Vulnerabilidades en bestpractical
8 resultadosCVE-2026-41076HIGHRT: LDAP authentication bypass via empty passwordEPSS 0.4%CVE-2026-41075HIGHRT: SQL injection via entry_aggregator parameter in JSON searchEPSS 0.3%CVE-2025-30087HIGHBest Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.EPSS 0.3%CVE-2025-31501HIGHBest Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.EPSS 0.2%CVE-2025-31500HIGHBest Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.EPSS 0.2%CVE-2025-61873LOWBest Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.EPSS 0.2%CVE-2026-41073MEDIUMRT: Spreadsheet downloads vulnerable to CSV/formula injection in Microsoft Excel and similar appsEPSS 0.2%CVE-2026-41074HIGHRT has broken CSRF protection for authenticated usersEPSS 0.1%