CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 5 days ago•6 views

CVE-2026-41074

A flaw was found in RT, an open-source issue and ticket tracking system. This Cross-Site Request Forgery CSRF vulnerability allows a remote attacker to trick a logged-in user into visiting a malicious web page. If successful, the attacker can then perform arbitrary state-changing actions within R...

NVD•added 2026/05/22 10:16 p.m.•6 views

CVE-2026-41076

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker m...

8.1CVSS0.0007EPSS

NVD•added 2026/05/22 10:16 p.m.•7 views

CVE-2026-41075

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing th...

8.8CVSS0.00032EPSS

UbuntuCve•added 2026/05/22 10:16 p.m.•5 views

CVE-2026-41074

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery CSRF vulnerability. An attacker who can induce a logged-in RT user to visit a malicious web page can trigger arbitrary state-changing actions in RT on that...

Vulnrichment•added 2026/05/22 9:36 p.m.•4 views

CVE-2026-41076 RT: LDAP authentication bypass via empty password

8.1CVSS5.7AI score0.0007EPSS

CVE•added 2026/05/22 9:36 p.m.•25 views

CVE-2026-41076

RT authentication bypass via LDAP affects versions 5.0.9 and earlier and 6.0.0–6.0.2, where certain LDAP configurations allow login as any LDAP-backed RT user without valid credentials. The issue is fixed in RT 5.0.10 and 6.0.3. Recommended remediation: upgrade to the fixed versions; if upgrading...

8.1CVSS5.7AI score0.0007EPSS

Cvelist•added 2026/05/22 9:17 p.m.•6 views

CVE-2026-41075 RT: SQL injection via entry_aggregator parameter in JSON search

8.8CVSS0.00032EPSS

ATTACKERKB•added 2026/05/22 9:17 p.m.•6 views

CVE-2026-41075

8.8CVSS5.8AI score0.00032EPSS

Exploits0References4Affected Software1

CVE•added 2026/05/22 9:12 p.m.•17 views

CVE-2026-41074

CVE-2026-41074 affects RT (Resource Tracker) versions 6.0.0–6.0.2, where a Cross-Site Request Forgery (CSRF) vulnerability exists. An attacker who lures a logged-in RT user to visit a malicious page can trigger arbitrary state-changing actions in RT on that user’s behalf. The issue is fixed in RT...

Vulnrichment•added 2026/05/22 9:12 p.m.•5 views

CVE-2026-41074 RT has broken CSRF protection for authenticated users

ATTACKERKB•added 2026/05/22 9:12 p.m.•5 views

CVE-2026-41074

Exploits0References3Affected Software1

Cvelist•added 2026/05/22 9:12 p.m.•7 views

CVE-2026-41074 RT has broken CSRF protection for authenticated users

7.1CVSS0.00016EPSS

CVE•added 2026/05/22 9:10 p.m.•96 views

CVE-2026-41073

CVE-2026-41073 affects RT (open source issue/IT ticket tracker). Versions older than 5.0.10 and 6.0.0–6.0.2 write user-controlled data into spreadsheet exports without sanitization, allowing CSV/formula injection when opened in spreadsheet apps. The underlying issue is that exported outputs may b...

4.6CVSS5.7AI score0.00029EPSS

Positive Technologies•added 2026/05/22 12:0 a.m.•7 views

PT-2026-42835

Name of the Vulnerable Software and Affected Versions RT versions prior to 5.0.10 RT versions 6.0.0 through 6.0.2 Description User-controlled data in spreadsheet exports is not sanitized before being written to the output file. This allows spreadsheet applications to interpret crafted values as...

4.6CVSS5.8AI score0.00029EPSS

Exploits0References4

CNNVD•added 2026/05/22 12:0 a.m.•4 views

Request Tracker 授权问题漏洞

Request Tracker is a problem and ticket tracking system developed by Request Tracker Inc. Versions of Request Tracker from 5.0.9 and earlier, as well as versions 6.0.0 to 6.0.2, have a permission issue vulnerability. This vulnerability stems from an authentication bypass in RT installations that...

8.1CVSS5.8AI score0.0007EPSS

CNNVD•added 2026/05/22 12:0 a.m.•4 views

Request Tracker SQL注入漏洞

Request Tracker is a problem and ticket tracking system developed by Request Tracker Inc. Versions 5.0.0 to 5.0.9, as well as 6.0.0 to 6.0.2, have a SQL injection vulnerability. This vulnerability arises from SQL injections, allowing authenticated users to construct inputs and merge them into...

8.8CVSS5.9AI score0.00032EPSS

CNNVD•added 2026/05/22 12:0 a.m.•4 views

Request Tracker 跨站请求伪造漏洞

Request Tracker is a problem and ticket tracking system developed by Request Tracker Inc. Versions 6.0.0 to 6.0.2 of Request Tracker contain a cross-site request forgeing vulnerability. This vulnerability arises from cross-site request forgery, allowing attackers to induce logged-in users to acce...

CNNVD•added 2026/05/22 12:0 a.m.•5 views

Request Tracker 安全漏洞

Request Tracker is a problem and ticket tracking system developed by Request Tracker Inc. Versions prior to Request Tracker 5.0.10, as well as versions 6.0.0 to 6.0.2, contained security vulnerabilities. These vulnerabilities stemmed from the fact that data controlled by users during spreadsheet...

4.6CVSS5.8AI score0.00029EPSS

Tenable Nessus•added 2026/05/22 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-6841

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the Page parameter in GET requests. An attacker can craft a URL that, wh...

6.1CVSS5.9AI score0.00038EPSS