Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/request-tracker4@4.4.4%2Bdfsg-2%2Bdeb11u3
Typedeb
Namespacedebian
Namerequest-tracker4
Version4.4.4+dfsg-2+deb11u3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.4.6+dfsg-1.1+deb12u3
Latest_non_vulnerable_version4.4.6+dfsg-1.1+deb12u3
Affected_by_vulnerabilities
0
url VCID-1hye-g1ry-s3dh
vulnerability_id VCID-1hye-g1ry-s3dh
summary 
Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser.

This vulnerability affects versions from 5.0.4 up to 5.0.9 and from 6.0.0 up to 6.0.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-6841
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11813
published_at 2026-06-11T12:55:00Z
1
value 0.00038
scoring_system epss
scoring_elements 0.11874
published_at 2026-06-14T12:55:00Z
2
value 0.00038
scoring_system epss
scoring_elements 0.11896
published_at 2026-06-13T12:55:00Z
3
value 0.00038
scoring_system epss
scoring_elements 0.11897
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-6841
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6841
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6841
2
reference_url https://docs.bestpractical.com/release-notes/rt/5.0.10
reference_id 5.0.10
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-21T12:42:30Z/
url https://docs.bestpractical.com/release-notes/rt/5.0.10
3
reference_url https://docs.bestpractical.com/release-notes/rt/6.0.3
reference_id 6.0.3
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-21T12:42:30Z/
url https://docs.bestpractical.com/release-notes/rt/6.0.3
4
reference_url https://cert.pl/en/posts/2026/05/CVE-2026-6841
reference_id CVE-2026-6841
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-21T12:42:30Z/
url https://cert.pl/en/posts/2026/05/CVE-2026-6841
5
reference_url https://requesttracker.com/request-tracker/
reference_id request-tracker
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-21T12:42:30Z/
url https://requesttracker.com/request-tracker/
fixed_packages
0
url pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3
purl pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3
aliases CVE-2026-6841
risk_score 1.2
exploitability 0.5
weighted_severity 2.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1hye-g1ry-s3dh
1
url VCID-4f97-2teh-pyeg
vulnerability_id VCID-4f97-2teh-pyeg
summary RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing them to read or modify data in the RT database. This issue has been fixed in versions 5.0.10 and 6.0.3. If developers are unable to upgrade immediately, they can temporarily work around this issue by restricting RT account access to trusted users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41075
reference_id
reference_type
scores
0
value 0.00032
scoring_system epss
scoring_elements 0.09907
published_at 2026-06-13T12:55:00Z
1
value 0.00032
scoring_system epss
scoring_elements 0.09893
published_at 2026-06-14T12:55:00Z
2
value 0.00032
scoring_system epss
scoring_elements 0.09904
published_at 2026-06-12T12:55:00Z
3
value 0.00032
scoring_system epss
scoring_elements 0.09858
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41075
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41075
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41075
2
reference_url https://github.com/bestpractical/rt/security/advisories/GHSA-7vf8-xv7w-97c6
reference_id GHSA-7vf8-xv7w-97c6
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T15:28:27Z/
url https://github.com/bestpractical/rt/security/advisories/GHSA-7vf8-xv7w-97c6
3
reference_url https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
reference_id rt-5.0.10
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T15:28:27Z/
url https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
4
reference_url https://github.com/bestpractical/rt/releases/tag/rt-6.0.3
reference_id rt-6.0.3
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T15:28:27Z/
url https://github.com/bestpractical/rt/releases/tag/rt-6.0.3
fixed_packages
0
url pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3
purl pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3
aliases CVE-2026-41075
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4f97-2teh-pyeg
2
url VCID-9p4k-17cs-k3fy
vulnerability_id VCID-9p4k-17cs-k3fy
summary RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet (CSV/formula) injection vulnerability. User-controlled data in spreadsheet exports is not sanitized before being written to the output file, which can cause spreadsheet applications to interpret crafted values as formulas or macros when the file is opened. This issue has been fixed in versions 5.0.10 and 6.0.3. If developers are unable to upgrade immediately, they can temporarily work around this issue by avoiding opening exported RT spreadsheet files directly in spreadsheet applications when the data may contain untrusted user input.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41073
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08732
published_at 2026-06-13T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08725
published_at 2026-06-14T12:55:00Z
2
value 0.00029
scoring_system epss
scoring_elements 0.08728
published_at 2026-06-12T12:55:00Z
3
value 0.00029
scoring_system epss
scoring_elements 0.08684
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41073
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41073
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41073
2
reference_url https://github.com/bestpractical/rt/security/advisories/GHSA-6x92-7v65-7m3r
reference_id GHSA-6x92-7v65-7m3r
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-23T02:57:10Z/
url https://github.com/bestpractical/rt/security/advisories/GHSA-6x92-7v65-7m3r
3
reference_url https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
reference_id rt-5.0.10
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-23T02:57:10Z/
url https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
4
reference_url https://github.com/bestpractical/rt/releases/tag/rt-6.0.3
reference_id rt-6.0.3
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-23T02:57:10Z/
url https://github.com/bestpractical/rt/releases/tag/rt-6.0.3
fixed_packages
0
url pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3
purl pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3
aliases CVE-2026-41073
risk_score 2.0
exploitability 0.5
weighted_severity 4.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9p4k-17cs-k3fy
3
url VCID-agzq-e3sq-2qcg
vulnerability_id VCID-agzq-e3sq-2qcg
summary Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-2545
reference_id
reference_type
scores
0
value 0.0024
scoring_system epss
scoring_elements 0.47446
published_at 2026-06-13T12:55:00Z
1
value 0.0024
scoring_system epss
scoring_elements 0.47427
published_at 2026-06-14T12:55:00Z
2
value 0.00252
scoring_system epss
scoring_elements 0.48786
published_at 2026-06-11T12:55:00Z
3
value 0.00252
scoring_system epss
scoring_elements 0.48922
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-2545
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2545
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2545
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104422
reference_id 1104422
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104422
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104424
reference_id 1104424
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104424
4
reference_url https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-algorithm-not-recommended-request-tracker-best-practical
reference_id cryptographic-algorithm-not-recommended-request-tracker-best-practical
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T12:22:33Z/
url https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-algorithm-not-recommended-request-tracker-best-practical
5
reference_url https://usn.ubuntu.com/7692-1/
reference_id USN-7692-1
reference_type
scores
url https://usn.ubuntu.com/7692-1/
fixed_packages
0
url pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3
purl pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3
aliases CVE-2025-2545
risk_score 0.6
exploitability 0.5
weighted_severity 1.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-agzq-e3sq-2qcg
4
url VCID-ca69-35g7-qkhw
vulnerability_id VCID-ca69-35g7-qkhw
summary RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker may be able to authenticate as any LDAP-backed RT user without supplying valid credentials. This issue has been fixed in versions 5.0.10 and 6.0.3. If developers are unable to upgrade immediately, they can temporarily work around this issue by reviewing their LDAP server's authentication policy to ensure it rejects unauthenticated bind attempts. Upgrading RT remains the recommended fix.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41076
reference_id
reference_type
scores
0
value 0.0007
scoring_system epss
scoring_elements 0.21903
published_at 2026-06-13T12:55:00Z
1
value 0.0007
scoring_system epss
scoring_elements 0.21877
published_at 2026-06-14T12:55:00Z
2
value 0.0007
scoring_system epss
scoring_elements 0.2189
published_at 2026-06-12T12:55:00Z
3
value 0.0007
scoring_system epss
scoring_elements 0.21702
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41076
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41076
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41076
2
reference_url https://github.com/bestpractical/rt/security/advisories/GHSA-3w28-fmcr-mjjx
reference_id GHSA-3w28-fmcr-mjjx
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T13:14:24Z/
url https://github.com/bestpractical/rt/security/advisories/GHSA-3w28-fmcr-mjjx
3
reference_url https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
reference_id rt-5.0.10
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T13:14:24Z/
url https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
4
reference_url https://github.com/bestpractical/rt/releases/tag/rt-6.0.3
reference_id rt-6.0.3
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T13:14:24Z/
url https://github.com/bestpractical/rt/releases/tag/rt-6.0.3
fixed_packages
0
url pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3
purl pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3
aliases CVE-2026-41076
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ca69-35g7-qkhw
5
url VCID-h6yp-1t1q-2qgq
vulnerability_id VCID-h6yp-1t1q-2qgq
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44229
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.07141
published_at 2026-06-12T12:55:00Z
1
value 0.00024
scoring_system epss
scoring_elements 0.07136
published_at 2026-06-13T12:55:00Z
2
value 0.00024
scoring_system epss
scoring_elements 0.07131
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44229
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44229
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44229
fixed_packages
0
url pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3
purl pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3
aliases CVE-2026-44229
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h6yp-1t1q-2qgq
6
url VCID-pyvn-d99c-nfaw
vulnerability_id VCID-pyvn-d99c-nfaw
summary Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-30087
reference_id
reference_type
scores
0
value 0.0027
scoring_system epss
scoring_elements 0.50712
published_at 2026-06-11T12:55:00Z
1
value 0.0027
scoring_system epss
scoring_elements 0.50849
published_at 2026-06-14T12:55:00Z
2
value 0.0027
scoring_system epss
scoring_elements 0.50862
published_at 2026-06-13T12:55:00Z
3
value 0.0027
scoring_system epss
scoring_elements 0.50845
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-30087
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30087
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30087
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104422
reference_id 1104422
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104422
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104424
reference_id 1104424
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104424
4
reference_url https://docs.bestpractical.com/release-notes/rt/4.4.8
reference_id 4.4.8
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T18:00:11Z/
url https://docs.bestpractical.com/release-notes/rt/4.4.8
5
reference_url https://docs.bestpractical.com/release-notes/rt/5.0.8
reference_id 5.0.8
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T18:00:11Z/
url https://docs.bestpractical.com/release-notes/rt/5.0.8
6
reference_url https://docs.bestpractical.com/release-notes/rt/index.html
reference_id index.html
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T18:00:11Z/
url https://docs.bestpractical.com/release-notes/rt/index.html
7
reference_url https://usn.ubuntu.com/7692-1/
reference_id USN-7692-1
reference_type
scores
url https://usn.ubuntu.com/7692-1/
fixed_packages
0
url pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3
purl pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3
aliases CVE-2025-30087
risk_score 1.8
exploitability 0.5
weighted_severity 3.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pyvn-d99c-nfaw
7
url VCID-ve4d-49wj-y3e9
vulnerability_id VCID-ve4d-49wj-y3e9
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44231
reference_id
reference_type
scores
0
value 0.00056
scoring_system epss
scoring_elements 0.18077
published_at 2026-06-12T12:55:00Z
1
value 0.00056
scoring_system epss
scoring_elements 0.18093
published_at 2026-06-13T12:55:00Z
2
value 0.00074
scoring_system epss
scoring_elements 0.2272
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44231
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44231
fixed_packages
0
url pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3
purl pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3
aliases CVE-2026-44231
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ve4d-49wj-y3e9
8
url VCID-w58v-b4n3-7fb4
vulnerability_id VCID-w58v-b4n3-7fb4
summary Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61873
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.0036
published_at 2026-06-12T12:55:00Z
1
value 6e-05
scoring_system epss
scoring_elements 0.00358
published_at 2026-06-13T12:55:00Z
2
value 6e-05
scoring_system epss
scoring_elements 0.00365
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61873
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61873
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120003
reference_id 1120003
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120003
3
reference_url https://docs.bestpractical.com/release-notes/rt/index.html
reference_id index.html
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-16T18:27:46Z/
url https://docs.bestpractical.com/release-notes/rt/index.html
fixed_packages
0
url pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3
purl pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3
aliases CVE-2025-61873
risk_score 0.7
exploitability 0.5
weighted_severity 1.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w58v-b4n3-7fb4
9
url VCID-wj3w-p4m6-2kej
vulnerability_id VCID-wj3w-p4m6-2kej
summary Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-3262
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05701
published_at 2026-06-11T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05725
published_at 2026-06-12T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05717
published_at 2026-06-13T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05708
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-3262
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3262
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3262
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068452
reference_id 1068452
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068452
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068453
reference_id 1068453
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068453
4
reference_url https://usn.ubuntu.com/7692-1/
reference_id USN-7692-1
reference_type
scores
url https://usn.ubuntu.com/7692-1/
5
reference_url https://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-de-exposicion-de-informacion-en-request-tracker-rt
reference_id vulnerabilidad-de-exposicion-de-informacion-en-request-tracker-rt
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T15:30:10Z/
url https://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-de-exposicion-de-informacion-en-request-tracker-rt
fixed_packages
0
url pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3
purl pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3
aliases CVE-2024-3262
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wj3w-p4m6-2kej
Fixing_vulnerabilities
0
url VCID-ehhx-2gjq-nkee
vulnerability_id VCID-ehhx-2gjq-nkee
summary Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38562
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.27511
published_at 2026-06-11T12:55:00Z
1
value 0.00102
scoring_system epss
scoring_elements 0.27713
published_at 2026-06-12T12:55:00Z
2
value 0.00102
scoring_system epss
scoring_elements 0.27739
published_at 2026-06-13T12:55:00Z
3
value 0.00102
scoring_system epss
scoring_elements 0.27728
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38562
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38562
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38562
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995167
reference_id 995167
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995167
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995175
reference_id 995175
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995175
4
reference_url https://usn.ubuntu.com/6529-1/
reference_id USN-6529-1
reference_type
scores
url https://usn.ubuntu.com/6529-1/
5
reference_url https://usn.ubuntu.com/7692-1/
reference_id USN-7692-1
reference_type
scores
url https://usn.ubuntu.com/7692-1/
fixed_packages
0
url pkg:deb/debian/request-tracker4@4.4.4%2Bdfsg-2%2Bdeb11u3
purl pkg:deb/debian/request-tracker4@4.4.4%2Bdfsg-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hye-g1ry-s3dh
1
vulnerability VCID-4f97-2teh-pyeg
2
vulnerability VCID-9p4k-17cs-k3fy
3
vulnerability VCID-agzq-e3sq-2qcg
4
vulnerability VCID-ca69-35g7-qkhw
5
vulnerability VCID-h6yp-1t1q-2qgq
6
vulnerability VCID-pyvn-d99c-nfaw
7
vulnerability VCID-ve4d-49wj-y3e9
8
vulnerability VCID-w58v-b4n3-7fb4
9
vulnerability VCID-wj3w-p4m6-2kej
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.4%252Bdfsg-2%252Bdeb11u3
aliases CVE-2021-38562
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ehhx-2gjq-nkee
1
url VCID-f91m-894b-u7dr
vulnerability_id VCID-f91m-894b-u7dr
summary Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41259
reference_id
reference_type
scores
0
value 0.00136
scoring_system epss
scoring_elements 0.33298
published_at 2026-06-11T12:55:00Z
1
value 0.00136
scoring_system epss
scoring_elements 0.3348
published_at 2026-06-12T12:55:00Z
2
value 0.00136
scoring_system epss
scoring_elements 0.33501
published_at 2026-06-13T12:55:00Z
3
value 0.00136
scoring_system epss
scoring_elements 0.33476
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41259
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41259
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41259
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41260
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41260
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054516
reference_id 1054516
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054516
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054517
reference_id 1054517
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054517
5
reference_url https://docs.bestpractical.com/release-notes/rt/4.4.7
reference_id 4.4.7
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T14:52:22Z/
url https://docs.bestpractical.com/release-notes/rt/4.4.7
6
reference_url https://docs.bestpractical.com/release-notes/rt/5.0.5
reference_id 5.0.5
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T14:52:22Z/
url https://docs.bestpractical.com/release-notes/rt/5.0.5
7
reference_url https://docs.bestpractical.com/release-notes/rt/index.html
reference_id index.html
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T14:52:22Z/
url https://docs.bestpractical.com/release-notes/rt/index.html
8
reference_url https://usn.ubuntu.com/6529-1/
reference_id USN-6529-1
reference_type
scores
url https://usn.ubuntu.com/6529-1/
9
reference_url https://usn.ubuntu.com/7692-1/
reference_id USN-7692-1
reference_type
scores
url https://usn.ubuntu.com/7692-1/
fixed_packages
0
url pkg:deb/debian/request-tracker4@4.4.4%2Bdfsg-2%2Bdeb11u3
purl pkg:deb/debian/request-tracker4@4.4.4%2Bdfsg-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hye-g1ry-s3dh
1
vulnerability VCID-4f97-2teh-pyeg
2
vulnerability VCID-9p4k-17cs-k3fy
3
vulnerability VCID-agzq-e3sq-2qcg
4
vulnerability VCID-ca69-35g7-qkhw
5
vulnerability VCID-h6yp-1t1q-2qgq
6
vulnerability VCID-pyvn-d99c-nfaw
7
vulnerability VCID-ve4d-49wj-y3e9
8
vulnerability VCID-w58v-b4n3-7fb4
9
vulnerability VCID-wj3w-p4m6-2kej
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.4%252Bdfsg-2%252Bdeb11u3
aliases CVE-2023-41259
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f91m-894b-u7dr
2
url VCID-wgs7-ztvz-wkag
vulnerability_id VCID-wgs7-ztvz-wkag
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25802
reference_id
reference_type
scores
0
value 0.0106
scoring_system epss
scoring_elements 0.78053
published_at 2026-06-11T12:55:00Z
1
value 0.0106
scoring_system epss
scoring_elements 0.78121
published_at 2026-06-12T12:55:00Z
2
value 0.0106
scoring_system epss
scoring_elements 0.78134
published_at 2026-06-13T12:55:00Z
3
value 0.0106
scoring_system epss
scoring_elements 0.78129
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25802
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25802
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25802
2
reference_url https://usn.ubuntu.com/6529-1/
reference_id USN-6529-1
reference_type
scores
url https://usn.ubuntu.com/6529-1/
3
reference_url https://usn.ubuntu.com/7692-1/
reference_id USN-7692-1
reference_type
scores
url https://usn.ubuntu.com/7692-1/
fixed_packages
0
url pkg:deb/debian/request-tracker4@4.4.3-2%2Bdeb10u2
purl pkg:deb/debian/request-tracker4@4.4.3-2%2Bdeb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-agzq-e3sq-2qcg
1
vulnerability VCID-ehhx-2gjq-nkee
2
vulnerability VCID-f91m-894b-u7dr
3
vulnerability VCID-pyvn-d99c-nfaw
4
vulnerability VCID-w58v-b4n3-7fb4
5
vulnerability VCID-wgs7-ztvz-wkag
6
vulnerability VCID-wj3w-p4m6-2kej
7
vulnerability VCID-x5q5-duu5-dbhb
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.3-2%252Bdeb10u2
1
url pkg:deb/debian/request-tracker4@4.4.4%2Bdfsg-2%2Bdeb11u3
purl pkg:deb/debian/request-tracker4@4.4.4%2Bdfsg-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hye-g1ry-s3dh
1
vulnerability VCID-4f97-2teh-pyeg
2
vulnerability VCID-9p4k-17cs-k3fy
3
vulnerability VCID-agzq-e3sq-2qcg
4
vulnerability VCID-ca69-35g7-qkhw
5
vulnerability VCID-h6yp-1t1q-2qgq
6
vulnerability VCID-pyvn-d99c-nfaw
7
vulnerability VCID-ve4d-49wj-y3e9
8
vulnerability VCID-w58v-b4n3-7fb4
9
vulnerability VCID-wj3w-p4m6-2kej
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.4%252Bdfsg-2%252Bdeb11u3
aliases CVE-2022-25802
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wgs7-ztvz-wkag
3
url VCID-x5q5-duu5-dbhb
vulnerability_id VCID-x5q5-duu5-dbhb
summary Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41260
reference_id
reference_type
scores
0
value 0.00161
scoring_system epss
scoring_elements 0.36793
published_at 2026-06-11T12:55:00Z
1
value 0.00161
scoring_system epss
scoring_elements 0.36971
published_at 2026-06-12T12:55:00Z
2
value 0.00161
scoring_system epss
scoring_elements 0.37
published_at 2026-06-13T12:55:00Z
3
value 0.00161
scoring_system epss
scoring_elements 0.36985
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41260
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41259
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41259
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41260
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41260
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054516
reference_id 1054516
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054516
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054517
reference_id 1054517
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054517
5
reference_url https://docs.bestpractical.com/release-notes/rt/4.4.7
reference_id 4.4.7
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T14:47:43Z/
url https://docs.bestpractical.com/release-notes/rt/4.4.7
6
reference_url https://docs.bestpractical.com/release-notes/rt/5.0.5
reference_id 5.0.5
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T14:47:43Z/
url https://docs.bestpractical.com/release-notes/rt/5.0.5
7
reference_url https://docs.bestpractical.com/release-notes/rt/index.html
reference_id index.html
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T14:47:43Z/
url https://docs.bestpractical.com/release-notes/rt/index.html
8
reference_url https://usn.ubuntu.com/6529-1/
reference_id USN-6529-1
reference_type
scores
url https://usn.ubuntu.com/6529-1/
9
reference_url https://usn.ubuntu.com/7692-1/
reference_id USN-7692-1
reference_type
scores
url https://usn.ubuntu.com/7692-1/
fixed_packages
0
url pkg:deb/debian/request-tracker4@4.4.4%2Bdfsg-2%2Bdeb11u3
purl pkg:deb/debian/request-tracker4@4.4.4%2Bdfsg-2%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hye-g1ry-s3dh
1
vulnerability VCID-4f97-2teh-pyeg
2
vulnerability VCID-9p4k-17cs-k3fy
3
vulnerability VCID-agzq-e3sq-2qcg
4
vulnerability VCID-ca69-35g7-qkhw
5
vulnerability VCID-h6yp-1t1q-2qgq
6
vulnerability VCID-pyvn-d99c-nfaw
7
vulnerability VCID-ve4d-49wj-y3e9
8
vulnerability VCID-w58v-b4n3-7fb4
9
vulnerability VCID-wj3w-p4m6-2kej
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.4%252Bdfsg-2%252Bdeb11u3
aliases CVE-2023-41260
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x5q5-duu5-dbhb
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.4%252Bdfsg-2%252Bdeb11u3