CVE-2025-31501

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink...

Best Practical RT 跨站脚本漏洞

Best Practical RT is a request tracker from Best Practical, Inc. A cross-site scripting vulnerability exists in Best Practical RT versions 5.0 through 5.0.7, which stems from the injection of JavaScript into an asset name and could lead to cross-site scripting...

CVE-2025-31500

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name...

Best Practical RT 跨站脚本漏洞

Best Practical RT is a request tracker from Best Practical, Inc. A cross-site scripting vulnerability exists in Best Practical RT versions 4.4 through 4.4.7 and 5.0 through 5.0.7, which stems from the injection of specially crafted parameters in the search URL that could lead to cross-site...

Penetration Testing for System Security: Methods and Practical Approaches

Penetration testing refers to the process of simulating hacker attacks to evaluate the security of information systems . This study aims not only to clarify the theoretical foundations of penetration testing but also to explain and demonstrate the complete testing process, including how network...

CVE-2023-41259

Best Practical Request Tracker RT before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call...

CVE-2022-25803

Best Practical Request Tracker RT before 5.0.3 has an Open Redirect via a ticket search...

CVE-2011-5093

Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than...

CVE-2025-2545

Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES 3DES cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could...

CVE-2025-2545

Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES 3DES cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could...

CVE-2025-2545 Deprecated 3DES cryptographic algorithm used by Request Tracker in emails encrypted with S/MIME

Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES 3DES cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could...

Best Practical Solutions Request Tracker 加密问题漏洞

Best Practical Solutions Request Tracker is an open source, enterprise-grade work order tracking system for customer service, IT service management and business process tracking from Best Practical Solutions. An encryption issue vulnerability exists in Best Practical Solutions Request Tracker...

​​Explore practical best practices to secure your data with Microsoft Purview​​

According to the Microsoft 2024 Data Security Index, organizations experience an average of 156 data security incidents annually, and this cyberthreat continues to be a top concern for data security decision-makers.1 A full 82% of security decision-makers believe a comprehensive, fully integrated...

Revisiting Data Auditing in Large Vision-Language Models

With the surge of large language models LLMs, Large Vision-Language Models VLMs--which integrate vision encoders with LLMs for accurate visual grounding--have shown great potential in tasks like generalist agents and robotic control. However, VLMs are typically trained on massive web-scraped...

Resource Reduction in Multiparty Quantum Secret Sharing of Both Classical and Quantum Information under Noisy Scenario

Quantum secret sharing QSS enables secure distribution of information among multiple parties but remains vulnerable to noise. We analyze the effects of bit-flip, phase-flip, and amplitude damping noise on the multiparty QSS for classical message QSSCM and secret sharing of quantum information SSQ...

Fresh Faces Join the Take Command 2025 Lineup

Take Command 2025 is bringing together some of the sharpest minds in cybersecurity to tackle today’s most urgent challenges. From attacker methodologies and AI-driven security to MDR, red teaming, and exposure management, this year’s virtual event will provide security professionals with practica...

AI in Cybersecurity: What's Effective and What's Not – Insights from 200 Experts

Curious about the buzz around AI in cybersecurity? Wonder if it's just a shiny new toy in the tech world or a serious game changer? Let's unpack this together in a not-to-be-missed webinar that goes beyond the hype to explore the real impact of AI on cybersecurity. Join Ravid Circus , a seasoned...

The vCISO Academy: Transforming MSPs and MSSPs into Cybersecurity Powerhouses

We've all heard a million times: growing demand for robust cybersecurity in the face of rising cyber threats is undeniable. Globally small and medium-sized businesses SMBs are increasingly targeted by cyberattacks but often lack the resources for full-time Chief Information Security Officers CISO...

7 Rapid Questions on our Belfast Placement Programme: Orla Magee and Paddy McDermott

Ever wonder what it’s like to be an intern at Rapid7 in Belfast? Software Engineers Orla Magee and Paddy McDermott share what the interview process looked like for them, along with impactful projects and advice for others exploring Rapid7’s Placement Programme. What was the interview process like...

CVE-2024-43485

A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service. Mitigation Red Hat has investigated whether a possible mitigation exists for this...