Lucene search
+L

3406 matches found

Circl
Circl
added 2026/06/25 1:45 p.m.8 views

CVE-2026-39893

creationtimestamp| type| source ---|---|--- 2026-06-25 13:45:15+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-su-cacti-1 2026-06-26 03:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mp5zddf5wr2x 2026-07-02 00:00:50+00:00| seen|...

9.8CVSS5.7AI score0.00363EPSS
Exploits0References3
Circl
Circl
added 2026/06/25 1:45 p.m.10 views

CVE-2026-40079

creationtimestamp| type| source ---|---|--- 2026-06-25 13:45:13+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-su-cacti-1 2026-07-13 06:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mqj3ctzfni2s...

9.8CVSS6.1AI score0.01113EPSS
Exploits0References2
Circl
Circl
added 2026/06/25 1:45 p.m.7 views

CVE-2026-39955

creationtimestamp| type| source ---|---|--- 2026-06-25 13:45:10+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-su-cacti-1 2026-06-26 03:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mp5xnp333x2x 2026-06-30 00:25:22+00:00| seen|...

9.8CVSS5.7AI score0.00315EPSS
Exploits0References4
Circl
Circl
added 2026/06/25 1:45 p.m.7 views

CVE-2026-39948

creationtimestamp| type| source ---|---|--- 2026-06-25 13:45:08+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-su-cacti-1 2026-06-27 18:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpc43lpvlg2h...

9.8CVSS5.7AI score0.00456EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 12:17 a.m.9 views

CVE-2026-39951

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...

8.8CVSS0.00221EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 12:17 a.m.18 views

CVE-2026-40079

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...

9.8CVSS0.01113EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 12:17 a.m.6 views

DEBIAN-CVE-2026-40079

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...

9.8CVSS5.8AI score0.01113EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 12:17 a.m.5 views

DEBIAN-CVE-2026-39951

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...

8.8CVSS5.9AI score0.00221EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 12:17 a.m.6 views

UBUNTU-CVE-2026-39951

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...

8.8CVSS5.8AI score0.00221EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 12:17 a.m.4 views

UBUNTU-CVE-2026-40079

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...

9.8CVSS5.7AI score0.01113EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52628

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. The software contains a package import signature validation bypass that allows the use of self-signed packages. Recommendations Upda...

7.1CVSS5.8AI score0.00159EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52626

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description An issue exists in the performance and fault management framework where improper handling of deserialized data leads to SQL Injection. In the 'managers.php' file, the application processes the selecte...

7.2CVSS5.9AI score0.00279EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.14 views

PT-2026-52627

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. A path traversal issue allows for arbitrary file read through the Report format file parameter. The process occurs in two stages:...

6.5CVSS5.9AI score0.00324EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.23 views

PT-2026-52625

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. The software is subject to Session Fixation because the session regenerate id function is not called after a successful login. In th...

5.4CVSS5.8AI score0.00183EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.16 views

PT-2026-52624

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description An open redirect issue exists due to the use of a substring check instead of a host check within the str contains$referer, CACTI PATH URL logic. When the login opts variable is set to '1', the auth...

6.1CVSS5.6AI score0.00151EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:26 p.m.4 views

CVE-2026-40079

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...

8.6CVSS5.8AI score0.01113EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/24 11:26 p.m.43 views

CVE-2026-40079 Cacti: Command Injection via escape_command() no-op in RRDtool execution

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...

8.6CVSS0.01113EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 11:26 p.m.7 views

CVE-2026-40079 Cacti: Command Injection via escape_command() no-op in RRDtool execution

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...

8.6CVSS5.9AI score0.01113EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 11:26 p.m.28 views

CVE-2026-40079

Cacti 1.2.30 and earlier are vulnerable to a Command Injection due to a no‑op escape_command() in lib/rrd.php, which returns the command unchanged. The graph command assembled by rrdtool_function_graph() is passed to shell_exec via __rrd_execute(), with possible host variable substitutions from g...

9.8CVSS5.8AI score0.01113EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/24 11:26 p.m.6 views

CVE-2026-40079

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...

9.8CVSS5.8AI score0.01113EPSS
Exploits0
Rows per page
Query Builder