cacti
Enterprise Softwareoss-project
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting cacti.
- CVE-2026-40941Cacti: Package Import Signature Validation Bypass Allows Self-Signed Packages6.5
- CVE-2026-40084Cacti: Arbitrary File Read via Path Traversal in Report `format_file` Parameter6.5
- CVE-2026-40083Cacti: SQL Injection in managers.php7.2
- CVE-2026-40082Cacti: Session Fixation via missing session_regenerate_id() after login5.4
- CVE-2026-40080Cacti: Open Redirect via HTTP_REFERER substring check in auth_login_redirect6.1
- CVE-2026-40079Cacti: Command Injection via escape_command() no-op in RRDtool execution9.8
- CVE-2026-39951Cacti: Stored SQL Injection via graph_name_regexp in Reports feature7.6
- CVE-2026-39948Cacti has SQL Injection via rfilter parameter in RLIKE clauses9.8
- CVE-2026-39955Cacti has Pre-Authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php9.8
- CVE-2026-39938Cacti: Unauthenticated RCE on Graph Image9.8
- CVE-2026-39900Cacti: Reflected XSS via tab parameter in auth_profile.php JavaScript context6.1
- CVE-2026-39899Cacti: Path Traversal via filename parameter in package_import.php5.3
- CVE-2026-39897Cacti has a Reflected XSS Vulnerability via html_auth_footer6.1
- CVE-2026-39894Cacti: RRDtool metric shift via LC_NUMERIC locale comma decimal formatting2.9
- CVE-2026-39893Cacti: Pre-authentication SQL injection via rfilter RLIKE clause in graph_view.php9.8