Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1076167?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "type": "deb", "namespace": "debian", "name": "request-tracker4", "version": "4.4.6+dfsg-1.1+deb12u3", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75763?format=api", "vulnerability_id": "VCID-1hye-g1ry-s3dh", "summary": "Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the \"Page\" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser.\n\nThis vulnerability affects versions from 5.0.4 up to 5.0.9 and from 6.0.0 up to 6.0.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6841", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11813", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11874", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11896", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11897", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6841" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6841", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6841" }, { "reference_url": "https://docs.bestpractical.com/release-notes/rt/5.0.10", "reference_id": "5.0.10", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-21T12:42:30Z/" } ], "url": "https://docs.bestpractical.com/release-notes/rt/5.0.10" }, { "reference_url": "https://docs.bestpractical.com/release-notes/rt/6.0.3", "reference_id": "6.0.3", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-21T12:42:30Z/" } ], "url": "https://docs.bestpractical.com/release-notes/rt/6.0.3" }, { "reference_url": "https://cert.pl/en/posts/2026/05/CVE-2026-6841", "reference_id": "CVE-2026-6841", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-21T12:42:30Z/" } ], "url": "https://cert.pl/en/posts/2026/05/CVE-2026-6841" }, { "reference_url": "https://requesttracker.com/request-tracker/", "reference_id": "request-tracker", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-21T12:42:30Z/" } ], "url": "https://requesttracker.com/request-tracker/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" } ], "aliases": [ "CVE-2026-6841" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1hye-g1ry-s3dh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80625?format=api", "vulnerability_id": "VCID-4f97-2teh-pyeg", "summary": "RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing them to read or modify data in the RT database. This issue has been fixed in versions 5.0.10 and 6.0.3. If developers are unable to upgrade immediately, they can temporarily work around this issue by restricting RT account access to trusted users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41075", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09907", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09893", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09904", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09858", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41075" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41075", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41075" }, { "reference_url": "https://github.com/bestpractical/rt/security/advisories/GHSA-7vf8-xv7w-97c6", "reference_id": "GHSA-7vf8-xv7w-97c6", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T15:28:27Z/" } ], "url": "https://github.com/bestpractical/rt/security/advisories/GHSA-7vf8-xv7w-97c6" }, { "reference_url": "https://github.com/bestpractical/rt/releases/tag/rt-5.0.10", "reference_id": "rt-5.0.10", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T15:28:27Z/" } ], "url": "https://github.com/bestpractical/rt/releases/tag/rt-5.0.10" }, { "reference_url": "https://github.com/bestpractical/rt/releases/tag/rt-6.0.3", "reference_id": "rt-6.0.3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T15:28:27Z/" } ], "url": "https://github.com/bestpractical/rt/releases/tag/rt-6.0.3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" } ], "aliases": [ "CVE-2026-41075" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4f97-2teh-pyeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80871?format=api", "vulnerability_id": "VCID-9p4k-17cs-k3fy", "summary": "RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet (CSV/formula) injection vulnerability. User-controlled data in spreadsheet exports is not sanitized before being written to the output file, which can cause spreadsheet applications to interpret crafted values as formulas or macros when the file is opened. This issue has been fixed in versions 5.0.10 and 6.0.3. If developers are unable to upgrade immediately, they can temporarily work around this issue by avoiding opening exported RT spreadsheet files directly in spreadsheet applications when the data may contain untrusted user input.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41073", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08732", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08725", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08728", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08684", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41073" }, { "reference_url": "https://github.com/bestpractical/rt/security/advisories/GHSA-6x92-7v65-7m3r", "reference_id": "GHSA-6x92-7v65-7m3r", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-23T02:57:10Z/" } ], "url": "https://github.com/bestpractical/rt/security/advisories/GHSA-6x92-7v65-7m3r" }, { "reference_url": "https://github.com/bestpractical/rt/releases/tag/rt-5.0.10", "reference_id": "rt-5.0.10", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-23T02:57:10Z/" } ], "url": "https://github.com/bestpractical/rt/releases/tag/rt-5.0.10" }, { "reference_url": "https://github.com/bestpractical/rt/releases/tag/rt-6.0.3", "reference_id": "rt-6.0.3", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-23T02:57:10Z/" } ], "url": "https://github.com/bestpractical/rt/releases/tag/rt-6.0.3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" } ], "aliases": [ "CVE-2026-41073" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9p4k-17cs-k3fy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/126508?format=api", "vulnerability_id": "VCID-agzq-e3sq-2qcg", "summary": "Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2545", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47446", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47427", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48786", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48922", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2545" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2545", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2545" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104422", "reference_id": "1104422", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104422" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104424", "reference_id": "1104424", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104424" }, { "reference_url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-algorithm-not-recommended-request-tracker-best-practical", "reference_id": "cryptographic-algorithm-not-recommended-request-tracker-best-practical", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T12:22:33Z/" } ], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-algorithm-not-recommended-request-tracker-best-practical" }, { "reference_url": "https://usn.ubuntu.com/7692-1/", "reference_id": "USN-7692-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7692-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" } ], "aliases": [ "CVE-2025-2545" ], "risk_score": 0.6, "exploitability": "0.5", "weighted_severity": "1.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-agzq-e3sq-2qcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80779?format=api", "vulnerability_id": "VCID-ca69-35g7-qkhw", "summary": "RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker may be able to authenticate as any LDAP-backed RT user without supplying valid credentials. This issue has been fixed in versions 5.0.10 and 6.0.3. If developers are unable to upgrade immediately, they can temporarily work around this issue by reviewing their LDAP server's authentication policy to ensure it rejects unauthenticated bind attempts. Upgrading RT remains the recommended fix.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41076", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21903", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21877", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.2189", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21702", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41076" }, { "reference_url": "https://github.com/bestpractical/rt/security/advisories/GHSA-3w28-fmcr-mjjx", "reference_id": "GHSA-3w28-fmcr-mjjx", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T13:14:24Z/" } ], "url": "https://github.com/bestpractical/rt/security/advisories/GHSA-3w28-fmcr-mjjx" }, { "reference_url": "https://github.com/bestpractical/rt/releases/tag/rt-5.0.10", "reference_id": "rt-5.0.10", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T13:14:24Z/" } ], "url": "https://github.com/bestpractical/rt/releases/tag/rt-5.0.10" }, { "reference_url": "https://github.com/bestpractical/rt/releases/tag/rt-6.0.3", "reference_id": "rt-6.0.3", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T13:14:24Z/" } ], "url": "https://github.com/bestpractical/rt/releases/tag/rt-6.0.3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" } ], "aliases": [ "CVE-2026-41076" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ca69-35g7-qkhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211542?format=api", "vulnerability_id": "VCID-h6yp-1t1q-2qgq", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07141", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07136", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07131", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44229" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44229", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44229" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" } ], "aliases": [ "CVE-2026-44229" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6yp-1t1q-2qgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89519?format=api", "vulnerability_id": "VCID-pyvn-d99c-nfaw", "summary": "Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30087", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50712", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50849", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50862", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50845", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30087" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104422", "reference_id": "1104422", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104422" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104424", "reference_id": "1104424", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104424" }, { "reference_url": "https://docs.bestpractical.com/release-notes/rt/4.4.8", "reference_id": "4.4.8", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T18:00:11Z/" } ], "url": "https://docs.bestpractical.com/release-notes/rt/4.4.8" }, { "reference_url": "https://docs.bestpractical.com/release-notes/rt/5.0.8", "reference_id": "5.0.8", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T18:00:11Z/" } ], "url": "https://docs.bestpractical.com/release-notes/rt/5.0.8" }, { "reference_url": "https://docs.bestpractical.com/release-notes/rt/index.html", "reference_id": "index.html", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T18:00:11Z/" } ], "url": "https://docs.bestpractical.com/release-notes/rt/index.html" }, { "reference_url": "https://usn.ubuntu.com/7692-1/", "reference_id": "USN-7692-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7692-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" } ], "aliases": [ "CVE-2025-30087" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pyvn-d99c-nfaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211543?format=api", "vulnerability_id": "VCID-ve4d-49wj-y3e9", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.18077", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.18093", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2272", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44231" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" } ], "aliases": [ "CVE-2026-44231" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ve4d-49wj-y3e9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/127813?format=api", "vulnerability_id": "VCID-w58v-b4n3-7fb4", "summary": "Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61873", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0036", "published_at": "2026-06-12T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00358", "published_at": "2026-06-13T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00365", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61873" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120003", "reference_id": "1120003", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120003" }, { "reference_url": "https://docs.bestpractical.com/release-notes/rt/index.html", "reference_id": "index.html", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-16T18:27:46Z/" } ], "url": "https://docs.bestpractical.com/release-notes/rt/index.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" } ], "aliases": [ "CVE-2025-61873" ], "risk_score": 0.7, "exploitability": "0.5", "weighted_severity": "1.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w58v-b4n3-7fb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64016?format=api", "vulnerability_id": "VCID-wj3w-p4m6-2kej", "summary": "Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3262", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05701", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05725", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05717", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05708", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3262" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3262", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3262" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068452", "reference_id": "1068452", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068452" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068453", "reference_id": "1068453", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068453" }, { "reference_url": "https://usn.ubuntu.com/7692-1/", "reference_id": "USN-7692-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7692-1/" }, { "reference_url": "https://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-de-exposicion-de-informacion-en-request-tracker-rt", "reference_id": "vulnerabilidad-de-exposicion-de-informacion-en-request-tracker-rt", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T15:30:10Z/" } ], "url": "https://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-de-exposicion-de-informacion-en-request-tracker-rt" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" } ], "aliases": [ "CVE-2024-3262" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wj3w-p4m6-2kej" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" }