Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-40941 |
|
Vulnerability in cacti (CVE-2026-40941)
vulnerability in cacti (CVE-2026-40941). Data can be tampered with by attackers.
|
| CVE-2026-40084 |
|
Path Traversal in path-traversal (CVE-2026-40084)
path traversal in path-traversal (CVE-2026-40084). Confidential information can be exposed externally.
|
| CVE-2026-40083 |
|
SQL Injection in sqli (CVE-2026-40083)
SQL injection in sqli (CVE-2026-40083). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40082 |
|
Vulnerability in cacti (CVE-2026-40082)
vulnerability in cacti (CVE-2026-40082). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40080 |
|
Open Redirect in cacti (CVE-2026-40080)
vulnerability in cacti (CVE-2026-40080). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40079 |
|
OS Command Injection in cacti (CVE-2026-40079)
OS command injection in cacti (CVE-2026-40079). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39951 |
|
SQL Injection in sqli (CVE-2026-39951)
SQL injection in sqli (CVE-2026-39951). Confidential information can be exposed externally.
|
| CVE-2026-39955 |
|
SQL Injection in sqli (CVE-2026-39955)
SQL injection in sqli (CVE-2026-39955). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39899 |
|
Path Traversal in path-traversal (CVE-2026-39899)
path traversal in path-traversal (CVE-2026-39899). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39900 |
|
Cross-Site Scripting (XSS) in cacti (CVE-2026-39900)
cross-site scripting in cacti (CVE-2026-39900). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39938 |
|
Path Traversal in cacti (CVE-2026-39938)
path traversal in cacti (CVE-2026-39938). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39948 |
|
SQL Injection in cacti (CVE-2026-39948)
SQL injection in cacti (CVE-2026-39948). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39897 |
|
Cross-Site Scripting (XSS) in cacti (CVE-2026-39897)
cross-site scripting in cacti (CVE-2026-39897). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39894 |
|
Vulnerability in cacti (CVE-2026-39894)
vulnerability in cacti (CVE-2026-39894). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39893 |
|
SQL Injection in sqli (CVE-2026-39893)
SQL injection in sqli (CVE-2026-39893). Successful exploitation can lead to full system takeover.
|
| CVE-2022-46169 KEV |
|
[KEV] Vulnerability in cacti (CVE-2022-46169)
vulnerability in cacti (CVE-2022-46169). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2016-10700 |
|
Vulnerability in cacti (CVE-2016-10700)
vulnerability in cacti (CVE-2016-10700). Successful exploitation can lead to full system takeover.
|
| CVE-2014-4000 |
|
Code Injection in cacti (CVE-2014-4000)
code injection in cacti (CVE-2014-4000). Successful exploitation can lead to full system takeover.
|
| CVE-2017-16785 |
|
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.
|
| CVE-2017-16661 |
|
Information Disclosure in cacti (CVE-2017-16661)
vulnerability in cacti (CVE-2017-16661). Confidential information can be exposed externally.
|
| CVE-2017-16660 |
|
Vulnerability in c (CVE-2017-16660)
vulnerability in c (CVE-2017-16660). Successful exploitation can lead to full system takeover.
|
| CVE-2017-16641 |
|
OS Command Injection in cacti (CVE-2017-16641)
OS command injection in cacti (CVE-2017-16641). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15194 |
|
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.
|
| CVE-2017-12978 |
|
Cross-Site Scripting (XSS) in cacti (CVE-2017-12978)
cross-site scripting in cacti (CVE-2017-12978). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12927 |
|
Cross-Site Scripting (XSS) in cacti (CVE-2017-12927)
cross-site scripting in cacti (CVE-2017-12927). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12066 |
|
Cross-Site Scripting (XSS) in cacti (CVE-2017-12066)
cross-site scripting in cacti (CVE-2017-12066). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`.
|
| CVE-2017-12065 |
|
Vulnerability in cacti (CVE-2017-12065)
vulnerability in cacti (CVE-2017-12065). Successful exploitation can lead to full system takeover.
|
| CVE-2017-11691 |
|
Cross-Site Scripting (XSS) in cacti (CVE-2017-11691)
cross-site scripting in cacti (CVE-2017-11691). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`.
|
| CVE-2017-1000032 |
|
Cross-Site Scripting (XSS) in cacti (CVE-2017-1000032)
cross-site scripting in cacti (CVE-2017-1000032). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-1000031 |
|
SQL Injection in sqli (CVE-2017-1000031)
SQL injection in sqli (CVE-2017-1000031). Successful exploitation can lead to full system takeover.
|
| CVE-2017-11163 |
|
Cross-Site Scripting (XSS) in cacti (CVE-2017-11163)
cross-site scripting in cacti (CVE-2017-11163). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`.
|
| CVE-2017-10970 |
|
Cross-Site Scripting (XSS) in cacti (CVE-2017-10970)
cross-site scripting in cacti (CVE-2017-10970). Risk of unauthorized operations or information disclosure.
|