Lucene search
K

5 matches found

NVD
NVD
added 2026/06/25 11:17 p.m.7 views

CVE-2026-40082

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing sessionregenerateid after login, leading to Session Fixation. sessionregenerateid is NOT called after successful login. The login flow at authlogin.php:203-207 directly sets $SESSIONSESSUSER...

5.4CVSS0.00183EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.18 views

PT-2026-52625

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. The software is subject to Session Fixation because the session regenerate id function is not called after a successful login. In th...

5.4CVSS5.8AI score0.00183EPSS
Exploits1References8
OSV
OSV
added 2026/06/24 11:16 p.m.3 views

UBUNTU-CVE-2026-39900

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...

6.1CVSS5.7AI score0.00155EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 10:16 p.m.9 views

CVE-2026-39897

Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the htmlauthfooter. This issue has been fixed in version 1.2.31...

6.1CVSS0.00155EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/24 9:45 p.m.6 views

CVE-2026-39893

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication graph viewing supports guest access via the configured guest...

9.8CVSS5.9AI score0.00363EPSS
Exploits0
Rows per page
Query Builder