Lucene search
+L

316 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.36 views

Linux Distros Unpatched Vulnerability : CVE-2026-40083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in...

7.2CVSS7AI score0.00279EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-39955

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre- authentication SQL Injection via unanchored...

9.8CVSS6.2AI score0.00315EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-39938

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC...

9.8CVSS6.1AI score0.00436EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-39948

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accesso...

9.8CVSS6.2AI score0.00456EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-40082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing sessionregenerateid after login, leading to Session...

5.4CVSS6.2AI score0.00183EPSS
Exploits1References3
OSV
OSV
added 2026/06/25 11:17 p.m.4 views

DEBIAN-CVE-2026-40080

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring check rather than a host check at strcontains$referer, CACTIPATHURL. When the user's loginopts == '1' redirect to referer after login, the function use...

6.1CVSS5.7AI score0.00151EPSS
Exploits1References1
OSV
OSV
added 2026/06/25 10:29 p.m.4 views

CVE-2026-40080 Cacti: Open Redirect via HTTP_REFERER substring check in auth_login_redirect

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring check rather than a host check at strcontains$referer, CACTIPATHURL. When the user's loginopts == '1' redirect to referer after login, the function use...

6.1CVSS6.4AI score0.00151EPSS
Exploits1References4
Circl
Circl
added 2026/06/25 1:45 p.m.9 views

CVE-2026-40079

creationtimestamp| type| source ---|---|--- 2026-06-25 13:45:13+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-su-cacti-1 2026-07-13 06:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mqj3ctzfni2s...

9.8CVSS6.1AI score0.01113EPSS
Exploits0References2
Circl
Circl
added 2026/06/25 1:45 p.m.7 views

CVE-2026-39948

creationtimestamp| type| source ---|---|--- 2026-06-25 13:45:08+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-su-cacti-1 2026-06-27 18:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpc43lpvlg2h...

9.8CVSS5.7AI score0.00456EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 12:17 a.m.6 views

DEBIAN-CVE-2026-40079

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...

9.8CVSS5.8AI score0.01113EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52627

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. A path traversal issue allows for arbitrary file read through the Report format file parameter. The process occurs in two stages:...

6.5CVSS5.9AI score0.00324EPSS
Exploits1References10
NVD
NVD
added 2026/06/24 11:16 p.m.11 views

CVE-2026-39948

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.8CVSS0.00456EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 11:16 p.m.11 views

DEBIAN-CVE-2026-39938

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

9.8CVSS5.7AI score0.00436EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/06/24 11:6 p.m.6 views

CVE-2026-39948

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.8CVSS5.9AI score0.00456EPSS
Exploits0
CVE
CVE
added 2026/06/24 10:49 p.m.36 views

CVE-2026-39955

CVE-2026-39955 affects Cacti up to version 1.2.30, with a pre-authentication SQL injection caused by an unanchored FILTER_VALIDATE_REGEXP in graph_view.php. The issue is fixed in version 1.2.31. Impact centers on unauthorized access to potentially sensitive data before authentication; exploitatio...

9.8CVSS5.9AI score0.00315EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/24 10:37 p.m.3 views

CVE-2026-39900 Cacti: Reflected XSS via tab parameter in auth_profile.php JavaScript context

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...

5.3CVSS5.9AI score0.00155EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 10:16 p.m.8 views

DEBIAN-CVE-2026-39893

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication graph viewing supports guest access via the configured guest...

9.8CVSS5.9AI score0.00363EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/02 11:30 p.m.104 views

Exploit for Improper Neutralization of Line Delimiters in Cacti

CVE-2025-24367-WebShell Exploit He creado este pequeño script...

8.8CVSS6AI score0.54024EPSS
Exploits10
SUSE CVE
SUSE CVE
added 2026/01/30 12:31 a.m.36 views

SUSE CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...

5.4CVSS5.5AI score0.002EPSS
Exploits1References3
OSV
OSV
added 2026/01/29 6:16 p.m.4 views

CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...

5.4CVSS5.9AI score
Exploits0References2
Rows per page
Query Builder