Lucene search
+L

3406 matches found

Debian CVE
Debian CVE
added 2026/06/24 11:6 p.m.7 views

CVE-2026-39948

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.8CVSS5.9AI score0.00456EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/24 11:6 p.m.30 views

CVE-2026-39948 Cacti has SQL Injection via rfilter parameter in RLIKE clauses

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.3CVSS0.00456EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 11:6 p.m.4 views

CVE-2026-39948 Cacti has SQL Injection via rfilter parameter in RLIKE clauses

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.3CVSS6.1AI score0.00456EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 11:6 p.m.44 views

CVE-2026-39948

Cacti

9.8CVSS5.9AI score0.00456EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 10:49 p.m.7 views

CVE-2026-39955

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS5.9AI score0.00315EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/24 10:49 p.m.26 views

CVE-2026-39955 Cacti has Pre-Authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS0.00315EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 10:49 p.m.41 views

CVE-2026-39955

CVE-2026-39955 affects Cacti up to version 1.2.30, with a pre-authentication SQL injection caused by an unanchored FILTER_VALIDATE_REGEXP in graph_view.php. The issue is fixed in version 1.2.31. Impact centers on unauthorized access to potentially sensitive data before authentication; exploitatio...

9.8CVSS5.9AI score0.00315EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/24 10:49 p.m.5 views

CVE-2026-39955 Cacti has Pre-Authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS6AI score0.00315EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/24 10:49 p.m.7 views

CVE-2026-39955

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS5.9AI score0.00315EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/24 10:41 p.m.6 views

CVE-2026-39938

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

9.8CVSS5.7AI score0.00436EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/06/24 10:41 p.m.6 views

CVE-2026-39938

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

9.8CVSS5.7AI score0.00436EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/24 10:41 p.m.33 views

CVE-2026-39938

CVE-2026-39938 affects the open-source framework Cacti. Versions 1.2.30 and earlier are affected by an unauthenticated local file inclusion due to weaknesses in graph_theme and rrdtool IPC serialization hardening. The issue is rated CVSSv3.1 9.8 (CRITICAL) with NETWORK attack vector, no privilege...

9.8CVSS5.7AI score0.00436EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/24 10:41 p.m.4 views

CVE-2026-39938 Cacti: Unauthenticated RCE on Graph Image

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

9.8CVSS5.9AI score0.00436EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/24 10:41 p.m.36 views

CVE-2026-39938 Cacti: Unauthenticated RCE on Graph Image

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

9.8CVSS0.00436EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/06/24 10:37 p.m.7 views

CVE-2026-39900

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...

6.1CVSS5.7AI score0.00155EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/24 10:37 p.m.25 views

CVE-2026-39900 Cacti: Reflected XSS via tab parameter in auth_profile.php JavaScript context

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...

5.3CVSS0.00155EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 10:37 p.m.28 views

CVE-2026-39900

Cacti versions 1.2.30 and earlier are vulnerable to a Reflected XSS via the tab parameter in the auth_profile.php JavaScript context. The issue is fixed in version 1.2.31. CVSS 4.0 base score 5.3 (Medium) with network vector, low attack complexity, no privileges required, and user interaction req...

6.1CVSS5.7AI score0.00155EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/24 10:37 p.m.6 views

CVE-2026-39900 Cacti: Reflected XSS via tab parameter in auth_profile.php JavaScript context

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...

5.3CVSS5.9AI score0.00155EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 10:33 p.m.5 views

CVE-2026-39899

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in packageimport.php. This issue has been fixed in version 1.2.31...

6.9CVSS5.7AI score0.00261EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/24 10:33 p.m.27 views

CVE-2026-39899 Cacti: Path Traversal via filename parameter in package_import.php

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in packageimport.php. This issue has been fixed in version 1.2.31...

6.9CVSS0.00261EPSS
Exploits0References2
Rows per page
Query Builder