system":"epss","scoring_elements":"0.9079","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06015","scoring_system":"epss","scoring_elements":"0.9067","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06015","scoring_system":"epss","scoring_elements":"0.9068","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06015","scoring_system":"epss","scoring_elements":"0.90689","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06015","scoring_system":"epss","scoring_elements":"0.907","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06015","scoring_system":"epss","scoring_elements":"0.90705","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06015","scoring_system":"epss","scoring_elements":"0.90714","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06015","scoring_system":"epss","scoring_elements":"0.90715","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06015","scoring_system":"epss","scoring_elements":"0.90711","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06015","scoring_system":"epss","scoring_elements":"0.9073","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06015","scoring_system":"epss","scoring_elements":"0.90728","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06015","scoring_system":"epss","scoring_elements":"0.90726","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06015","scoring_system":"epss","scoring_elements":"0.90739","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06015","scoring_system":"epss","scoring_elements":"0.9074","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06015","scoring_system":"epss","scoring_elements":"0.90734","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06015","scoring_system":"epss","scoring_elements":"0.90751","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-31458"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31458","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31458"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x","reference_id":"GHSA-jrxg-8wh8-943x","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:19:29Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/","reference_id":"RBEOAFKRARQHTDIYSL723XAFJ2Q6624X","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:19:29Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"},{"reference_url":"https://usn.ubuntu.com/6969-1/","reference_id":"USN-6969-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6969-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2024-31458"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44fx-4w2y-y3dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96527?format=json","vulnerability_id":"VCID-4twv-1yys-eban","summary":"Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22604","reference_id":"","reference_type":"","scores":[{"value":"0.70074","scoring_system":"epss","scoring_elements":"0.98685","published_at":"2026-04-29T12:55:00Z"},{"value":"0.70494","scoring_system":"epss","scoring_elements":"0.98711","published_at":"2026-05-12T12:55:00Z"},{"value":"0.70494","scoring_system":"epss","scoring_elements":"0.9871","published_at":"2026-05-11T12:55:00Z"},{"value":"0.70494","scoring_system":"epss","scoring_elements":"0.98708","published_at":"2026-05-09T12:55:00Z"},{"value":"0.70494","scoring_system":"epss","scoring_elements":"0.98713","published_at":"2026-05-14T12:55:00Z"},{"value":"0.70494","scoring_system":"epss","scoring_elements":"0.98706","published_at":"2026-05-05T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98742","published_at":"2026-04-02T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98758","published_at":"2026-04-21T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98762","published_at":"2026-04-24T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98763","published_at":"2026-04-26T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98757","published_at":"2026-04-18T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98746","published_at":"2026-04-04T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98749","published_at":"2026-04-07T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.9875","published_at":"2026-04-09T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98753","published_at":"2026-04-12T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98754","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574","reference_id":"1094574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574"},{"reference_url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_id":"c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/"}],"url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36","reference_id":"GHSA-c5j8-jxj3-hh36","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2025-22604"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4twv-1yys-eban"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96066?format=json","vulnerability_id":"VCID-6t6n-ws5n-wkay","summary":"Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-31443","reference_id":"","reference_type":"","scores":[{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65879","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65767","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.6574","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65789","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65833","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65804","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65823","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65672","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65702","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65667","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65719","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65731","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65752","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65737","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65708","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65743","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65757","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65756","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-31443"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31443","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31443"},{"reference_url":"https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf","reference_id":"f946fa537d19678f938ddbd784a10e3290d275cf","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/"}],"url":"https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3","reference_id":"GHSA-rqc8-78cm-85j3","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/","reference_id":"RBEOAFKRARQHTDIYSL723XAFJ2Q6624X","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"},{"reference_url":"https://usn.ubuntu.com/6969-1/","reference_id":"USN-6969-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6969-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2024-31443"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6t6n-ws5n-wkay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96207?format=json","vulnerability_id":"VCID-6ze5-dqdn-ykg3","summary":"Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45598","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19758","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1981","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19532","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19611","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19664","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19668","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24993","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24939","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24951","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24944","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24917","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.2486","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24848","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24804","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25104","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25168","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25228","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25155","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25174","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25252","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574","reference_id":"1094574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2024-45598"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ze5-dqdn-ykg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96561?format=json","vulnerability_id":"VCID-7m68-seeq-tuae","summary":"Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24368","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.2139","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21335","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29193","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29093","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29153","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29168","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29092","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29112","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.2964","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29678","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.2968","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29636","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29586","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29605","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29579","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29534","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29418","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29304","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29239","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34947","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24368"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574","reference_id":"1094574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574"},{"reference_url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_id":"c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/"}],"url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c","reference_id":"GHSA-f9c7-7rc3-574c","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2025-24368"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7m68-seeq-tuae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96001?format=json","vulnerability_id":"VCID-85gc-u991-z3dw","summary":"Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the \"Package Import\" feature, allows authenticated users having the \"Import Templates\" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25641","reference_id":"","reference_type":"","scores":[{"value":"0.88135","scoring_system":"epss","scoring_elements":"0.99491","published_at":"2026-05-05T12:55:00Z"},{"value":"0.88135","scoring_system":"epss","scoring_elements":"0.99496","published_at":"2026-05-14T12:55:00Z"},{"value":"0.88135","scoring_system":"epss","scoring_elements":"0.99495","published_at":"2026-05-12T12:55:00Z"},{"value":"0.88135","scoring_system":"epss","scoring_elements":"0.99494","published_at":"2026-05-11T12:55:00Z"},{"value":"0.88135","scoring_system":"epss","scoring_elements":"0.99493","published_at":"2026-05-09T12:55:00Z"},{"value":"0.88135","scoring_system":"epss","scoring_elements":"0.99492","published_at":"2026-05-07T12:55:00Z"},{"value":"0.88383","scoring_system":"epss","scoring_elements":"0.99497","published_at":"2026-04-09T12:55:00Z"},{"value":"0.88383","scoring_system":"epss","scoring_elements":"0.99491","published_at":"2026-04-02T12:55:00Z"},{"value":"0.88383","scoring_system":"epss","scoring_elements":"0.99493","published_at":"2026-04-04T12:55:00Z"},{"value":"0.88383","scoring_system":"epss","scoring_elements":"0.99495","published_at":"2026-04-07T12:55:00Z"},{"value":"0.88383","scoring_system":"epss","scoring_elements":"0.99496","published_at":"2026-04-08T12:55:00Z"},{"value":"0.88383","scoring_system":"epss","scoring_elements":"0.99498","published_at":"2026-04-13T12:55:00Z"},{"value":"0.88383","scoring_system":"epss","scoring_elements":"0.99501","published_at":"2026-04-16T12:55:00Z"},{"value":"0.88383","scoring_system":"epss","scoring_elements":"0.99502","published_at":"2026-04-18T12:55:00Z"},{"value":"0.88383","scoring_system":"epss","scoring_elements":"0.99503","published_at":"2026-04-24T12:55:00Z"},{"value":"0.88501","scoring_system":"epss","scoring_elements":"0.99506","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25641"},{"reference_url":"http://seclists.org/fulldisclosure/2024/May/6","reference_id":"6","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/"}],"url":"http://seclists.org/fulldisclosure/2024/May/6"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52225.txt","reference_id":"CVE-2024-25641","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52225.txt"},{"reference_url":"https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210","reference_id":"eff35b0ff26cc27c82d7880469ed6d5e3bef6210","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/"}],"url":"https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88","reference_id":"GHSA-7cmj-g5qc-pj88","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/","reference_id":"RBEOAFKRARQHTDIYSL723XAFJ2Q6624X","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"},{"reference_url":"https://usn.ubuntu.com/6969-1/","reference_id":"USN-6969-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6969-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2024-25641"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-85gc-u991-z3dw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96189?format=json","vulnerability_id":"VCID-be57-gxmc-vqd4","summary":"Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43362","reference_id":"","reference_type":"","scores":[{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90214","published_at":"2026-04-24T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.9021","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90213","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90156","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90162","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90177","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90183","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90192","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90191","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90185","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90203","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90204","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.902","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05594","scoring_system":"epss","scoring_elements":"0.90394","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05594","scoring_system":"epss","scoring_elements":"0.90375","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05594","scoring_system":"epss","scoring_elements":"0.90372","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05594","scoring_system":"epss","scoring_elements":"0.90381","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05594","scoring_system":"epss","scoring_elements":"0.90347","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05594","scoring_system":"epss","scoring_elements":"0.90364","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07763","scoring_system":"epss","scoring_elements":"0.91918","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c","reference_id":"GHSA-wh9c-v56x-v77c","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:07:47Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2024-43362"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-be57-gxmc-vqd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95328?format=json","vulnerability_id":"VCID-cqr3-wwhj-tyck","summary":"In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-48538","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.2096","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.2087","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21177","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21232","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20945","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21026","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21085","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21103","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21059","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21007","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20997","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20996","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20976","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20847","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20843","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20811","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20714","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20788","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20875","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20849","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-48538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48538"},{"reference_url":"https://github.com/Cacti/cacti/issues/5189","reference_id":"5189","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:17:25Z/"}],"url":"https://github.com/Cacti/cacti/issues/5189"},{"reference_url":"https://docs.cacti.net/Settings-Auth-LDAP.md","reference_id":"Settings-Auth-LDAP.md","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:17:25Z/"}],"url":"https://docs.cacti.net/Settings-Auth-LDAP.md"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2022-48538"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cqr3-wwhj-tyck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96068?format=json","vulnerability_id":"VCID-fhtp-y9a5-vqgj","summary":"Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-31445","reference_id":"","reference_type":"","scores":[{"value":"0.39471","scoring_system":"epss","scoring_elements":"0.97344","published_at":"2026-05-14T12:55:00Z"},{"value":"0.39471","scoring_system":"epss","scoring_elements":"0.97306","published_at":"2026-04-16T12:55:00Z"},{"value":"0.39471","scoring_system":"epss","scoring_elements":"0.97308","published_at":"2026-04-18T12:55:00Z"},{"value":"0.39471","scoring_system":"epss","scoring_elements":"0.9731","published_at":"2026-04-24T12:55:00Z"},{"value":"0.39471","scoring_system":"epss","scoring_elements":"0.97311","published_at":"2026-04-26T12:55:00Z"},{"value":"0.39471","scoring_system":"epss","scoring_elements":"0.97313","published_at":"2026-04-29T12:55:00Z"},{"value":"0.39471","scoring_system":"epss","scoring_elements":"0.97317","published_at":"2026-05-05T12:55:00Z"},{"value":"0.39471","scoring_system":"epss","scoring_elements":"0.97322","published_at":"2026-05-07T12:55:00Z"},{"value":"0.39471","scoring_system":"epss","scoring_elements":"0.97325","published_at":"2026-05-09T12:55:00Z"},{"value":"0.39471","scoring_system":"epss","scoring_elements":"0.97331","published_at":"2026-05-11T12:55:00Z"},{"value":"0.39471","scoring_system":"epss","scoring_elements":"0.97336","published_at":"2026-05-12T12:55:00Z"},{"value":"0.39471","scoring_system":"epss","scoring_elements":"0.9728","published_at":"2026-04-02T12:55:00Z"},{"value":"0.39471","scoring_system":"epss","scoring_elements":"0.97285","published_at":"2026-04-04T12:55:00Z"},{"value":"0.39471","scoring_system":"epss","scoring_elements":"0.97286","published_at":"2026-04-07T12:55:00Z"},{"value":"0.39471","scoring_system":"epss","scoring_elements":"0.97293","published_at":"2026-04-09T12:55:00Z"},{"value":"0.39471","scoring_system":"epss","scoring_elements":"0.97296","published_at":"2026-04-11T12:55:00Z"},{"value":"0.39471","scoring_system":"epss","scoring_elements":"0.97297","published_at":"2026-04-12T12:55:00Z"},{"value":"0.39471","scoring_system":"epss","scoring_elements":"0.97298","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-31445"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31445","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31445"},{"reference_url":"https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717","reference_id":"api_automation.php#L717","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/"}],"url":"https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717"},{"reference_url":"https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856","reference_id":"api_automation.php#L856","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/"}],"url":"https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856"},{"reference_url":"https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886","reference_id":"fd93c6e47651958b77c3bbe6a01fff695f81e886","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/"}],"url":"https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc","reference_id":"GHSA-vjph-r677-6pcc","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/","reference_id":"RBEOAFKRARQHTDIYSL723XAFJ2Q6624X","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"},{"reference_url":"https://usn.ubuntu.com/6969-1/","reference_id":"USN-6969-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6969-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2024-31445"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fhtp-y9a5-vqgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96190?format=json","vulnerability_id":"VCID-hj89-pnag-3fer","summary":"Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43363","reference_id":"","reference_type":"","scores":[{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98901","published_at":"2026-05-14T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98897","published_at":"2026-05-11T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98899","published_at":"2026-05-12T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98868","published_at":"2026-04-02T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98869","published_at":"2026-04-04T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98872","published_at":"2026-04-09T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98873","published_at":"2026-04-08T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98875","published_at":"2026-04-11T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98876","published_at":"2026-04-13T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98878","published_at":"2026-04-16T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98879","published_at":"2026-04-18T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98883","published_at":"2026-04-21T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98888","published_at":"2026-04-24T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98887","published_at":"2026-04-26T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98889","published_at":"2026-04-29T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98892","published_at":"2026-05-05T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98893","published_at":"2026-05-07T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98895","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43363"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4","reference_id":"GHSA-gxq4-mv8h-6qj4","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-08T14:21:20Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2024-43363"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hj89-pnag-3fer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96070?format=json","vulnerability_id":"VCID-jkca-shmj-mbbu","summary":"Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-31459","reference_id":"","reference_type":"","scores":[{"value":"0.01844","scoring_system":"epss","scoring_elements":"0.83162","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01844","scoring_system":"epss","scoring_elements":"0.8301","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01844","scoring_system":"epss","scoring_elements":"0.83034","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01844","scoring_system":"epss","scoring_elements":"0.83042","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01844","scoring_system":"epss","scoring_elements":"0.83048","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01844","scoring_system":"epss","scoring_elements":"0.83071","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01844","scoring_system":"epss","scoring_elements":"0.83091","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01844","scoring_system":"epss","scoring_elements":"0.83112","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01844","scoring_system":"epss","scoring_elements":"0.83127","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01844","scoring_system":"epss","scoring_elements":"0.82921","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01844","scoring_system":"epss","scoring_elements":"0.82933","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01844","scoring_system":"epss","scoring_elements":"0.8293","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01844","scoring_system":"epss","scoring_elements":"0.82955","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01844","scoring_system":"epss","scoring_elements":"0.82962","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01844","scoring_system":"epss","scoring_elements":"0.82977","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01844","scoring_system":"epss","scoring_elements":"0.82972","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01844","scoring_system":"epss","scoring_elements":"0.82968","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01844","scoring_system":"epss","scoring_elements":"0.83007","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01844","scoring_system":"epss","scoring_elements":"0.83006","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-31459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31459"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv","reference_id":"GHSA-cx8g-hvq8-p2rv","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r","reference_id":"GHSA-gj3f-p326-gh8r","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp","reference_id":"GHSA-pfh9-gwm6-86vp","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/","reference_id":"RBEOAFKRARQHTDIYSL723XAFJ2Q6624X","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"},{"reference_url":"https://usn.ubuntu.com/6969-1/","reference_id":"USN-6969-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6969-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2024-31459"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jkca-shmj-mbbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96071?format=json","vulnerability_id":"VCID-k7kv-za2s-dud5","summary":"Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()`  function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-31460","reference_id":"","reference_type":"","scores":[{"value":"0.01692","scoring_system":"epss","scoring_elements":"0.82436","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01692","scoring_system":"epss","scoring_elements":"0.82322","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01692","scoring_system":"epss","scoring_elements":"0.8234","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01692","scoring_system":"epss","scoring_elements":"0.82362","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01692","scoring_system":"epss","scoring_elements":"0.82383","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01692","scoring_system":"epss","scoring_elements":"0.8238","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01692","scoring_system":"epss","scoring_elements":"0.82396","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01692","scoring_system":"epss","scoring_elements":"0.82191","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01692","scoring_system":"epss","scoring_elements":"0.82211","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01692","scoring_system":"epss","scoring_elements":"0.82207","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01692","scoring_system":"epss","scoring_elements":"0.82234","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01692","scoring_system":"epss","scoring_elements":"0.82241","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01692","scoring_system":"epss","scoring_elements":"0.8226","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01692","scoring_system":"epss","scoring_elements":"0.82253","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01692","scoring_system":"epss","scoring_elements":"0.82247","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01692","scoring_system":"epss","scoring_elements":"0.82284","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01692","scoring_system":"epss","scoring_elements":"0.82285","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01692","scoring_system":"epss","scoring_elements":"0.82306","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01692","scoring_system":"epss","scoring_elements":"0.82317","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-31460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31460"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv","reference_id":"GHSA-cx8g-hvq8-p2rv","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r","reference_id":"GHSA-gj3f-p326-gh8r","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/","reference_id":"RBEOAFKRARQHTDIYSL723XAFJ2Q6624X","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"},{"reference_url":"https://usn.ubuntu.com/6969-1/","reference_id":"USN-6969-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6969-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2024-31460"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k7kv-za2s-dud5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96560?format=json","vulnerability_id":"VCID-khhn-9sja-sfgr","summary":"Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24367","reference_id":"","reference_type":"","scores":[{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99621","published_at":"2026-05-14T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99617","published_at":"2026-05-09T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99618","published_at":"2026-05-11T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99619","published_at":"2026-05-12T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99606","published_at":"2026-04-04T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99608","published_at":"2026-04-11T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99609","published_at":"2026-04-13T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.9961","published_at":"2026-04-18T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99611","published_at":"2026-04-21T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99612","published_at":"2026-04-24T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99613","published_at":"2026-04-26T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99614","published_at":"2026-04-29T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99616","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24367"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574","reference_id":"1094574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574"},{"reference_url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_id":"c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/"}],"url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq","reference_id":"GHSA-fxrq-fr7h-9rqq","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2025-24367"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"7.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-khhn-9sja-sfgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11742?format=json","vulnerability_id":"VCID-mebp-4rfu-vqcq","summary":"DOMpurify has a nesting-based mXSS\nDOMpurify was vulnerable to nesting-based mXSS \n\nfixed by [0ef5e537](https://github.com/cure53/DOMPurify/tree/0ef5e537a514f904b6aa1d7ad9e749e365d7185f) (2.x) and\n[merge 943](https://github.com/cure53/DOMPurify/pull/943)\n\nBackporter should be aware of GHSA-mmhx-hmjr-r674 (CVE-2024-45801) when cherry-picking\n\nPOC is avaible under [test](https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47875.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47875.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47875","reference_id":"","reference_type":"","scores":[{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.72019","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.72061","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.72026","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.71978","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.71993","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.7201","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.71986","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.71974","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.71935","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.71959","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00699","scoring_system":"epss","scoring_elements":"0.71939","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72625","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72534","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72529","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72486","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.7257","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72544","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72581","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72555","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72525","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47875"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875"},{"reference_url":"http://seclists.org/fulldisclosure/2025/Apr/14","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"7.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2025/Apr/14"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/cure53/DOMPurify","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"7.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cure53/DOMPurify"},{"reference_url":"https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"7.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/"}],"url":"https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"},{"reference_url":"https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"7.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/"}],"url":"https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f"},{"reference_url":"https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"7.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/"}],"url":"https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a"},{"reference_url":"https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/"}],"url":"https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"7.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47875","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"7.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47875"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983","reference_id":"1084983","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318052","reference_id":"2318052","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318052"},{"reference_url":"https://github.com/advisories/GHSA-gx9m-whjm-85jf","reference_id":"GHSA-gx9m-whjm-85jf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gx9m-whjm-85jf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10236","reference_id":"RHSA-2024:10236","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10236"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10988","reference_id":"RHSA-2024:10988","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10988"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8683","reference_id":"RHSA-2024:8683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8981","reference_id":"RHSA-2024:8981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9473","reference_id":"RHSA-2024:9473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9629","reference_id":"RHSA-2024:9629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0329","reference_id":"RHSA-2025:0329","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0329"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2024-47875","GHSA-gx9m-whjm-85jf"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mebp-4rfu-vqcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95271?format=json","vulnerability_id":"VCID-qnz1-w7bb-97ee","summary":"Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41444","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51917","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51812","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51838","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51799","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51854","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51851","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51903","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51885","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.5187","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51912","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51919","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51899","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51846","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51852","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51808","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51756","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51849","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51837","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41444"},{"reference_url":"https://gist.github.com/enferas/9079535112e4f4ff2c1d2ce1c099d4c2","reference_id":"9079535112e4f4ff2c1d2ce1c099d4c2","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:41:35Z/"}],"url":"https://gist.github.com/enferas/9079535112e4f4ff2c1d2ce1c099d4c2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2022-41444"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qnz1-w7bb-97ee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96191?format=json","vulnerability_id":"VCID-s8du-gzj2-gkc1","summary":"Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43364","reference_id":"","reference_type":"","scores":[{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.9003","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90047","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90048","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89988","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89993","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90009","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90014","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90024","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90022","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90016","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90032","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90033","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90249","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90231","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90226","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90235","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90205","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.9022","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07542","scoring_system":"epss","scoring_elements":"0.91788","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43364"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5","reference_id":"GHSA-fgc6-g8gc-wcg5","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:27Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2024-43364"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s8du-gzj2-gkc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96284?format=json","vulnerability_id":"VCID-sx2t-uzae-2fh9","summary":"Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54145","reference_id":"","reference_type":"","scores":[{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.2464","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24415","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24603","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39346","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39616","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39631","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3964","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39604","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39587","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39638","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39525","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39609","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39248","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3933","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39865","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39835","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39853","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.3977","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39795","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39769","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574","reference_id":"1094574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574"},{"reference_url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_id":"c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/"}],"url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp","reference_id":"GHSA-fh3x-69rr-qqpp","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2024-54145"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sx2t-uzae-2fh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11772?format=json","vulnerability_id":"VCID-vbs9-gben-9kgc","summary":"DOMPurify vulnerable to tampering by prototype polution\ndompurify was vulnerable to prototype pollution\n\nFixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48910.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48910.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48910","reference_id":"","reference_type":"","scores":[{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85613","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85649","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85647","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85636","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85547","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85615","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85553","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85573","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85583","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85597","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85594","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.8559","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02592","scoring_system":"epss","scoring_elements":"0.85619","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02662","scoring_system":"epss","scoring_elements":"0.85857","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02662","scoring_system":"epss","scoring_elements":"0.85943","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02662","scoring_system":"epss","scoring_elements":"0.85897","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02662","scoring_system":"epss","scoring_elements":"0.8588","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02662","scoring_system":"epss","scoring_elements":"0.85908","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02662","scoring_system":"epss","scoring_elements":"0.85895","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02808","scoring_system":"epss","scoring_elements":"0.86074","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48910"},{"reference_url":"https://github.com/cure53/DOMPurify","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cure53/DOMPurify"},{"reference_url":"https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-31T15:52:58Z/"}],"url":"https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc"},{"reference_url":"https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-31T15:52:58Z/"}],"url":"https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48910","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48910"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2322949","reference_id":"2322949","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2322949"},{"reference_url":"https://github.com/advisories/GHSA-p3vf-v8qc-cwcr","reference_id":"GHSA-p3vf-v8qc-cwcr","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p3vf-v8qc-cwcr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10186","reference_id":"RHSA-2024:10186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9583","reference_id":"RHSA-2024:9583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0079","reference_id":"RHSA-2025:0079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0082","reference_id":"RHSA-2025:0082","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0082"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0654","reference_id":"RHSA-2025:0654","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0654"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0875","reference_id":"RHSA-2025:0875","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0875"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18233","reference_id":"RHSA-2025:18233","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18233"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19003","reference_id":"RHSA-2025:19003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19017","reference_id":"RHSA-2025:19017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19047","reference_id":"RHSA-2025:19047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19306","reference_id":"RHSA-2025:19306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19314","reference_id":"RHSA-2025:19314","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19314"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19895","reference_id":"RHSA-2025:19895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22284","reference_id":"RHSA-2025:22284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22284"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2024-48910","GHSA-p3vf-v8qc-cwcr"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vbs9-gben-9kgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96192?format=json","vulnerability_id":"VCID-xdbp-7rtr-fyb7","summary":"Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43365","reference_id":"","reference_type":"","scores":[{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90048","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90047","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89975","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89988","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89993","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90009","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90014","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90024","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90022","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90016","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90032","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90033","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.9003","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90249","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90226","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90235","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90205","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.9022","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90231","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43365"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr","reference_id":"GHSA-49f2-hwx9-qffr","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:21Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2024-43365"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xdbp-7rtr-fyb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96067?format=json","vulnerability_id":"VCID-y683-kz6e-afhv","summary":"Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-31444","reference_id":"","reference_type":"","scores":[{"value":"0.09401","scoring_system":"epss","scoring_elements":"0.92875","published_at":"2026-05-14T12:55:00Z"},{"value":"0.09401","scoring_system":"epss","scoring_elements":"0.92828","published_at":"2026-05-07T12:55:00Z"},{"value":"0.09401","scoring_system":"epss","scoring_elements":"0.9284","published_at":"2026-05-09T12:55:00Z"},{"value":"0.09401","scoring_system":"epss","scoring_elements":"0.92844","published_at":"2026-05-11T12:55:00Z"},{"value":"0.09401","scoring_system":"epss","scoring_elements":"0.92851","published_at":"2026-05-12T12:55:00Z"},{"value":"0.09401","scoring_system":"epss","scoring_elements":"0.92767","published_at":"2026-04-02T12:55:00Z"},{"value":"0.09401","scoring_system":"epss","scoring_elements":"0.92772","published_at":"2026-04-04T12:55:00Z"},{"value":"0.09401","scoring_system":"epss","scoring_elements":"0.92769","published_at":"2026-04-07T12:55:00Z"},{"value":"0.09401","scoring_system":"epss","scoring_elements":"0.92778","published_at":"2026-04-08T12:55:00Z"},{"value":"0.09401","scoring_system":"epss","scoring_elements":"0.92783","published_at":"2026-04-09T12:55:00Z"},{"value":"0.09401","scoring_system":"epss","scoring_elements":"0.92788","published_at":"2026-04-11T12:55:00Z"},{"value":"0.09401","scoring_system":"epss","scoring_elements":"0.92787","published_at":"2026-04-13T12:55:00Z"},{"value":"0.09401","scoring_system":"epss","scoring_elements":"0.92798","published_at":"2026-04-18T12:55:00Z"},{"value":"0.09401","scoring_system":"epss","scoring_elements":"0.92802","published_at":"2026-04-21T12:55:00Z"},{"value":"0.09401","scoring_system":"epss","scoring_elements":"0.92809","published_at":"2026-04-26T12:55:00Z"},{"value":"0.09401","scoring_system":"epss","scoring_elements":"0.92805","published_at":"2026-04-29T12:55:00Z"},{"value":"0.09401","scoring_system":"epss","scoring_elements":"0.92815","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-31444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31444"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87","reference_id":"GHSA-p4ch-7hjw-6m87","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:22:10Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/","reference_id":"RBEOAFKRARQHTDIYSL723XAFJ2Q6624X","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:22:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"},{"reference_url":"https://usn.ubuntu.com/6969-1/","reference_id":"USN-6969-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6969-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2024-31444"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y683-kz6e-afhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96697?format=json","vulnerability_id":"VCID-zxu5-equ9-1kam","summary":"A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper sanitization. As a result, attackers can inject arbitrary HTML elements (e.g., <h1>, <b>, <svg>) into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-45160","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01733","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01724","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02788","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02723","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0276","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02762","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02761","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02617","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02621","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02641","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0262","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02606","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02589","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02597","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02706","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02697","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02685","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02737","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02707","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-45160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-45160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-45160"},{"reference_url":"https://gist.github.com/BEND0US/49d76897a5bb676d8c3f51425553cc32","reference_id":"49d76897a5bb676d8c3f51425553cc32","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T17:51:08Z/"}],"url":"https://gist.github.com/BEND0US/49d76897a5bb676d8c3f51425553cc32"},{"reference_url":"https://github.com/Cacti/cacti","reference_id":"cacti","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T17:51:08Z/"}],"url":"https://github.com/Cacti/cacti"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586385?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}],"aliases":["CVE-2025-45160"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxu5-equ9-1kam"}],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5"}