What is the official website of Amazon Careers ?

The official website of Amazon Careers is https://amazon.jobs/en/?cmpid=EP_LIAA200070B.

What is Amazon Careers's cybersecurity risk score?

Amazon Careers has an AI-generated cybersecurity risk score of 767 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has Amazon Careers experienced?

According to Rankiteo, Amazon Careers currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Amazon Careers been affected by any supply chain cyber incidents ?

According to Rankiteo, Amazon Careers has been affected by multiple supply chain cyber incidents. The affected supply chain sources and their corresponding incident IDs are: npm, Inc. (Incident ID: ELAGITAMAOPENPM1780050263) Socket (Incident ID: AWSSOC1778833973) Braintrust (Incident ID: AMAUSE1778092688) Amazon Web Services (AWS) (Incident ID: LIMAMA1777312775) Vercel (Incident ID: AMAVERGITSTR1775204764) Amazon Web Services (AWS) (Incident ID: AMASTA1775118743) Aqua Security (Incident ID: AQUUSEAMASALCIS1775046662) Amazon Web Services (AWS) (Incident ID: EUR1774635987) Amazon Web Services (AWS) (Incident ID: SALAMAMICPINRED1774269319) NPM (Incident ID: GOOAMANPMGIT1773319158) Amazon Web Services (AWS) (Incident ID: RELLEX1772562253) Amazon Web Services (AWS) (Incident ID: EUR1774628727) Amazon (Incident ID: AMAAPPMIC1770935300) ConnectWise (Incident ID: SMASIMCONAMADAT1775551328) Cisco (Incident ID: CISSAI1773859283) Amazon (Incident ID: LASAMA1769009064) LinkedIn (Incident ID: LINAWS1766995316) Microsoft Security (Incident ID: AMAORAMIC1770695748) Amazon Web Services (AWS) (Incident ID: AMAAWS1770152164) Cisco (Incident ID: SAL5732257091825) Wiz (Incident ID: AMAWIZ1768515615) NPM (Incident ID: GOONPMORGGOVAPPMETTHEAWSTIKK7-1773672350) Fortinet (Incident ID: FORCISAMAJPM1767748297)

Does Amazon Careers have SOC 2 Type 1 certification ?

According to Rankiteo, Amazon Careers is not certified under SOC 2 Type 1.

Does Amazon Careers have SOC 2 Type 2 certification ?

According to Rankiteo, Amazon Careers does not hold a SOC 2 Type 2 certification.

Does Amazon Careers comply with GDPR ?

According to Rankiteo, Amazon Careers is not listed as GDPR compliant.

Does Amazon Careers have PCI DSS certification ?

According to Rankiteo, Amazon Careers does not currently maintain PCI DSS compliance.

Does Amazon Careers comply with HIPAA ?

According to Rankiteo, Amazon Careers is not compliant with HIPAA regulations.

Does Amazon Careers have ISO 27001 certification ?

According to Rankiteo,Amazon Careers is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Amazon Careers operate in ?

Amazon Careers operates primarily in the Software Development industry.

How many employees does Amazon Careers have ?

Amazon Careers employs approximately None employees people worldwide.

Does Amazon Careers own any subsidiaries ?

Amazon Careers presently has no subsidiaries across any sectors.

How many LinkedIn followers does Amazon Careers have ?

Amazon Careers's official LinkedIn profile has approximately 96,493 followers.

What is the NAICS classification code for Amazon Careers ?

Amazon Careers is classified under the NAICS code 5112, which corresponds to Software Publishers.

Does Amazon Careers have a Crunchbase profile ?

No, Amazon Careers does not have a profile on Crunchbase.

Does Amazon Careers have a LinkedIn profile ?

Yes, Amazon Careers maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/amazon-careers.

How many cybersecurity incidents has Amazon Careers experienced ?

As of June 14, 2026, Rankiteo reports that Amazon Careers has experienced 61 cybersecurity incidents.

How many peer or competitor companies does Amazon Careers have ?

Amazon Careers has an estimated 30,071 peer or competitor companies worldwide.

What types of cybersecurity incidents has Amazon Careers faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability, Ransomware, Cyber Attack, Breach and Data Leak.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

Amazon Careers

Boost Score +25 with badge (5 left)

767

/1000

Fair

792

/1000

Fair

Amazon Careers Vendor Cyber Rating & Cyber Score

amazon.jobs

Add Your Compliance Badge

There’s more to a great career than just the work, especially at Amazon. Amazon Careers is your go-to page for exploring what’s possible with a career at Amazon. This is your place to get expert career advice, explore employee success stories, get updates on new projects, and explore how our inclusive culture empowers all of our people to make a real-world impact.

Amazon Careers A.I CyberSecurity Scoring

Scoring History

Amazon Careers

Amazon Careers CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Amazon Web Services...

Cyber Attack

100

6/2026

GOOAMA178116664...

Amazon Web Services...

Cyber Attack

5/2026

npm, Inc.

ELAGITAMAOPENPM...

Amazon Science

Vulnerability

5/2026

OPEANTAMAXAI177...

AWS for Healthcare ...

Cyber Attack

5/2026

Socket

AWSSOC177883397...

Amazon Science

Breach

5/2026

Braintrust

AMAUSE177809268...

Amazon Web Services...

Cyber Attack

4/2026

Amazon Web Serv...

LIMAMA177731277...

Amazon

Cyber Attack

4/2026

ELFTEMCOUGRUAMA...

Amazon Web Services...

Cyber Attack

4/2026

Vercel

AMAVERGITSTR177...

Amazon Web Services...

Vulnerability

100

4/2026

Amazon Web Serv...

AMASTA177511874...

AWS Partners

Vulnerability

4/2026

AWSGITSTR177516...

Amazon Web Services...

Vulnerability

100

4/2026

Aqua Security

AQUUSEAMASALCIS...

Amazon Web Services...

Cyber Attack

3/2026

Amazon Web Serv...

EUR1774635987

Amazon Web Services...

Vulnerability

100

3/2026

Amazon Web Serv...

SALAMAMICPINRED...

Amazon Web Services...

Vulnerability

3/2026

AMA1773707045

Amazon Web Services...

Cyber Attack

3/2026

NPM

GOOAMANPMGIT177...

Amazon Web Services...

Vulnerability

3/2026

AMA1772792723

Amazon Web Services...

Cyber Attack

100

3/2026

AMA1772678135

Amazon Web Services...

Breach

100

3/2026

Amazon Web Serv...

RELLEX177256225...

Amazon

Cyber Attack

3/2026

AMA1775744757

Amazon Web Services...

Breach

3/2026

Amazon Web Serv...

EUR1774628727

Amazon

Vulnerability

100

2/2026

Amazon

AMAAPPMIC177093...

Amazon

Cyber Attack

2/2026

ConnectWise

SMASIMCONAMADAT...

Amazon

Breach

2/2026

AMA1770339008

Amazon

Cyber Attack

2/2026

AMAINSCOIGOOFLI...

Amazon

Cyber Attack

2/2026

AMA1773987972

AWS Partners

Breach

1/2026

AWSDIGOVH176978...

Amazon

Vulnerability

100

1/2026

Cisco

CISSAI177385928...

Amazon

Cyber Attack

1/2026

Amazon

LASAMA176900906...

AWS Databases & Ana...

Cyber Attack

1/2026

HUNAWS177273537...

Amazon Web Services...

Vulnerability

100

1/2026

GOOAMAOPEANT177...

AWS Partners

Cyber Attack

12/2025

LINAWS176699531...

Amazon Web Services...

Cyber Attack

100

12/2025

Microsoft Secur...

AMAORAMIC177069...

Amazon

Vulnerability

12/2025

AMAUNIGOOWAK176...

Amazon Web Services...

Cyber Attack

100

12/2025

KUBNVITENALIAMA...

Amazon Web Services...

Breach

100

11/2025

Amazon Web Serv...

AMAAWS177015216...

Amazon Web Services...

Cyber Attack

11/2025

AMA1765965358

Amazon Careers

Cyber Attack

100

10/2025

AMA023220210212...

Amazon Careers

Cyber Attack

9/2025

AMA409264009232...

AWS Partners

Cyber Attack

100

9/2025

Cisco

SAL573225709182...

Amazon Web Services...

Vulnerability

100

9/2025

Wiz

AMAWIZ176851561...

For Industries

Vulnerability

8/2025

NPM

GOONPMORGGOVAPP...

Amazon Careers

Cyber Attack

7/2025

RIN709072225

Amazon Careers

Vulnerability

6/2025

AMA505082225

Amazon Careers

Ransomware

100

5/2025

AMA503215011212...

Amazon Web Services...

Vulnerability

100

12/2024

Fortinet

FORCISAMAJPM176...

Amazon Careers

Vulnerability

8/2024

AMA000082124

Amazon Careers

Breach

7/2024

AMA000072524

Amazon Careers

Cyber Attack

100

6/2024

AMA190211910222...

Amazon Careers

Breach

09/2023

WHO04111223

Amazon Careers

Vulnerability

6/2023

AMA016210111072...

Amazon Careers

Data Leak

10/2021

TWI19174123

Amazon Web Services...

Cyber Attack

100

6/2021

AMA1768595116

Amazon Careers

Breach

100

01/2021

RIN01518622

Amazon Web Services...

Cyber Attack

100

6/2020

AMA1780793273

Amazon Careers

Data Leak

01/2020

AMA21461222

Amazon Careers

Data Leak

01/2020

RIN211261222

Amazon Careers

Data Leak

12/2019

RIN2178523

Amazon

Breach

6/2018

TIKAMA176901658...

Amazon Careers

Data Leak

02/2018

AMA350181223

Amazon Careers

Breach

3/2017

WHO631090125

Amazon Careers

Cyber Attack

01/2016

AMA0417522

Loading…

A.I.

Amazon Careers Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for Amazon Careers

Incidents vs Software Development Industry Avg (This Year)

No incidents recorded for Amazon Careers in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Amazon Careers in 2026.

Incident Types Amazon Careers vs Software Development Industry Avg (This Year)

No incidents recorded for Amazon Careers in 2026.

Incident History - Amazon Careers (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Amazon Careers Subsidiaries

Amazon Careers

Software Development

Website: https://amazon.jobs/en/?cmpid=EP_LIAA200070B

Company Size: 10,001+ employees

AmazonSoftware Development

Amazon Web Services (AWS)IT Services and IT Consulting

AWS Training & CertificationIT Services and IT Consulting

AWS AIIT Services and IT Consulting

AWS CareersIT Services and IT Consulting

AWS Machine LearningIT Services and IT Consulting

AWS Executive InsightsInformation Technology & Services

AWS Databases & AnalyticsIT Services and IT Consulting

AWS StartupsIT Services and IT Consulting

AWS Executive InsightsInformation Technology & Services

AWS EventsIT Services and IT Consulting

AWS DevelopersTechnology, Information and Internet

AWS PartnersIT Services and IT Consulting

AWS Machine LearningIT Services and IT Consulting

AWS for TelecomIT Services and IT Consulting

AWS for M&ESoftware Development

AWS for Healthcare & Life SciencesIT Services and IT Consulting

AWS for Financial ServicesIT Services and IT Consulting

AWS for Energy & UtilitiesIT Services and IT Consulting

Amazon re:MARSInformation Technology & Services

AWS for Retail and Consumer GoodsIT Services and IT Consulting

AWS ProductsTechnology, Information and Internet

Amazon Web Services Artificial Intelligence Machine LearningIT Services and IT Consulting

AWS for Aerospace & SatelliteIT Services and IT Consulting

AWS Machine LearningIT Services and IT Consulting

AWS for IndustriesIT Services and IT Consulting

AWS TVIT Services and IT Consulting

AWS On AirTechnology, Information and Internet

AWS SupportTechnology, Information and Internet

AWS for AutomotiveIT Services and IT Consulting

AWS for IndustrialIT Services and IT Consulting

Whole Foods MarketRetail

TwitchSoftware Development

Twitch AdsInternet Publishing

Amazon ScienceResearch Services

Amazon TodayTechnology, Information and Internet

Loading…

Amazon Careers Similar Companies

Walmart Global Tech

walmart.com

Walmart has a long history of transforming retail and using technology to deliver innovations that improve how the world shops and empower our 2.1 million associates. It began with Sam Walton and continues today with Global Tech associates working together to power Walmart and lead the next retail disruption. Our world-class software engineers, data scientists and engineers, cybersecurity professionals, product managers and business service professionals work with top talent on cutting-edge technologies that create unique and innovative experiences for our associates, customers and members across Walmart, Sam’s Club and Walmart International. At Walmart Global Tech, one line of code or bold idea can make life easier for hundreds of millions of people – talk about epic impact at a global scale.

Dassault Systèmes

3ds.com

Dassault Systèmes is a catalyst for human progress. Since 1981, the company has pioneered virtual worlds to improve real life for consumers, patients and citizens. With Dassault Systèmes’ 3DEXPERIENCE platform, 370,000 customers of all sizes, in all industries, can collaborate, imagine and create sustainable innovations that drive meaningful impact. For more information, visit: https://www.3ds.com

Atlassian

atlassian.com

Atlassian powers the collaboration that helps teams accomplish what would otherwise be impossible alone. From space missions and motor racing to bugs in code and IT requests, no task is too large or too small with the right team, the right tools, and the right practices. Over 300,000 global companies and 80% of the Fortune 500 rely on Atlassian’s software, like Jira, Confluence, Loom, and Trello, to help their teams work better together and deliver quality results on time. With our 300,000+ customers and team of 10,000+ Atlassians, we are building the next generation of team collaboration and productivity software. We believe the power of teams has the potential to change the world — one that is more open, authentic, and inclusive.

Instacart

cb instacart.com

Instacart, the leading grocery technology company in North America, works with grocers and retailers to transform how people shop. The company partners with more than 1,500 national, regional, and local retail banners to facilitate online shopping, delivery and pickup services from more than 85,000 stores across North America on the Instacart Marketplace. Instacart makes it possible for millions of people to get the groceries they need from the retailers they love, and for approximately 600,000 Instacart shoppers to earn by picking, packing and delivering orders on their own flexible schedule. The Instacart Platform offers retailers a suite of enterprise-grade technology products and services to power their e-commerce experiences, fulfill orders, digitize brick-and-mortar stores, provide advertising services, and glean insights. With Instacart Ads, thousands of CPG brands – from category leaders to emerging brands – partner with the company to connect directly with consumers online, right at the point of purchase. With Instacart Health, the company is providing tools to increase nutrition security, make healthy choices easier for consumers, and expand the role that food can play in improving health outcomes. For more information, visit www.instacart.com/company.

Amdocs

cb amdocs.com

Who are we? Amdocs helps those who build the future to make it amazing. With our market-leading portfolio of software products and services, we unlock our customers’ innovative potential, empowering them to provide next-generation communication and media experiences for both the individual end user and enterprise customers. Our employees around the globe are here to accelerate service providers’ migration to the cloud, enable them to differentiate in the 5G era, and digitalize and automate their operations. Listed on the NASDAQ Global Select Market, Amdocs had revenue of $5.00 billion in fiscal 2024. For more information, visit http://www.amdocs.com/ At Amdocs, our mission is to empower our employees to 'Live Amazing, Do Amazing' every day. We believe in creating a workplace where you not only excel professionally but also thrive personally. Through our culture of making a real impact, fostering growth, embracing flexibility, and building connections, we enable them to live meaningful lives while making a difference in the world.

Pitney Bowes

cb pitneybowes.com

Pitney Bowes is a technology-driven company that provides digital shipping solutions, mailing innovation, and financial services to clients around the world – including more than 90 percent of the Fortune 500. Small businesses to large enterprises, and government entities rely on Pitney Bowes to reduce the complexity of sending mail and parcels.

ByteDance

bytedance.com

ByteDance is a global incubator of platforms at the cutting edge of commerce, content, entertainment and enterprise services - over 2.5bn people interact with ByteDance products including TikTok. Creation is the core of ByteDance's purpose. Our products are built to help imaginations thrive. This is doubly true of the teams that make our innovations possible. Together, we inspire creativity and enrich life - a mission we aim towards achieving every day. At ByteDance, we create together and grow together. That's how we drive impact - for ourselves, our company, and the users we serve. We are committed to building a safe, healthy and positive online environment for all our users. We have over 110,000 employees based in more than 30 countries globally. Join us.

HubSpot

hubspot.com

HubSpot is a leading CRM platform that provides software and support to help businesses grow better. Our platform includes marketing, sales, service, and website management products that start free and scale to meet our customers’ needs at any stage of growth. Today, thousands of customers around the world use our powerful and easy-to-use tools and integrations to attract, engage, and delight customers. HubSpot's award-winning culture has been recognized by Glassdoor, Great Place to Work, Comparably, Fortune, Entrepreneur, Inc., and more. We build connections, careers, and employee growth by creating a workplace that values flexibility, autonomy, and transparency. You can learn more about our commitment to creating an inclusive and diverse workplace in the HubSpot Culture Code. HubSpot is a hybrid company with employees working fully remotely, from an office, or a mix of the two. We are headquartered in Cambridge, MA with offices in Amsterdam, Berlin, Bogota, Dublin, Ghent, London, Madrid, Paris, San Francisco, Singapore, Sydney, Tokyo and Toronto. To learn more about HubSpot, visit www.hubspot.com and to join our team, visit www.hubspot.com/careers

Siemens Digital Industries Software

siemens.com

We help organizations of all sizes digitally transform using software, hardware and services from the Siemens Xcelerator business platform. Our software and the comprehensive digital twin enable companies to optimize their design, engineering and manufacturing processes to turn today's ideas into the sustainable products of the future. From chips to entire systems, from product to process, across all industries. We help transform the everyday as part of @Siemens, To learn more, visit http://sw.siemens.com.

Loading…

NEWS

Amazon Careers CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

February 23, 2026 08:00 AM

Cybersecurity Jobs Report: 3.5 Million Unfilled Positions In 2025

Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures.

Read Article

January 28, 2026 08:00 AM

Amazon confirms 16,000 job cuts after accidental email

US technology giant Amazon has confirmed it will cut 16,000 jobs - hours after it told staff about a new round of global redundancies in an...

Read Article

December 21, 2025 08:00 AM

AI was behind over 50,000 layoffs in 2025 — here are the top firms to cite it for job cuts

Some of the world's biggest tech companies cited AI as part of their layoff and restructuring strategy in 2025.

Read Article

December 18, 2025 08:00 AM

North Korean infiltrator caught working in Amazon IT department thanks to lag — 110ms keystroke input raises red flags over true location [Updated]

A barely perceptible keystroke delay was the smoking gun that led to the uncovering of a malign imposter.

Read Article

December 07, 2025 08:00 AM

Cybersecurity Jobs in India: Top Roles and Salary Trends

Discover top cybersecurity jobs in india - security analyst, ethical hacker, cloud security and more along with pay and required skills.

Read Article

November 14, 2025 08:00 AM

Learning Sales Skills Can Make Security Professionals More Effective

Amazon Web Services VP Sara Duffer highlights the top lessons she brought back to her security role after taking part in Amazon's shadow...

Read Article

November 13, 2025 08:00 AM

Hofstra Computer Science Team Wins Amazon-Sponsored Cybersecurity Competition

The Fred DeMatteis School of Engineering and Applied Science hosted the final round of the Amazon-sponsored Capture the Flag Competition...

Read Article

November 06, 2025 08:00 AM

Hofstra Hosts Amazon-Sponsored Cybersecurity Competition

Nineteen teams from six universities competed for cash prizes in a series of high-level cybersecurity challenges, sponsored by Amazon and...

Read Article

October 28, 2025 07:00 AM

Exclusive: Amazon targets as many as 30,000 corporate job cuts, sources say

This would mark Amazon's largest job cut since late 2022, when it started to eliminate around 27000 positions.

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-12175

SUMMARY

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 4.7)

cvss2

Base Score: 5.8

Complexity: LOW

AV:N/AC:L/Au:M/C:P/I:P/A:P

cvss3

Base Score: 4.7

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 2.0

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

1.2

REFERENCES

CVE-2026-12174

SUMMARY

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 8.8)

cvss2

Base Score: 9.0

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:C/A:C

cvss3

Base Score: 8.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 7.4

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

2.8

REFERENCES

CVE-2026-12183

SUMMARY

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-287) in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 (administrator) in response to any HTTP POST request that supplies arbitrary credentials (e.g., action=dologin&login=<any_value>&pwd=<any_value>), and subsequent privileged endpoints under /php/ajax-main.php and /modules/* do not validate a server-side session. A remote unauthenticated attacker can invoke any administrative action exposed by the configuration module, including reading and modifying user rules, fuel tank gauges, fuel dispensers, relays, cash registers, bank terminals, fuel cards, price and customer displays, cash collection, and pricing rules.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 9.8)

cvss3

Base Score: 9.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 9.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

3.9

REFERENCES

CVE-2026-6428

SUMMARY

SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary data from the Koha application database via the Filter URL parameter when the Criteria parameter matches /branchcode/. The vulnerable sink in sub calculate concatenates the unmodified Filter request parameter directly into a LIKE clause of the auxiliary $strsth2 statement and executes it via DBI without bound parameters: my $f = @$filters[0]; $f =~ s/\*/%/g; $strsth2 .= " AND $column LIKE '$f' "; This enables error-based SQL injection (e.g., via EXTRACTVALUE) and full read access to sensitive tables including borrowers (password hashes, 2FA secrets, PII), borrower_password_recovery, api_keys, and sessions. Proof of concept (error-based, single request): GET /cgi-bin/koha/reports/catalogue_out.pl?do_it=1&output=screen&Limit=10&Criteria=branchcode&Filter=x'+AND+EXTRACTVALUE(1,CONCAT(0x7e,VERSION(),0x7c,USER(),0x7c,DATABASE(),0x7e))--+- Cookie: CGISESSID=<LIBRARIAN_SESSION> The response body contains the DBI exception leaking the MariaDB version, database user, client IP, and database name, after which arbitrary data can be paged out using LIMIT n,1 / SUBSTRING(...). The vulnerable sink was introduced in commit 6bb77ae3e4 (2008-07-09); CVE-2015-4633 patched the same class in sibling files but did not generalise the fix to reports/catalogue_out.pl. Fixed in Koha 22.11.38, 24.11.16, 25.05.11, 25.11.05, 26.05.01, and 26.11.00 by replacing the raw concatenation with a parameterised placeholder.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.6)

cvss2

Base Score: 7.5

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:N/A:P

cvss3

Base Score: 7.6

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

cvss4

Base Score: 5.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:X/U:Amber

Impact Score

4.7

Exploitability

2.8

REFERENCES

CVE-2026-5513

SUMMARY

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires 'Remember personal information in cookies' setting to be enabled (disabled by default).

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.2)

cvss3

Base Score: 7.2

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Impact Score

2.7

Exploitability

3.9

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…