What is the official website of Central Alliance ?

The official website of Central Alliance is http://www.central-alliance.co.uk.

What is Central Alliance's cybersecurity risk score?

Central Alliance has an AI-generated cybersecurity risk score of 751 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has Central Alliance experienced?

According to Rankiteo, Central Alliance currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Central Alliance been affected by any supply chain cyber incidents ?

According to Rankiteo, Central Alliance has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does Central Alliance have SOC 2 Type 1 certification ?

According to Rankiteo, Central Alliance is not certified under SOC 2 Type 1.

Does Central Alliance have SOC 2 Type 2 certification ?

According to Rankiteo, Central Alliance does not hold a SOC 2 Type 2 certification.

Does Central Alliance comply with GDPR ?

According to Rankiteo, Central Alliance is not listed as GDPR compliant.

Does Central Alliance have PCI DSS certification ?

According to Rankiteo, Central Alliance does not currently maintain PCI DSS compliance.

Does Central Alliance comply with HIPAA ?

According to Rankiteo, Central Alliance is not compliant with HIPAA regulations.

Does Central Alliance have ISO 27001 certification ?

According to Rankiteo,Central Alliance is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Central Alliance operate in ?

Central Alliance operates primarily in the Construction industry.

How many employees does Central Alliance have ?

Central Alliance employs approximately 99 people worldwide.

Does Central Alliance own any subsidiaries ?

Central Alliance presently has no subsidiaries across any sectors.

How many LinkedIn followers does Central Alliance have ?

Central Alliance's official LinkedIn profile has approximately 3,381 followers.

What is the NAICS classification code for Central Alliance ?

Central Alliance is classified under the NAICS code 23, which corresponds to Construction.

Does Central Alliance have a Crunchbase profile ?

No, Central Alliance does not have a profile on Crunchbase.

Does Central Alliance have a LinkedIn profile ?

Yes, Central Alliance maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/central-alliance.

How many cybersecurity incidents has Central Alliance experienced ?

As of June 16, 2026, Rankiteo reports that Central Alliance has experienced 1 cybersecurity incidents.

How many peer or competitor companies does Central Alliance have ?

Central Alliance has an estimated 39,752 peer or competitor companies worldwide.

What types of cybersecurity incidents has Central Alliance faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

Central Alliance

Boost Score +25 with badge (5 left)

751

/1000

Fair

776

/1000

Fair

Central Alliance Vendor Cyber Rating & Cyber Score

central-alliance.co.uk

Add Your Compliance Badge

Central Alliance helps organisations to realise the power of integrated pre-construction services. Through experienced people who understand the importance of precise site information, we ensure you are fully informed and able to move things forward into a successful construction phase. Offering everything from surveying, training, vegetation clearance, to health and safety and recruitment solutions, Central Alliance provides you with the intelligence to transform your projects.

Central Alliance A.I CyberSecurity Scoring

Scoring History

Central Alliance

Central Alliance CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Central Alliance

Cyber Attack

10/2025

JEN273212710242...

Loading…

A.I.

Central Alliance Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for Central Alliance

Incidents vs Construction Industry Avg (This Year)

No incidents recorded for Central Alliance in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Central Alliance in 2026.

Incident Types Central Alliance vs Construction Industry Avg (This Year)

No incidents recorded for Central Alliance in 2026.

Incident History - Central Alliance (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Central Alliance Subsidiaries

Central Alliance

Construction

Website: http://www.central-alliance.co.uk

Company Size: 99

124

RSK GroupEnvironmental Services

BinniesCivil Engineering

Binnies DCWWCivil Engineering

ADASEnvironmental Services

RSK Habitat ManagementEnvironmental Services

ADAS ArboricultureEnvironmental Services

FarmPEPFarming

MWH TreatmentConstruction

CANCivil Engineering

Copper ConsultancyPublic Relations and Communications Services

RSK AfricaEnvironmental Services

RSK Middle EastEnvironmental Services

RSK GeosciencesEnvironmental Services

RSK Geophysics and SafegroundEnvironmental Services

RSK GeospatialSurveying and Mapping Services

Carbon Zero ConsultingServices for Renewable Energy

CS2 Chartered SurveyorsConstruction

Nature PositiveEnvironmental Services

CAN RenewablesServices for Renewable Energy

Cambridge Environmental Assessments, part of RSK ADAS LtdChemical Manufacturing

RSK EnvironmentEnvironmental Services

Absolute Solar and Wind LtdRenewable Energy Semiconductor Manufacturing

Envireau WaterEnvironmental Services

Spencer Quantum LtdConstruction

Proeon Systems Ltd.Automation Machinery Manufacturing

The Woodhouse Partnership Ltd (TWPL)Business Consulting and Services

Woodhouse AustralasiaBusiness Consulting and Services

CX Utilities Ltd (An RSK Company)Utilities

EDP Consultants AustraliaEnvironmental Services

Stephenson HallidayEnvironmental Services

cbec eco-engineering UK & EuropeEnvironmental Services

C J Associates Geotechnical LtdConstruction

RSK WildingEnvironmental Services

Salix River and WetlandEnvironmental Services

Richard Irvin FM LimitedFacilities Services

ADAS LandscapeArchitecture and Planning

RSK APACEnvironmental Services

WatertrainEducation

Silcock Leedham Group LimitedConstruction

HydrofixServices for Renewable Energy

RSK ResponseEnvironmental Services

W Crowder & Sons LtdWholesale

Up and UnderCivil Engineering

Pharos Generator Services LimitedMechanical Or Industrial Engineering

RSK AcousticsArchitecture and Planning

RSK AsbestosEnvironmental Services

RSK BENELUX BVEnvironmental Services

RSK EnvironnementBusiness Consulting and Services

Calibrate Energy LtdRenewable Energy Semiconductor Manufacturing

MG Scaffolding LtdConstruction

RSK NetherlandsEnvironmental Services

Ian Farmer Associates (1998) LimitedCivil Engineering

HI-LINEEnvironmental Services

Aurora Health Physics Services LtdEnvironmental Services

RSK EcologyEnvironmental Services

CR Civil EngineeringCivil Engineering

Nicholas O'Dwyer LtdEnvironmental Services

Civil Engineering InternationalCivil Engineering

Amphos 21Environmental Services

WRc GroupResearch Services

Structural SoilsCivil Engineering

WGM Engineering LtdEngineering Services

AxisOil and Gas

Headland Archaeology (UK) LtdEnvironmental Services

PellingsConstruction

Centara Ltd - Surveying, Engineering and CADUtilities

EcologiaEnvironmental Services

RSK Ireland Ltd.Environmental Services

Jennings O'Donovan & PartnersCivil Engineering

FR ConsultantsConstruction

RSK BiocensusEnvironmental Services

SCPCivil Engineering

COGNICAConstruction

Non Destructive Testing Services LtdConstruction

RoC ConsultingConstruction

EDPBusiness Consulting and Services

Southern Ecological Solutions (SES)Environmental Services

Virtus EnergyComputers and Electronics Manufacturing

1stinrailCivil Engineering

Optisol Services LtdRenewable Energy Semiconductor Manufacturing

FishtekEnvironmental Services

MilestoneConstruction

Richard Allitt Associates LtdCivil Engineering

Remote Aerial SurveysPhotography

rsim Remote SimulationsCivil Engineering

RemedX LtdEnvironmental Services

Streetwise UK Management LtdConstruction

TWIG GroupEnvironmental Services

B-Line and Easy2PlotPrinting Services

RSK LDE (Land and Development Engineering)Civil Engineering

RSK DACH-RegionEnvironmental Services

WaldramsReal Estate

Milner AssociatesConstruction

LARSEN WATER MANAGEMENT LTDUtilities

Leap EnvironmentalEnvironmental Services

RSK AustraliaEnvironmental Services

ADAS PlanningArchitecture and Planning

RSK International Projects GroupEnvironmental Services

Advantage RSKAlternative Dispute Resolution

Acies Civil and Structural LtdCivil Engineering

RSK CreativeDesign Services

Minerex Environmental Ltd.Environmental Services

Smith + Kennedy ArchitectsArchitecture and Planning

ADEV ENVIRONNEMENTEnvironmental Services

ATV Contract Services LtdEnvironmental Services

RGM Environmental, Science and Technical support servicesEnvironmental Services

Travis BakerCivil Engineering

RSK Consents SolutionsUtilities

Kirton Water Treatment ServicesUtilities

RSK RadiologicalEnvironmental Services

Brown & May Marine LtdFisheries

GeocoreCivil Engineering

RSK IWS Integrated Waste Solutions LtdUtilities

Dermot Casey Tree Care Ltd.Consumer Services

ATP Architects & Building SurveyorsArchitecture and Planning

Treefellers LtdEnvironmental Services

Hawkins Electrical LtdAppliances, Electrical, and Electronics Manufacturing

Technik GSConstruction

Enviroflow Management LimitedUtilities

EDP Singapore PTEBusiness Consulting and Services

Homer Burgess LtdIndustrial Machinery Manufacturing

The MSS GroupEnvironmental Services

BMG ResearchMarket Research

Inis Environmental Consultants Ltd.Environmental Services

Loading…

Central Alliance Similar Companies

COLAS

allinks.click

Colas, a subsidiary of the Bouygues Group, is a major player in the construction and maintenance of transportation infrastructure and urban development. Colas covers the entire value chain: from industrial production to service offerings, including construction work. Thanks to its local presence in some fifty countries on five continents 🌍, Colas achieved a consolidated revenue of €15.9 billion in 2024, 59% of which is outside France. With its 64,000 employees 👷‍♀️👷‍♂️, a network of 2,000 operating units comprising 3,500 production units, and nearly 45,000 projects per year, Colas is the trusted partner of its customers. Colas maintains its pioneering, innovative and responsible spirit to connect people and foster the sustainable development of territories 🚀 ♻. Colas shares the four founding values of the Bouygues Group, which form the basis of its corporate culture and the way it operates on a daily basis: • Respect: treat others how you would like to be treated. • Commitment: for us, commitment is about giving your heart and soul. • Pioneering: bold innovation, not blind ambition. • Sharing: at Bouygues, knowledge and experience are meant to be passed on. At Colas, it’s our people who drive our company forward. We strive to develop talent, and we give those who join the company the opportunity to reach their full potential throughout their careers. Because, when you join Colas, we hope you’ll make a career here.

STRABAG

cb strabag.com

At STRABAG around 86,000 people working on progress at more than 2,400 locations worldwide. Uniqueness and individual strengths characterise both our projects and each of us as individuals. Whether its building construction, civil engineering, road construction, underground engineering, bridge building, tunnelling, construction material production, project development or building management – we are always one step ahead so that we can become the most innovative and sustainable construction technology company in Europe. Diversity, inclusion and equal opportunities are integral to this, who we are as a company and how we work. Together we work as partners to complete projects successfully and grow with new challenges. Together we achieve great things. Let’s progress!

NCC Limited

ncclimited.com

Across decades, across disciplines, NCC Ltd has dedicated itself to building infrastructure of uncompromising standards. Infrastructure that is a constant reminder of the Company’s holistic construction expertise, which in turn is the result of relentless innovation and sheer dedication. Today, NCC Ltd plays a visible role on the national infrastructure stage, leaving its signature mark of quality in several key growth areas. NCC Ltd was founded in 1978 as a partnership firm by Padma Sri Awardee Dr. AVS Raju (Founder and Chairman Emeritus). NCC became a limited company in 1990, and was listed on National Stock Exchange in 1992. The Company today stands number two among listed construction companies in India with a consolidated annual turnover of Rs 15,701 crore and an order book of Rs 50,244 crore as of 31 March 2023. The company has a well diversified business portfolio with a foothold in every segment of the construction sector with the following Business Verticals: Buildings/ Transportation/ Electrical (T&D)/ Water & Environment / Irrigation / Railways / Mining. NCC Ltd enjoys the reputation of completing projects on time without compromising on quality and has won several awards and accolades recently including the 3rd Fastest Growing Construction Company in India, the top challenger award, and Build India Infra award, among others. NCC Ltd have been accredited with ISO 9001:2015, 14001:2015 and 45001:2018 certification for all fields of Civil Engineering Works including Design, Development & Construction of Industrial Structures, Residential & Industrial Buildings and Execution of Infrastructure Projects for Highways and Airports.

Skanska

skanska.com

Skanska Group uses knowledge & foresight to shape the way people live, work, and connect. More than 138 years in the making, we’re one of the world’s largest development and construction companies, with 2024 revenue totaling SEK 177 billion. We operate in select markets throughout the Nordics, Europe and the United States. Together with our customers and the collective expertise of our 26,300 + teammates, we create innovative and sustainable solutions that support healthy living beyond our lifetime. Founded in Sweden in 1887 as a maker of concrete, we were driven by a dual purpose: to innovate and build what’s good for people and society. Today we develop, design and build everything from healthy and green office buildings to smart homes and infrastructure. We partner to innovate, and we continue to hold our founding values at the heart of everything we do. Skanska Linkedin Page House Rules We welcome and encourage participation. However, there are some rules we ask everyone to follow in order to maintain a friendly and respectful community. We will remove any posted content that is not aligned with Skanska's values and Code of Conduct, including: Text, images or video containing profanity, sexually graphic or offensive language, spam, illegal content – laws that govern the use of copyrights, trade secrets, etc. will be followed.

Bechtel Corporation

cb bechtel.com

Bechtel is a trusted engineering, construction and project management partner to industry and government. Differentiated by the quality of our people and our relentless drive to deliver the most successful outcomes, we align our capabilities to our customers’ objectives to create a lasting positive impact. Since 1898, we have helped customers complete more than 25,000 projects in 160 countries on all seven continents that have created jobs, grown economies, improved the resiliency of the world's infrastructure, increased access to energy, resources, and vital services, and made the world a safer, cleaner place. Bechtel serves the Energy; Infrastructure; Manufacturing & Technology; Mining & Metals; and Nuclear, Security & Environmental markets. Our services span from initial planning and investment, through start-up and operations. Bechtel has received reports about individuals receiving fraudulent job confirmations and requests for interviews, offers, or solicitations for training via letters, emails, social postings, phone calls, instant messages (including Whatsapp) and texts. If you receive unsolicited job or interview offers or are unsure if the offer you received is fraudulent, contact Bechtel at [email protected]. Please forward the email, phone number, and any other documentation you received.

Burns & McDonnell

burnsmcd.com

At Burns & McDonnell, our engineers, construction professionals, architects, planners, technologists and scientists do more than plan, design and construct. With a mission unchanged since 1898 — make our clients successful — we partner with you on the toughest challenges, constantly working to make the world an amazing place. Each professional brings an ownership mentality to projects at our 100% employee-owned firm, which has safety performance among the top 5% of AEC firms. As dedicated owners, we work through challenges until they’re resolved, meeting or exceeding our clients’ goals. We apply this commitment to our communities, too. We live and work in the same cities you call home, so we share a passion to keep them strong and healthy. From fundraising events and community cleanups to educational outreach and mentorship — especially when it comes to sharing our passion for STEM — our professionals work to make our communities thrive.

Andrade Gutierrez S.A.

andradegutierrez.com.br

Fundada em Belo Horizonte, Minas Gerais, a Andrade Gutierrez tem reconhecida expertise no segmento de construção pesada. Na década de 1990 iniciou a diversificação dos negócios com investimentos nas áreas de Concessões e Telecomunicações. Hoje o Grupo Andrade Gutierrez é um dos maiores conglomerados de infraestrutura na América Latina e acumula projetos realizados em mais de 40 países. Participa como investidora em empresas como Oi e Contax (AG Telecom), CCR, Sanepar, e Cemig (AG Investimentos). AG Jovem: www.agjovem.com.br Facebook: https://www.facebook.com/AndradeGutierrezSA Twitter: https://twitter.com/Grupo_AG Youtube: http://www.youtube.com/user/AndradeGutierrez

Kiewit

kiewit.com

At Kiewit, the projects we deliver make a difference, and we offer opportunities for you to make one, too. Our construction and engineering professionals work on some of the industry’s most complex, challenging and rewarding projects – whether it’s boring tunnels through mountains, turning rivers into energy, or building bridges that connect communities. Kiewit people tackle important projects of every size, in any market. Start your Kiewit adventure today at kiewitjobs.com. Kiewit is one of North America’s largest and most respected construction and engineering organizations. With its roots dating back to 1884, the employee-owned organization operates through a network of subsidiaries in the United States, Canada, and Mexico. Kiewit offers construction and engineering services in a variety of markets including transportation; oil, gas and chemical; power; building; marine; water/wastewater; industrial; and mining. We are an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

PCL Construction

pcl.com

PCL is a group of independent construction companies that carries out work across Canada, the United States, the Caribbean, and in Australia. These diverse operations in the civil infrastructure, heavy industrial, and buildings markets are supported by a strategic presence in 31 major centers. PCL is 100% employee-owned. Watch us build at www.pcl.com

Loading…

NEWS

Central Alliance CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

February 26, 2026 08:00 AM

ERPsim Competition

Imagine an immersive business simulation game where the prize is an on-the-spot job offer at a major company. That's your reality in our...

Read Article

January 21, 2026 08:00 AM

Maine health system confirms data breach impacted 145K as civil litigation moves forward

The cyberattack on Central Maine Healthcare happened in summer 2025, but the investigation was complicated by the hackers having access to...

Read Article

November 19, 2025 08:00 AM

NIST Says Risk Management is Central to Generative AI Adoption

Agencies must prioritize a "risk-aware culture" and use the AI Risk Management Framework to deploy the tech effectively amid growing...

Read Article

November 10, 2025 08:00 AM

Why Backup and Recovery Are Now Central to Every MSP’s Ransomware Strategy

With ransomware surging in 2025, prevention alone no longer cuts it. MSPs must plan for compromise and make recovery the core of their...

Read Article

November 06, 2025 08:00 AM

Why is Trump hosting Central Asian leaders; are Russia, China his targets?

US President Donald Trump to meet leaders from five Central Asian countries in Washington for 10th meeting of C5+1.

Read Article

November 06, 2025 08:00 AM

A Cyber Wall for the Caribbean

Government websites have been hacked, online exploitation of children has infiltrated schools and the increasing use of crypto currencies to...

Read Article

October 28, 2025 02:16 AM

Edward H. Block, Senior Counsel, Cybersecurity, Privacy & Data Protection

Edward H. Block, Senior Counsel at Akin in Dallas, advises startups and global technology companies on cybersecurity, data privacy, information security,...

Read Article

October 20, 2025 07:00 AM

Around $1 Million Stolen From New York’s Voorheesville Central School District in ‘Cyber-Fraud Incident’

Around $1 million has been stolen from the Voorheesville Central School District's construction fund in a cyber-fraud attack.

Read Article

October 17, 2025 07:00 AM

AI learners win prizes, gain skills in NCW Tech Alliance contest

MOSES LAKE — The North Central Washington Tech Alliance Skill-a-Thon has ended, and four Grant County residents are among the winners.

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-53430

SUMMARY

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.ex and program routines 'Elixir.GRPC.Compressor.Gzip':decompress/1, 'Elixir.GRPC.Message':from_data/2. 'Elixir.GRPC.Compressor.Gzip':decompress/1 calls :zlib.gunzip/1 directly on attacker-controlled bytes with no decompressed-size limit, ratio check, or incremental decoding. Because this module is the registered gzip GRPC.Compressor implementation, it is invoked automatically whenever an incoming gRPC frame carries the grpc-encoding: gzip header. :zlib.gunzip/1 allocates the entire decompressed result as a single binary, so a small highly compressible payload (for example a few kilobytes of zeros, which gzip compresses at roughly 1000:1) expands to multiple gigabytes inside a single call. The max_receive_message_length limit is enforced only against the already-decompressed message, so it provides no protection. An unauthenticated remote peer can send a single crafted frame to exhaust the BEAM node's heap and trigger an out-of-memory kill. This issue affects grpc: from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48854

SUMMARY

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_full_body/3 (lib/grpc/server/adapters/cowboy/handler.ex) accumulates every received chunk into a single growing binary with no size cap. Additionally, when the client omits the grpc-timeout header, the per-chunk read timeout resolves to :infinity, allowing a slow-trickle client to keep the connection alive indefinitely while memory grows. A single connection is sufficient to exhaust server memory and crash the node. This issue affects grpc from 0.3.1 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48853

SUMMARY

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code execution on the server. 'Elixir.GRPC.Codec.Erlpack':decode/2 (lib/grpc/codec/erlpack.ex) calls :erlang.binary_to_term/1 on the raw gRPC message body without the :safe option, no size bound, and no type guard. Any unauthenticated peer that sends a request with Content-Type: application/grpc+erlpack can send a crafted payload that mints arbitrary new atoms (which are never garbage-collected, exhausting the bounded atom table and crashing the VM) or that encodes a fun term which, if applied anywhere downstream, executes attacker-controlled code inside the server process. This issue affects grpc from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 9.2

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48723

SUMMARY

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a shell command by interpolating the user-controlled cypress_config_filepath value into a template literal, then executes it via child_process.execSync(). Shell metacharacters in the config path (specifically " and ;) allow breaking out of the quoted argument and injecting arbitrary commands. This issue has been fixed in version 1.36.6.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: 7.8)

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-48599

SUMMARY

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In 'Elixir.GRPC.Server.Transcode':map_request/5 (lib/grpc/server/transcode.ex), all three clauses use Map.merge/2 with path bindings as the first argument, giving them the lowest merge precedence. A request such as GET /users/me/profile?user_id=victim (or a POST with {"user_id": "victim"} when body: "*") yields a decoded protobuf struct where the path-bound field carries the attacker-supplied value rather than the router-extracted value. Any handler that uses the path-bound field for authorization, multi-tenancy scoping, or ownership checks is silently bypassed. This issue affects grpc from 0.8.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 7.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…