Lucene search
K

10 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-39893

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL...

9.8CVSS6.2AI score0.00363EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 11:17 p.m.10 views

CVE-2026-40082

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing sessionregenerateid after login, leading to Session Fixation. sessionregenerateid is NOT called after successful login. The login flow at authlogin.php:203-207 directly sets $SESSIONSESSUSER...

5.4CVSS0.00183EPSS
Exploits1References3
NVD
NVD
added 2026/06/25 11:17 p.m.10 views

CVE-2026-40080

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring check rather than a host check at strcontains$referer, CACTIPATHURL. When the user's loginopts == '1' redirect to referer after login, the function use...

6.1CVSS0.00151EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 10:39 p.m.6 views

CVE-2026-40083

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selecteditems by calling...

7.2CVSS6AI score0.00279EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/24 11:26 p.m.5 views

CVE-2026-40079

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...

9.8CVSS5.8AI score0.01113EPSS
Exploits0
OSV
OSV
added 2026/06/24 11:16 p.m.3 views

UBUNTU-CVE-2026-39899

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in packageimport.php. This issue has been fixed in version 1.2.31...

6.9CVSS5.7AI score0.00261EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 11:16 p.m.5 views

UBUNTU-CVE-2026-39955

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS5.8AI score0.00315EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/24 11:14 p.m.4 views

CVE-2026-39951

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...

8.8CVSS5.9AI score0.00221EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/24 10:49 p.m.7 views

CVE-2026-39955

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS5.9AI score0.00315EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/24 10:0 p.m.5 views

CVE-2026-39897

Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the htmlauthfooter. This issue has been fixed in version 1.2.31...

6.1CVSS5.7AI score0.00155EPSS
Exploits0
Rows per page
Query Builder