Lucene search
K

2397 matches found

NVD
NVD
added 2026/06/24 11:16 p.m.9 views

CVE-2026-39948

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.8CVSS0.00456EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 11:16 p.m.2 views

UBUNTU-CVE-2026-39938

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

9.8CVSS5.8AI score0.00436EPSS
Exploits1References4
OSV
OSV
added 2026/06/24 11:16 p.m.2 views

UBUNTU-CVE-2026-39948

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.8CVSS5.9AI score0.00456EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 11:16 p.m.3 views

UBUNTU-CVE-2026-39955

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS5.8AI score0.00315EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 11:14 p.m.32 views

CVE-2026-39951 Cacti: Stored SQL Injection via graph_name_regexp in Reports feature

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...

7.6CVSS0.00221EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 11:14 p.m.14 views

CVE-2026-39951

CVE-2026-39951 affects Cacti versions 1.2.30 and earlier, exposing a Stored SQL Injection through graph_name_regexp in the Reports feature. The vulnerability is fixed in version 1.2.31. Public references confirm the issue and include a fix commit and security advisory link. No exploitation detail...

8.8CVSS5.9AI score0.00221EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/24 11:14 p.m.4 views

CVE-2026-39951

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...

8.8CVSS5.9AI score0.00221EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/24 11:6 p.m.20 views

CVE-2026-39948 Cacti has SQL Injection via rfilter parameter in RLIKE clauses

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.3CVSS0.00456EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 11:6 p.m.28 views

CVE-2026-39948

Cacti

9.8CVSS5.9AI score0.00456EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/24 10:49 p.m.17 views

CVE-2026-39955 Cacti has Pre-Authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS0.00315EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 10:49 p.m.23 views

CVE-2026-39955

CVE-2026-39955 affects Cacti up to version 1.2.30, with a pre-authentication SQL injection caused by an unanchored FILTER_VALIDATE_REGEXP in graph_view.php. The issue is fixed in version 1.2.31. Impact centers on unauthorized access to potentially sensitive data before authentication; exploitatio...

9.8CVSS5.9AI score0.00315EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/24 10:49 p.m.4 views

CVE-2026-39955

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS5.9AI score0.00315EPSS
Exploits0
CVE
CVE
added 2026/06/24 10:41 p.m.25 views

CVE-2026-39938

CVE-2026-39938 affects the open-source framework Cacti. Versions 1.2.30 and earlier are affected by an unauthenticated local file inclusion due to weaknesses in graph_theme and rrdtool IPC serialization hardening. The issue is rated CVSSv3.1 9.8 (CRITICAL) with NETWORK attack vector, no privilege...

9.8CVSS5.7AI score0.00436EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 10:41 p.m.5 views

CVE-2026-39938

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

9.8CVSS5.7AI score0.00436EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/06/24 10:41 p.m.20 views

CVE-2026-39938 Cacti: Unauthenticated RCE on Graph Image

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

9.8CVSS0.00436EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/06/24 10:41 p.m.3 views

CVE-2026-39938

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

9.8CVSS5.7AI score0.00436EPSS
Exploits1
Cvelist
Cvelist
added 2026/06/24 9:45 p.m.22 views

CVE-2026-39893 Cacti: Pre-authentication SQL injection via rfilter RLIKE clause in graph_view.php

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication graph viewing supports guest access via the configured guest...

9.8CVSS0.00363EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 9:45 p.m.39 views

CVE-2026-39893

Cacti is affected by a pre-auth SQL injection in versions up to 1.2.30 via the rfilter input concatenated into a RLIKE clause in graph_view.php. The vulnerability could be reached without authentication if graph viewing is enabled for a guest user, making it exploitable pre-auth. The issue has be...

9.8CVSS5.9AI score0.00363EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/24 7:40 p.m.16 views

CVE-2026-46349 Mastodon: LD-Signature Bypass via JSON-LD Named-Graph Restructuring

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing attackers to...

5.3CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 7:40 p.m.10 views

CVE-2026-46349

CVE-2026-46349 affects Mastodon before versions 4.5.10, 4.4.17, and 4.3.23. The issue arises from Mastodon’s normalization of incoming activities signed with Linked-Data Signatures, which does not sufficiently prevent a class of spoofing. An attacker could re-arrange a valid signed JSON-LD activi...

5.3CVSS5.9AI score0.00162EPSS
Exploits0References1
Rows per page
Query Builder