Direct Vulnerabilities

Known vulnerabilities in the cacti package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
Open Redirect

*
  • L
Session Fixation

*
  • L
Directory Traversal

*
  • L
SQL Injection

*
  • L
Improper Verification of Cryptographic Signature

*
  • L
SQL Injection

*
  • L
SQL Injection

*
  • L
Cross-site Scripting (XSS)

*
  • L
Cross-site Scripting (XSS)

*
  • L
SQL Injection

*
  • H
SQL Injection

*
  • M
Directory Traversal

*
  • C
OS Command Injection

*
  • L
Directory Traversal

*
  • L
Use of Function with Inconsistent Implementations

*
  • L
CVE-2025-45160

<1.2.27+ds1-1
  • H
Arbitrary Command Injection

<1.2.30+ds1-1
  • H
CVE-2005-10004

<0.8.6d-1
  • H
SQL Injection

<1.2.27+ds1-1
  • M
Cross-site Scripting (XSS)

<1.2.27+ds1-1
  • M
Cross-site Scripting (XSS)

<1.2.25+ds1-1
  • M
Cross-site Scripting (XSS)

<1.2.25+ds1-1
  • H
OS Command Injection

<1.2.25+ds1-1
  • H
SQL Injection

<1.2.28+ds1-4
  • M
Cross-site Scripting (XSS)

<1.2.1+ds1-1
  • M
Cross-site Scripting (XSS)

<1.2.28+ds1-1
  • L
Improper Input Validation

*
  • H
SQL Injection

<1.2.27+ds1-1
  • M
Cross-site Scripting (XSS)

<1.2.27+ds1-1
  • M
Cross-site Scripting (XSS)

<1.2.25+ds1-1
  • M
Cross-site Scripting (XSS)

<1.2.27+ds1-1
  • M
Directory Traversal

<1.2.28+ds1-4
  • M
Cross-site Scripting (XSS)

<1.2.25+ds1-1
  • H
SQL Injection

<1.2.25+ds1-1
  • L
Cross-site Scripting (XSS)

<1.2.1+ds1-1
  • C
Improper Authentication

<1.2.20+ds1-1
  • M
Cross-site Scripting (XSS)

<0.8.7i-1
  • M
Cross-site Scripting (XSS)

<1.1.12+ds1-1
  • H
SQL Injection

<0.8.8h+ds1-1
  • M
Deserialization of Untrusted Data

<1.2.25+ds1-1
  • H
SQL Injection

<0.8.8d+ds1-1
  • H
SQL Injection

<0.8.8e+ds1-1
  • M
SQL Injection

<1.2.26+ds1-1
  • H
SQL Injection

<1.2.28+ds1-4
  • M
Cross-site Scripting (XSS)

<1.2.9+ds1-1
  • L
Cross-site Scripting (XSS)

<1.2.1+ds1-1
  • H
Cross-site Scripting (XSS)

<1.2.28+ds1-1
  • M
Cross-site Scripting (XSS)

<1.2.25+ds1-1
  • H
Arbitrary Code Injection

<0.8.8b+dfsg-1
  • H
SQL Injection

<1.2.13+ds1-1
  • M
Cross-site Scripting (XSS)

<1.1.16+ds1-1
  • H
SQL Injection

<0.8.8b+dfsg-1
  • L
Cross-site Scripting (XSS)

<0.8.8b+dfsg-7
  • M
Cross-site Scripting (XSS)

<1.1.25+ds1-1
  • M
Cross-site Scripting (XSS)

<1.2.26+ds1-1
  • L
Cross-site Scripting (XSS)

<0.8.8b+dfsg-7
  • M
Cross-site Scripting (XSS)

<1.1.15+ds1-1
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<1.2.26+ds1-1
  • H
SQL Injection

<1.2.26+ds1-1
  • H
SQL Injection

<0.8.7e-3
  • H
CVE-2006-6799

<0.8.6i-3
  • H
CVE-2024-25641

<1.2.27+ds1-1
  • H
PHP Remote File Inclusion

<1.2.26+ds1-1
  • M
SQL Injection

<0.8.6f-1
  • L
CVE-2025-26520

<1.2.30+ds1-1
  • H
Cross-site Scripting (XSS)

<1.2.28+ds1-1
  • M
CVE-2014-2328

<0.8.8b+dfsg-4
  • H
SQL Injection

<1.2.28+ds1-4
  • H
CVE-2005-2148

<0.8.6f-1
  • M
Cross-site Scripting (XSS)

<0.8.7g-1
  • M
Cross-site Scripting (XSS)

<0.8.8b+dfsg-4
  • H
OS Command Injection

<1.2.9+ds1-1
  • M
Cross-site Scripting (XSS)

<0.8.7g-1
  • M
Improper Input Validation

<0.8.7g-1
  • M
Cross-site Scripting (XSS)

<1.1.12+ds1-1
  • M
Cross-site Request Forgery (CSRF)

<1.2.11+ds1-1
  • H
Out-of-bounds Write

<1.2.8+ds1-1
  • L
CVE-2007-3113

<0.8.6j-1.1
  • L
Access Restriction Bypass

<1.2.1+ds1-1
  • M
Cross-site Scripting (XSS)

<1.2.26+ds1-1
  • M
Cross-site Scripting (XSS)

<0.8.7i-1
  • M
Cross-site Scripting (XSS)

<1.2.26+ds1-1
  • L
Arbitrary Code Injection

<1.2.28+ds1-1
  • L
CVE-2025-24367

<1.2.28+ds1-4
  • H
OS Command Injection

<1.2.28+ds1-4
  • M
Cross-site Scripting (XSS)

<1.2.25+ds1-1
  • M
Cross-site Scripting (XSS)

<1.2.27+ds1-1
  • M
Cross-site Scripting (XSS)

<1.1.37+ds1-1
  • M
Information Exposure

<1.1.27+ds1-3
  • H
CVE-2024-31459

<1.2.27+ds1-1
  • H
Authorization Bypass Through User-Controlled Key

<1.2.6+ds1-1
  • M
Cross-site Scripting (XSS)

<1.2.25+ds1-1
  • M
Authorization Bypass Through User-Controlled Key

<1.2.7+ds1-1
  • H
SQL Injection

<1.2.26+ds1-1
  • M
Cross-site Scripting (XSS)

<1.2.26+ds1-1
  • H
SQL Injection

<1.2.25+ds1-1
  • M
Cross-site Scripting (XSS)

<1.2.25+ds1-1
  • L
Cross-site Scripting (XSS)

<0.8.7i-1
  • M
SQL Injection

<1.2.25+ds1-1
  • C
Insufficient Comparison

<1.2.27+ds1-1
  • M
Cross-site Scripting (XSS)

<1.2.22+ds1-1
  • C
OS Command Injection

<1.2.22+ds1-3
  • H
SQL Injection

<1.2.27+ds1-1
  • H
SQL Injection

<1.2.25+ds1-1
  • H
OS Command Injection

<1.1.27+ds1-3
  • M
Cross-site Scripting (XSS)

<1.2.1+ds1-1
  • M
Cross-site Scripting (XSS)

<1.2.14+ds1-1
  • H
OS Command Injection

<1.2.10+ds1-1
  • M
Open Redirect

<1.2.25+ds1-1
  • M
Cross-site Scripting (XSS)

<1.2.25+ds1-1
  • H
SQL Injection

<0.8.8e+ds1-1
  • L
Cross-site Scripting (XSS)

<1.2.1+ds1-1
  • M
Improper Preservation of Permissions

<1.2.11+ds1-1
  • L
Cross-site Scripting (XSS)

<1.2.2+ds1-2
  • M
SQL Injection

<1.2.8+ds1-1
  • H
Exposure of Resource to Wrong Sphere

<1.1.27+ds1-3
  • H
SQL Injection

<0.8.8f+ds1-3
  • L
Cross-site Scripting (XSS)

<1.1.37+ds1-1
  • L
Incorrect Authorization

<1.2.23+ds1-1
  • M
Cross-site Scripting (XSS)

<1.2.19+ds1-1
  • H
SQL Injection

<0.8.8d+ds1-1
  • H
Access Restriction Bypass

<0.8.8h+ds1-5
  • H
SQL Injection

<0.8.8b+dfsg-4
  • M
Cross-site Scripting (XSS)

<0.8.8b+dfsg-6
  • H
SQL Injection

<0.8.8g+ds1-2
  • M
Cross-site Scripting (XSS)

<1.1.18+ds1-1
  • M
SQL Injection

<0.8.8f+ds1-4
  • M
Cross-site Scripting (XSS)

<1.1.27+ds1-3
  • M
Cross-site Scripting (XSS)

<0.8.8d+ds1-1
  • L
Cross-site Scripting (XSS)

<1.2.1+ds1-1
  • H
SQL Injection

<1.2.16+ds1-2
  • M
Cross-site Scripting (XSS)

<1.2.13+ds1-1
  • H
SQL Injection

<0.8.8b+dfsg-3
  • L
Cross-site Scripting (XSS)

<0.8.7e-1.1
  • H
SQL Injection

<0.8.8f+ds1-4
  • L
Cross-site Scripting (XSS)

<1.1.37+ds1-1
  • C
SQL Injection

<1.2.25+ds1-1
  • M
Cross-site Scripting (XSS)

<0.8.8b+dfsg-3
  • L
Information Exposure

<0.8.7b-1
  • C
CVE-2017-12065

<1.1.16+ds1-1
  • M
SQL Injection

<0.8.6d-1
  • M
Cross-site Scripting (XSS)

<1.1.17+ds1-2
  • M
CVE-2006-0410

<0.8.6d-1
  • H
SQL Injection

<0.8.8b+dfsg-8
  • H
CVE-2005-1524

<0.8.6e-1
  • M
Cross-site Scripting (XSS)

<0.8.8d+ds1-1
  • M
Cross-site Scripting (XSS)

<0.8.8b+dfsg-6
  • L
SQL Injection

<0.8.7b-1
  • L
CVE-2007-3112

<0.8.6j-1.1
  • H
Access Restriction Bypass

<0.8.8g+ds1-1
  • L
Cross-site Scripting (XSS)

<0.8.7b-1
  • M
Cross-site Scripting (XSS)

<0.8.7g-1
  • H
Arbitrary Code Injection

<0.8.8b+dfsg-8
  • H
SQL Injection

<0.8.7e-4
  • M
SQL Injection

<0.8.7a-1
  • L
Arbitrary Code Injection

<0.8.8e+ds1-1
  • M
Cross-site Request Forgery (CSRF)

<0.8.8b+dfsg-6
  • H
SQL Injection

<0.8.7i-1
  • H
CVE-2002-1477

<0.6.8a-2
  • H
CVE-2005-1526

<0.8.6e-1
  • M
Arbitrary Code Injection

<0.8.7b-1
  • M
Cross-site Scripting (XSS)

<0.8.6d-1
  • H
CVE-2014-2709

<0.8.8b+dfsg-4
  • M
Cross-site Scripting (XSS)

<0.8.7g-1
  • M
CVE-2004-1736

<0.8.5a-5
  • H
CVE-2005-1525

<0.8.6e-1
  • C
CVE-2002-1478

<0.6.8a-2
  • H
CVE-2004-1737

<0.8.5a-5
  • M
CVE-2002-1479

<0.6.8-1
  • M
CVE-2006-0147

<0.8.6d-1
  • H
CVE-2005-2149

<0.8.6f-1