Cacti - Cross-Site Scripting

Cacti contains a cross-site scripting vulnerability via "http:///authchangepassword.php?ref=alert1" which can successfully execute the JavaScript payload present in the "ref" URL parameter. id: CVE-2021-26247 info: name: Cacti - Cross-Site Scripting author: dhiyaneshDK severity: medium descriptio...

Cacti cmd_realtime.php - Command Injection

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when registerargcargv option of PHP is On. In cmdrealtime.php line 119, the $pollerid used ...

Cacti < 1.2.25 Insecure Deserialization

Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. id: CVE-2023-30534 info: name: Cacti 1.2.25 Insecure Deserialization author: k0pak4 severity: medium description: | Cacti is an open source...

Cacti v1.2.8 - Remote Code Execution

Cacti v1.2.8 is susceptible to remote code execution. This vulnerability could be exploited without authentication if "Guest Realtime Graphs" privileges are enabled. id: CVE-2020-8813 info: name: Cacti v1.2.8 - Remote Code Execution author: gy741 severity: high description: Cacti v1.2.8 is...

OPENSUSE-SU-2026:10920-1 cacti-1.2.30+git457.e55c2aea-1.1 on GA media

These are all security issues fixed in the cacti-1.2.30+git457.e55c2aea-1.1 package on the GA media of openSUSE Tumbleweed...

Cacti 1.2.24 - SQL Injection

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

Cacti <=1.2.22 - Remote Command Injection

Cacti through 1.2.22 is susceptible to remote command injection. There is insufficient authorization within the remote agent when handling HTTP requests with a custom Forwarded-For HTTP header. An attacker can send a specially crafted HTTP request to the affected instance and execute arbitrary OS...

SUSE CVE-2023-30534

Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti's vendor directory phpseclib, the necessary gadgets are not included, making them inaccessible an...

SUSE CVE-2023-51448

Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerability within the SNMP Notification Receivers feature in the file 'managers.php'. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTT...

SUSE CVE-2024-43365

Cacti is an open source performance and fault management framework. Theconsolenewsection parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in index.php, finally leading t...

Security update for cacti (important)

openSUSE Security Update: Security update for cacti Announcement ID: openSUSE-SU-2026:0169-1 Rating: important References: Affected Products: openSUSE Backports SLE-15-SP7 An update that contains security fixes can now be installed. Description: This update for cacti fixes the following issues: -...

Exploit for Improper Neutralization of Line Delimiters in Cacti

CVE-2025-24367-WebShell Exploit He creado este pequeño script...

Exploit for Improper Neutralization of Line Delimiters in Cacti

CVE-2025-24367-WebShell Exploit CVE-2025-24367 - De Cacti, un...

Security update for cacti, cacti-spine (critical)

openSUSE Security Update: Security update for cacti, cacti-spine Announcement ID: openSUSE-SU-2026:0148-1 Rating: critical References: 1231027 1231369 1231370 1231371 1231372 1236482 1236486 1236487 1236488 1236489 1236490 Cross-References: CVE-2024-43362 CVE-2024-43363 CVE-2024-43364...

cacti-1.2.30+git306.82d5aef5-1.1 on GA media (moderate)

cacti-1.2.30+git306.82d5aef5-1.1 on GA media Announcement ID: openSUSE-SU-2026:10599-1 Rating: moderate Cross-References: CVE-2026-0540 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

OPENSUSE-SU-2026:10599-1 cacti-1.2.30+git306.82d5aef5-1.1 on GA media

These are all security issues fixed in the cacti-1.2.30+git306.82d5aef5-1.1 package on the GA media of openSUSE Tumbleweed...

cacti-1.2.30+git231.bca15e70c-1.1 on GA media (moderate)

cacti-1.2.30+git231.bca15e70c-1.1 on GA media Announcement ID: openSUSE-SU-2026:10241-1 Rating: moderate Cross-References: CVE-2026-1513 CVE-2026-22802 Affected Products: openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. Description: These are all security issues...

OPENSUSE-SU-2026:10241-1 cacti-1.2.30+git231.bca15e70c-1.1 on GA media

These are all security issues fixed in the cacti-1.2.30+git231.bca15e70c-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-27071

Exploit the UnExploitable ... CVE-2026-22802 Cacti Authentication bypass. Affected versions = 1.2.31 you can find the writeup in my blog post: https://t.co/th88qOl8At security cybersecurity OSCP exploitdevelopment ZeroDay https://t.co/ezOsLsMViU...

SUSE CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...