Bestpractical CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (69 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2012-4730	1 Bestpractical	1 Rt	2025-04-11	N/A
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors.
CVE-2012-4731	1 Bestpractical	1 Rtfm	2025-04-11	N/A
FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors.
CVE-2023-45024	1 Bestpractical	1 Request Tracker	2024-11-21	7.5 High
Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.
CVE-2022-25803	1 Bestpractical	1 Request Tracker	2024-11-21	6.1 Medium
Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.
CVE-2022-25802	1 Bestpractical	1 Request Tracker	2024-11-21	6.1 Medium
Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.
CVE-2022-25801	1 Bestpractical	1 Request Tracker For Incident Response	2024-11-21	9.1 Critical
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools.
CVE-2022-25800	1 Bestpractical	1 Request Tracker For Incident Response	2024-11-21	9.1 Critical
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via the whois lookup tool.
CVE-2021-38562	3 Bestpractical, Debian, Fedoraproject	3 Request Tracker, Debian Linux, Fedora	2024-11-21	7.5 High
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
CVE-2018-18898	4 Bestpractical, Canonical, Debian and 1 more	4 Request Tracker, Ubuntu Linux, Debian Linux and 1 more	2024-11-21	7.5 High
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.

« first previous Page 4 of 4.