Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

cacti — Vulnerabilities & Security Advisories 54

All 54 CVE vulnerabilities found in cacti, with AI-generated Chinese analysis, references, and POCs.

Vendor: The Cacti Group, Inc.

CVE IDTitleCVSSSeverityPaused
CVE-2025-66399 SNMP Command Injection leads to RCE in Cacti CWE-77 8.8AIHighAI2025-12-02
CVE-2005-10004 Cacti graph_view.php RCE via graph_start Parameter Injection CWE-78 8.8 -2025-08-30
CVE-2025-26520 Cacti 安全漏洞 CWE-89 7.6 High2025-02-12
CVE-2025-24368 Cacti has a SQL Injection vulnerability when using tree rules through Automation API CWE-89 9.8 -2025-01-27
CVE-2025-24367 Cacti allows Arbitrary File Creation leading to RCE CWE-144 8.8 -2025-01-27
CVE-2025-22604 Cacti has Authenticated RCE via multi-line SNMP responses CWE-78 9.1 Critical2025-01-27
CVE-2024-54145 Cacti has a SQL Injection vulnerability when request automation devices CWE-89 6.3 Medium2025-01-27
CVE-2024-54146 Cacti has a SQL Injection vulnerability when view host template CWE-89 7.6 High2025-01-27
CVE-2024-45598 Cacti has a Local File Inclusion (LFI) Vulnerability via Poller Standard Error Log Path CWE-22 6.0 Medium2025-01-27
CVE-2024-43363 Remote code execution via Log Poisoning in Cacti CWE-94 7.2 High2024-10-07
CVE-2024-43365 Stored Cross-site Scripting (XSS) when creating external links in Cacti CWE-79 5.7 Medium2024-10-07
CVE-2024-43364 Stored Cross-site Scripting (XSS) when creating external links in Cacti CWE-79 5.7 Medium2024-10-07
CVE-2024-43362 Stored Cross-site Scripting (XSS) when creating external links in Cacti CWE-79 7.3 High2024-10-07
CVE-2024-34340 Authentication Bypass when using using older password hashes CWE-287 9.1 Critical2024-05-13
CVE-2024-31460 Cacti SQL Injection vulnerability in lib/api_automation.php caused by reading dirty data stored in database CWE-89 6.5 Medium2024-05-13
CVE-2024-31459 Cacti RCE vulnerability by file include in lib/plugin.php CWE-98 8.1 High2024-05-13
CVE-2024-31458 Cacti SQL Injection vulnerability in lib/html_form_templates.php by reading dirty data stored in database CWE-89 4.6 Medium2024-05-13
CVE-2024-31445 SQL Injection vulnerability in automation_get_new_graphs_sql CWE-89 8.8 High2024-05-13
CVE-2024-31444 Cacti XSS vulnerability in lib/html.php by reading dirty data stored in database CWE-79 4.6 Medium2024-05-13
CVE-2024-31443 Cacti XSS vulnerability in lib/html_tree.php by reading dirty data stored in database CWE-79 5.7 Medium2024-05-13
CVE-2024-30268 Cacti XSS vulnerability in display_settings CWE-79 6.1 Medium2024-05-13
CVE-2024-29895 Cacti command injection in cmd_realtime.php CWE-77 10.0 Critical2024-05-13
CVE-2024-29894 Cacti Cross-site Scripting vulnerability when using JavaScript based messaging API CWE-116 5.4 Medium2024-05-13
CVE-2024-27082 Cacti Cross-site Scripting vulnerability when managing trees CWE-79 7.6 High2024-05-13
CVE-2024-25641 Cacti RCE vulnerability when importing packages CWE-20 9.1 Critical2024-05-13
CVE-2023-51448 SQL Injection vulnerability when managing SNMP Notification Receivers CWE-89 8.8 High2023-12-22
CVE-2023-50250 Cross-Site Scripting vulnerability when Import xml template file CWE-79 5.4 Medium2023-12-22
CVE-2023-49088 Cacti has incomplete fix for CVE-2023-39515 CWE-79 6.1 Medium2023-12-22
CVE-2023-49085 Cacti SQL Injection vulnerability CWE-89 8.8 High2023-12-22
CVE-2023-49086 Cacti is vulnerable to cross-Site scripting (XSS) DOM CWE-79 5.4 Medium2023-12-21

All 54 known CVE vulnerabilities affecting cacti with full Chinese analysis, references, and POCs where available.