cacti

Top products

The 15 most recently published vulnerabilities affecting cacti.

• CVE-2025-66399SNMP Command Injection leads to RCE in Cacti8.8Dec 2, 2025
• CVE-2005-10004Cacti graph_view.php RCE via graph_start Parameter Injection8.8Aug 30, 2025
• CVE-2025-26520Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146.7.6Feb 12, 2025
• CVE-2025-24368Cacti has a SQL Injection vulnerability when using tree rules through Automation API7.5Jan 27, 2025
• CVE-2025-24367Cacti allows Arbitrary File Creation leading to RCE8.8Jan 27, 2025
• CVE-2025-22604Cacti has Authenticated RCE via multi-line SNMP responses9.1Jan 27, 2025
• CVE-2024-54145Cacti has a SQL Injection vulnerability when request automation devices6.3Jan 27, 2025
• CVE-2024-54146Cacti has a SQL Injection vulnerability when view host template7.6Jan 27, 2025
• CVE-2024-45598Cacti has a Local File Inclusion (LFI) Vulnerability via Poller Standard Error Log Path6.0Jan 27, 2025
• CVE-2024-43363Remote code execution via Log Poisoning in Cacti7.2Oct 7, 2024
• CVE-2024-43365Stored Cross-site Scripting (XSS) when creating external links in Cacti5.7Oct 7, 2024
• CVE-2024-43364Stored Cross-site Scripting (XSS) when creating external links in Cacti5.7Oct 7, 2024
• CVE-2024-43362Stored Cross-site Scripting (XSS) when creating external links in Cacti7.3Oct 7, 2024
• CVE-2024-34340Authentication Bypass when using using older password hashes9.1May 13, 2024
• CVE-2024-31460Cacti SQL Injection vulnerability in lib/api_automation.php caused by reading dirty data stored in database6.5May 13, 2024