{"url":"http://public2.vulnerablecode.io/api/packages/586386?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1","type":"deb","namespace":"debian","name":"cacti","version":"1.2.30+ds1-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96902?format=json","vulnerability_id":"VCID-4e5y-1s19-r7g7","summary":"Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are accepted, stored verbatim in the database, and later embedded into backend SNMP operations. In environments where downstream SNMP tooling or wrappers interpret newline-separated tokens as command boundaries, this can lead to unintended command execution with the privileges of the Cacti process. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66399","reference_id":"","reference_type":"","scores":[{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54907","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55052","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54992","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54966","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55007","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54949","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57639","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63923","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63909","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63876","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63912","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63921","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63927","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63939","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63937","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.6391","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63893","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63842","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63885","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66399"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-c7rr-2h93-7gjf","reference_id":"GHSA-c7rr-2h93-7gjf","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-02T18:25:47Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-c7rr-2h93-7gjf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586386?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1"}],"aliases":["CVE-2025-66399"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4e5y-1s19-r7g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51602?format=json","vulnerability_id":"VCID-pxqa-nkv3-jqfs","summary":"Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30534","reference_id":"","reference_type":"","scores":[{"value":"0.48534","scoring_system":"epss","scoring_elements":"0.97733","published_at":"2026-04-02T12:55:00Z"},{"value":"0.48534","scoring_system":"epss","scoring_elements":"0.97735","published_at":"2026-04-07T12:55:00Z"},{"value":"0.48534","scoring_system":"epss","scoring_elements":"0.9774","published_at":"2026-04-08T12:55:00Z"},{"value":"0.48534","scoring_system":"epss","scoring_elements":"0.97744","published_at":"2026-04-09T12:55:00Z"},{"value":"0.48534","scoring_system":"epss","scoring_elements":"0.97746","published_at":"2026-04-11T12:55:00Z"},{"value":"0.48534","scoring_system":"epss","scoring_elements":"0.97749","published_at":"2026-04-12T12:55:00Z"},{"value":"0.48534","scoring_system":"epss","scoring_elements":"0.9775","published_at":"2026-04-13T12:55:00Z"},{"value":"0.48534","scoring_system":"epss","scoring_elements":"0.97756","published_at":"2026-04-16T12:55:00Z"},{"value":"0.48534","scoring_system":"epss","scoring_elements":"0.97759","published_at":"2026-04-26T12:55:00Z"},{"value":"0.48534","scoring_system":"epss","scoring_elements":"0.97758","published_at":"2026-04-24T12:55:00Z"},{"value":"0.5495","scoring_system":"epss","scoring_elements":"0.98065","published_at":"2026-05-07T12:55:00Z"},{"value":"0.5495","scoring_system":"epss","scoring_elements":"0.98066","published_at":"2026-05-11T12:55:00Z"},{"value":"0.5495","scoring_system":"epss","scoring_elements":"0.98069","published_at":"2026-05-12T12:55:00Z"},{"value":"0.5495","scoring_system":"epss","scoring_elements":"0.98074","published_at":"2026-05-14T12:55:00Z"},{"value":"0.5495","scoring_system":"epss","scoring_elements":"0.9806","published_at":"2026-04-29T12:55:00Z"},{"value":"0.5495","scoring_system":"epss","scoring_elements":"0.98068","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30534"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/","reference_id":"CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/"},{"reference_url":"https://www.fastly.com/blog/cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25","reference_id":"cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/"}],"url":"https://www.fastly.com/blog/cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p","reference_id":"GHSA-77rf-774j-6h3p","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p"},{"reference_url":"https://security.gentoo.org/glsa/202412-02","reference_id":"GLSA-202412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-02"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/","reference_id":"WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/","reference_id":"WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586386?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1"}],"aliases":["CVE-2023-30534"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pxqa-nkv3-jqfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95769?format=json","vulnerability_id":"VCID-xkkm-ss3p-1udc","summary":"SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46490","reference_id":"","reference_type":"","scores":[{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42908","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42842","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43071","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43098","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43037","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.4309","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43102","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43124","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43075","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43135","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43125","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.4306","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42994","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42915","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42778","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42855","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42873","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42813","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46490"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059286","reference_id":"1059286","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059286"},{"reference_url":"https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53","reference_id":"a95632111138fcd7ccf7432ccb145b53","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T14:48:55Z/"}],"url":"https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c","reference_id":"GHSA-f4r3-53jr-654c","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T14:48:55Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586386?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1"}],"aliases":["CVE-2023-46490"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xkkm-ss3p-1udc"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1"}