Cacti

This hub aggregates every CVE we track for Cacti, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Cacti.

• CVE-2025-66399SNMP Command Injection leads to RCE in Cacti8.8Dec 2, 2025
• CVE-2005-10004Cacti graph_view.php RCE via graph_start Parameter Injection8.8Aug 30, 2025
• CVE-2025-26520Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146.7.6Feb 12, 2025
• CVE-2025-24368Cacti has a SQL Injection vulnerability when using tree rules through Automation API7.5Jan 27, 2025
• CVE-2025-24367Cacti allows Arbitrary File Creation leading to RCE8.8Jan 27, 2025
• CVE-2025-22604Cacti has Authenticated RCE via multi-line SNMP responses9.1Jan 27, 2025
• CVE-2024-54145Cacti has a SQL Injection vulnerability when request automation devices6.3Jan 27, 2025
• CVE-2024-54146Cacti has a SQL Injection vulnerability when view host template7.6Jan 27, 2025
• CVE-2024-45598Cacti has a Local File Inclusion (LFI) Vulnerability via Poller Standard Error Log Path6.0Jan 27, 2025
• CVE-2024-43363Remote code execution via Log Poisoning in Cacti7.2Oct 7, 2024
• CVE-2024-43365Stored Cross-site Scripting (XSS) when creating external links in Cacti5.7Oct 7, 2024
• CVE-2024-43364Stored Cross-site Scripting (XSS) when creating external links in Cacti5.7Oct 7, 2024
• CVE-2024-43362Stored Cross-site Scripting (XSS) when creating external links in Cacti7.3Oct 7, 2024
• CVE-2024-34340Authentication Bypass when using using older password hashes9.1May 13, 2024
• CVE-2024-31460Cacti SQL Injection vulnerability in lib/api_automation.php caused by reading dirty data stored in database6.5May 13, 2024