from 0, < 1.2.16+ds1-2+deb11u1
from 0, < 1.2.16+ds1-2+deb11u5
CRITICAL9.8CVE-2025-26520Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. from 0, < 1.2.30+ds1-1
CRITICAL9.8Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u2
CRITICAL9.8cacti - security update
from 0, < 1.2.16+ds1-2+deb11u1
CRITICAL9.8cacti - security update
from 0, < 1.2.16+ds1-2+deb11u1
CRITICAL9.8spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end p…
from 0, < 1.1.16+ds1-1
CRITICAL9.1DOMPurify vulnerable to tampering by prototype polution
from 0, < 1.2.16+ds1-2+deb11u5
CRITICAL9.1Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u4
HIGH8.8Cacti is an open source performance and fault management framework.
from 0
HIGH8.8Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script.
from 0, < 0.8.6d-1
HIGH8.8Cacti is an open source performance and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u5
HIGH8.8Cacti is an open source performance and fault management framework.
from 0, < 1.2.28+ds1-4
HIGH8.8Cacti is an open source performance and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u5
HIGH8.8Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u4
HIGH8.8Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u4
HIGH8.8Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.26+ds1-1
HIGH8.8Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u3
HIGH8.8Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB).
from 0, < 1.2.16+ds1-2+deb11u3
HIGH8.8Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.24+ds1-1+deb12u1
HIGH8.8cacti - security update
from 0, < 1.2.16+ds1-2+deb11u2
HIGH8.8cacti - security update
from 0, < 1.2.16+ds1-2+deb11u2
HIGH8.8cacti - security update
from 0, < 1.2.2+ds1-2+deb10u6
HIGH8.8Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u2
HIGH8.8An issue was discovered in Cacti 1.2.x through 1.2.16.
from 0, < 1.2.16+ds1-2
HIGH8.8graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest…
from 0, < 1.2.10+ds1-1
HIGH8.8Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_…
from 0, < 1.2.9+ds1-1
HIGH8.8data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> P…
from 0
HIGH8.8auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by…
from 0, < 0.8.8h+ds1-5
HIGH8.8Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted s…
from 0, < 0.8.8e+ds1-1
HIGH8.8SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the…
from 0, < 0.8.8e+ds1-1
HIGH8.8cacti - security update
from 0, < 0.8.8a+dfsg-5+deb7u9
HIGH8.8cacti - security update
from 0, < 0.8.8g+ds1-1
HIGH8.8SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via…
from 0, < 0.8.8g+ds1-2
HIGH8.8cacti - security update
from 0, < 0.8.7g-1+squeeze9+deb6u14
HIGH8.8cacti - security update
from 0, < 0.8.8f+ds1-4
HIGH8.8SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the…
from 0, < 0.8.8h+ds1-1
HIGH8.2Cacti is an open source performance and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u5
HIGH8.2Cacti is an open source performance and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u5
HIGH8.1cacti - security update
from 0, < 1.2.8+ds1-1
HIGH8.1cacti - security update
from 0, < 0.8.8h+ds1-10+deb9u1
HIGH8.1cacti - security update
from 0, < 0.8.8b+dfsg-8+deb8u8
HIGH8.0Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u4
HIGH7.5Cacti is an open source performance and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u5
HIGH7.5Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_…
from 0, < 1.2.6+ds1-1
HIGH7.2Cacti is an open source performance and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u5
HIGH7.2Cacti is an open source performance and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u5
HIGH7.2Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u4
HIGH7.2Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u4
HIGH7.2Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u2
HIGH7.2A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter.
from 0, < 1.2.13+ds1-1
HIGH7.2Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root…
from 0, < 1.1.27+ds1-3
HIGH7.2lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in a…
from 0, < 1.1.27+ds1-3
MEDIUM6.5SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in th…
from 0
MEDIUM6.5In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
from 0, < 1.2.11+ds1-1
MEDIUM6.5Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled whe…
from 0, < 1.2.8+ds1-1
MEDIUM6.3Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u2
MEDIUM6.1Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.24+ds1-1+deb12u2
MEDIUM6.1cacti - security update
from 0, < 1.2.16+ds1-2+deb11u3
MEDIUM6.1cacti - security update
from 0, < 1.2.16+ds1-2+deb11u3
MEDIUM6.1A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrar…
from 0, < 0.8.7i-1
MEDIUM6.1cacti - security update
from 0, < 1.2.16+ds1-2+deb11u4
MEDIUM6.1cacti - security update
from 0, < 1.2.16+ds1-2+deb11u4
MEDIUM6.1As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully exec…
from 0, < 0.8.7i-1
MEDIUM6.1Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.
from 0, < 1.2.19+ds1-1
MEDIUM6.1cacti - security update
from 0, < 1.2.2+ds1-2+deb10u5
MEDIUM6.1cacti - security update
from 0, < 1.2.13+ds1-1
MEDIUM6.1A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during t…
from 0, < 1.2.14+ds1-1
MEDIUM6.1cacti - security update
from 0, < 1.2.9+ds1-1
MEDIUM6.1cacti - security update
from 0, < 0.8.8b+dfsg-8+deb8u9
MEDIUM6.1Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.
from 0, < 1.1.27+ds1-3
MEDIUM6.1include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.
from 0, < 1.1.25+ds1-1
MEDIUM6.1A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.
from 0, < 1.1.17+ds1-2
MEDIUM6.1Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id…
from 0, < 0.8.8b+dfsg-6
MEDIUM5.4A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29.
from 0
MEDIUM5.4cacti - security update
from 0, < 1.2.16+ds1-2+deb11u5
MEDIUM5.4cacti - security update
from 0, < 1.2.16+ds1-2+deb11u5
MEDIUM5.4Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u4
MEDIUM5.4Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u4
MEDIUM5.4cacti - security update
from 0, < 1.2.24+ds1-1+deb12u5
MEDIUM5.4cacti - security update
from 0, < 1.2.24+ds1-1+deb12u5
MEDIUM5.4Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB).
from 0, < 1.2.16+ds1-2+deb11u3
MEDIUM5.4Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u2
MEDIUM5.4Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.24+ds1-1+deb12u1
MEDIUM5.4Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u3
MEDIUM5.4Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the crea…
from 0, < 1.2.1+ds1-1
MEDIUM5.4Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field…
from 0, < 1.2.1+ds1-1
MEDIUM5.4cacti - security update
from 0, < 0.8.8b+dfsg-8+deb8u7
MEDIUM5.4cacti - security update
from 0, < 1.2.2+ds1-2
MEDIUM5.4A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended ch…
from 0, < 1.2.1+ds1-1
MEDIUM5.4Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_es…
from 0, < 1.1.37+ds1-1
MEDIUM5.4cacti - security update
from 0, < 0.8.8h+ds1-10+deb9u2
MEDIUM5.4cacti - security update
from 0, < 1.1.37+ds1-1
MEDIUM5.4Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['…
from 0, < 1.1.37+ds1-1
MEDIUM5.4lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.
from 0, < 1.1.18+ds1-1
MEDIUM5.4Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitra…
from 0, < 1.1.16+ds1-1
MEDIUM5.4Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML…
from 0, < 1.1.15+ds1-1
MEDIUM5.4Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web…
from 0, < 1.1.12+ds1-1
MEDIUM5.4Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML v…
from 0, < 1.1.12+ds1-1
MEDIUM5.3In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_lda…
from 0