Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (69 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-1686 1 Bestpractical 1 Rt 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data.
CVE-2011-1687 1 Bestpractical 1 Rt 2025-04-11 N/A
Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords.
CVE-2023-45024 1 Bestpractical 1 Request Tracker 2024-11-21 7.5 High
Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.
CVE-2022-25803 1 Bestpractical 1 Request Tracker 2024-11-21 6.1 Medium
Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.
CVE-2022-25802 1 Bestpractical 1 Request Tracker 2024-11-21 6.1 Medium
Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.
CVE-2022-25801 1 Bestpractical 1 Request Tracker For Incident Response 2024-11-21 9.1 Critical
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools.
CVE-2022-25800 1 Bestpractical 1 Request Tracker For Incident Response 2024-11-21 9.1 Critical
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via the whois lookup tool.
CVE-2021-38562 3 Bestpractical, Debian, Fedoraproject 3 Request Tracker, Debian Linux, Fedora 2024-11-21 7.5 High
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
CVE-2018-18898 4 Bestpractical, Canonical, Debian and 1 more 4 Request Tracker, Ubuntu Linux, Debian Linux and 1 more 2024-11-21 7.5 High
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.