3406 matches found
CVE-2026-39893
creationtimestamp| type| source ---|---|--- 2026-06-25 13:45:15+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-su-cacti-1 2026-06-26 03:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mp5zddf5wr2x 2026-07-02 00:00:50+00:00| seen|...
CVE-2026-40079
creationtimestamp| type| source ---|---|--- 2026-06-25 13:45:13+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-su-cacti-1 2026-07-13 06:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mqj3ctzfni2s...
CVE-2026-39955
creationtimestamp| type| source ---|---|--- 2026-06-25 13:45:10+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-su-cacti-1 2026-06-26 03:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mp5xnp333x2x 2026-06-30 00:25:22+00:00| seen|...
CVE-2026-39948
creationtimestamp| type| source ---|---|--- 2026-06-25 13:45:08+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-su-cacti-1 2026-06-27 18:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpc43lpvlg2h...
CVE-2026-39951
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...
CVE-2026-40079
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...
DEBIAN-CVE-2026-40079
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...
DEBIAN-CVE-2026-39951
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...
UBUNTU-CVE-2026-39951
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...
UBUNTU-CVE-2026-40079
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...
PT-2026-52628
Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. The software contains a package import signature validation bypass that allows the use of self-signed packages. Recommendations Upda...
PT-2026-52626
Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description An issue exists in the performance and fault management framework where improper handling of deserialized data leads to SQL Injection. In the 'managers.php' file, the application processes the selecte...
PT-2026-52627
Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. A path traversal issue allows for arbitrary file read through the Report format file parameter. The process occurs in two stages:...
PT-2026-52625
Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. The software is subject to Session Fixation because the session regenerate id function is not called after a successful login. In th...
PT-2026-52624
Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description An open redirect issue exists due to the use of a substring check instead of a host check within the str contains$referer, CACTI PATH URL logic. When the login opts variable is set to '1', the auth...
CVE-2026-40079
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...
CVE-2026-40079 Cacti: Command Injection via escape_command() no-op in RRDtool execution
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...
CVE-2026-40079 Cacti: Command Injection via escape_command() no-op in RRDtool execution
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...
CVE-2026-40079
Cacti 1.2.30 and earlier are vulnerable to a Command Injection due to a no‑op escape_command() in lib/rrd.php, which returns the command unchanged. The graph command assembled by rrdtool_function_graph() is passed to shell_exec via __rrd_execute(), with possible host variable substitutions from g...
CVE-2026-40079
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...