bestpractical
Enterprise Softwarecommercial
Latest CVEs
The 15 most recently published vulnerabilities affecting bestpractical.
- CVE-2026-41076RT: LDAP authentication bypass via empty password8.1
- CVE-2026-41075RT: SQL injection via entry_aggregator parameter in JSON search8.8
- CVE-2026-41074RT has broken CSRF protection for authenticated users7.1
- CVE-2026-41073RT: Spreadsheet downloads vulnerable to CSV/formula injection in Microsoft Excel and similar apps4.6
- CVE-2026-6841Reflected XSS in Request Tracker6.1
- CVE-2025-61873Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.2.6
- CVE-2025-31501Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.7.2
- CVE-2025-31500Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.7.2
- CVE-2025-30087Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.7.2
- CVE-2023-45024Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.7.5
- CVE-2023-41260Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.7.5
- CVE-2023-41259Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.7.5
- CVE-2022-25803Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.6.1
- CVE-2022-25802Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.6.1
- CVE-2022-25801Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools.9.1