CVE-2025-45160

Cacti ≤ 1.2.29 is affected by a HTML injection in the file-upload flow. The issue arises when a file with an invalid format is uploaded: the submitted filename is echoed back in an error popup without sanitization, enabling injection of HTML elements (e.g., , , ) into the rendered page. Some sour...

CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...

CVE-2025-67616

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BZOTheme Mella mella allows PHP Local File Inclusion.This issue affects Mella: from n/a through = 1.2.29...

CVE-2025-67616

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BZOTheme Mella mella allows PHP Local File Inclusion.This issue affects Mella: from n/a through = 1.2.29...

CVE-2025-67616 WordPress Mella theme <= 1.2.29 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BZOTheme Mella mella allows PHP Local File Inclusion.This issue affects Mella: from n/a through = 1.2.29...

WordPress plugin Mella has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress Mella theme <= 1.2.29 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Mella versions = 1.2.29...

WordPress LazyTasks plugin <= 1.2.29 - Missing Authorization to Uanuthenticated Privilege Escalation vulnerability

Missing Authorization to Uanuthenticated Privilege Escalation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin LazyTasks versions = 1.2.29...

WordPress plugin LazyTasks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

SUSE CVE-2025-66399

Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters including newlines that are...

Linux Distros Unpatched Vulnerability : CVE-2025-66399

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input- validation flaw in the SNMP device configuration...

CVE-2025-66399 SNMP Command Injection leads to RCE in Cacti

Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters including newlines that are...

EUVD-2025-200287

Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters including newlines that are...

PT-2025-48744

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.29 Description Cacti is a performance and fault management framework. A flaw exists in the SNMP device configuration functionality due to insufficient input validation. An authenticated Cacti user can provide crafte...

EUVD-2024-41744

Malicious code in bioql PyPI...

EUVD-2025-3682

Malicious code in bioql PyPI...

EUVD-2024-52313

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-24367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to...

Linux Distros Unpatched Vulnerability : CVE-2024-54146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of hosttemplates.php using...

Linux Distros Unpatched Vulnerability : CVE-2025-22604

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OID...