CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

307 matches found

CVE-2026-40079

creationtimestamp| type| source ---|---|--- 2026-06-25 13:45:13+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-su-cacti-1...

9.8CVSS5.8AI score0.01113EPSS

Exploits0References1

OSV•added 2 days ago•3 views

DEBIAN-CVE-2026-40079

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...

9.8CVSS5.8AI score0.01113EPSS

Exploits0References1

Positive Technologies•added 2 days ago•6 views

PT-2026-52627

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Path Traversal allows arbitrary file read through the Report format file parameter. The issue occurs in two stages: first, lib/html reports.php stores the format file value into the database without...

6.5CVSS5.9AI score0.00307EPSS

Exploits0References5

OSV•added 3 days ago•5 views

DEBIAN-CVE-2026-39938

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

9.8CVSS5.7AI score0.00436EPSS

Exploits1References1

NVD•added 3 days ago•7 views

CVE-2026-39948

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.8CVSS0.00456EPSS

Exploits0References2

Debian CVE•added 3 days ago•4 views

CVE-2026-39948

9.8CVSS5.9AI score0.00456EPSS

Exploits0

CVE•added 3 days ago•16 views

CVE-2026-39955

CVE-2026-39955 affects Cacti up to version 1.2.30, with a pre-authentication SQL injection caused by an unanchored FILTER_VALIDATE_REGEXP in graph_view.php. The issue is fixed in version 1.2.31. Impact centers on unauthorized access to potentially sensitive data before authentication; exploitatio...

9.8CVSS5.9AI score0.00315EPSS

Exploits0References2Affected Software1

OSV•added 3 days ago•6 views

DEBIAN-CVE-2026-39893

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication graph viewing supports guest access via the configured guest...

9.8CVSS5.9AI score0.00363EPSS

Exploits0References1

GithubExploit•added 2026/05/02 11:30 p.m.•84 views

Exploit for Improper Neutralization of Line Delimiters in Cacti

CVE-2025-24367-WebShell Exploit He creado este pequeño script...

8.8CVSS6AI score0.51488EPSS

Exploits10

SUSE CVE•added 2026/01/30 12:31 a.m.•7 views

SUSE CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...

5.4CVSS5.5AI score0.002EPSS

Exploits1References3

OSV•added 2026/01/29 6:16 p.m.•3 views

CVE-2025-45160

5.4CVSS5.9AI score

Exploits0References2

CNNVD•added 2026/01/29 12:0 a.m.•7 views

Cacti security vulnerabilities

Cacti is a set of open-source network traffic monitoring and analysis tools developed by the Cacti team. This tool retrieves data using SNMPGet, generates graphs with RRDTool for analysis, and provides features for data management and user administration. Cacti versions 1.2.29 and earlier contain...

5.4CVSS5.8AI score0.002EPSS

Exploits1References2

ATTACKERKB•added 2026/01/29 12:0 a.m.•4 views

CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti = 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper sanitization. As a result, attackers can inject arbitrary HTML elements...

5.4CVSS5.4AI score0.002EPSS

Exploits1References3

Positive Technologies•added 2026/01/29 12:0 a.m.•6 views

PT-2026-5309

A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page...

6AI score0.002EPSS

Exploits1References2

GithubExploit•added 2026/01/20 8:24 a.m.•193 views

Exploit for Improper Input Validation in Cacti

CVE-2...

9.1CVSS5.4AI score0.86303EPSS

Exploits17

Tenable Nessus•added 2025/12/03 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2025-66399

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input- validation flaw in the SNMP device configuration...

8.8CVSS7.5AI score0.10757EPSS

Exploits1References3

OSV•added 2025/12/02 6:15 p.m.•4 views

UBUNTU-CVE-2025-66399

Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters including newlines that are...

8.8CVSS6AI score0.10757EPSS

Exploits1References3

Cvelist•added 2025/12/02 5:57 p.m.•13 views

CVE-2025-66399 SNMP Command Injection leads to RCE in Cacti

8.7CVSS0.10757EPSS

Exploits1References1

CNNVD•added 2025/12/02 12:0 a.m.•5 views

Cacti 安全漏洞

Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A security vulnerability exists in Cacti versions prior to 1.2.29 that...

8.8CVSS7.9AI score0.10757EPSS

Exploits1References3