Lucene search
K

30 matches found

NVD
NVD
added 2026/06/25 11:17 p.m.10 views

CVE-2026-40080

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring check rather than a host check at strcontains$referer, CACTIPATHURL. When the user's loginopts == '1' redirect to referer after login, the function use...

6.1CVSS0.00151EPSS
Exploits1References2
OSV
OSV
added 2026/06/25 11:17 p.m.3 views

DEBIAN-CVE-2026-40083

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selecteditems by calling...

7.2CVSS5.9AI score0.00279EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 11:1 p.m.7 views

CVE-2026-40941

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31...

7.1CVSS5.7AI score0.00159EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/25 11:1 p.m.1 views

CVE-2026-40941 Cacti: Package Import Signature Validation Bypass Allows Self-Signed Packages

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31...

7.1CVSS6.5AI score0.00159EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/25 10:33 p.m.33 views

CVE-2026-40082 Cacti: Session Fixation via missing session_regenerate_id() after login

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing sessionregenerateid after login, leading to Session Fixation. sessionregenerateid is NOT called after successful login. The login flow at authlogin.php:203-207 directly sets $SESSIONSESSUSER...

5.4CVSS0.00183EPSS
Exploits1References3
OSV
OSV
added 2026/06/25 10:33 p.m.5 views

CVE-2026-40082 Cacti: Session Fixation via missing session_regenerate_id() after login

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing sessionregenerateid after login, leading to Session Fixation. sessionregenerateid is NOT called after successful login. The login flow at authlogin.php:203-207 directly sets $SESSIONSESSUSER...

5.4CVSS6.1AI score0.00183EPSS
Exploits1References5
OSV
OSV
added 2026/06/25 12:17 a.m.5 views

UBUNTU-CVE-2026-39951

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...

8.8CVSS5.8AI score0.00221EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.22 views

PT-2026-52625

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. The software is subject to Session Fixation because the session regenerate id function is not called after a successful login. In th...

5.4CVSS5.8AI score0.00183EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.14 views

PT-2026-52624

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description An open redirect issue exists due to the use of a substring check instead of a host check within the str contains$referer, CACTI PATH URL logic. When the login opts variable is set to '1', the auth...

6.1CVSS5.6AI score0.00151EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/06/24 10:41 p.m.6 views

CVE-2026-39938

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

9.8CVSS5.7AI score0.00436EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/06/24 10:41 p.m.31 views

CVE-2026-39938 Cacti: Unauthenticated RCE on Graph Image

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

9.8CVSS0.00436EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.21 views

PT-2026-52136

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. The software contains an unauthenticated Local File Inclusion LFI, which occurs through the graph theme parameter and rrdtool IPC...

9.8CVSS5.8AI score0.00436EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52130

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti contains a Reflected XSS Cross-Site Scripting issue, where an attacker can execute malicious scripts in the victim's browser via the html auth footer function. Recommendations Update to version...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-43089

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00628EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-3682

Malicious code in bioql PyPI...

7.5CVSS8.9AI score0.00492EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-40252

Malicious code in bioql PyPI...

8.2CVSS9.3AI score0.34191EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2023-43086

Malicious code in bioql PyPI...

6.1CVSS5.8AI score0.00767EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2023-43090

Malicious code in bioql PyPI...

6.3CVSS7.8AI score0.00857EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-53102

Malicious code in bioql PyPI...

6.1CVSS7.2AI score0.01268EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-24368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Some of the data stored in automationtreerules.php is not thoroughly checked and is used to...

7.5CVSS8.2AI score0.00492EPSS
Exploits1References2
Rows per page
Query Builder