What is Canada Revenue Agency - Agence du revenu du Canada's cybersecurity risk score?

Canada Revenue Agency - Agence du revenu du Canada has an AI-generated cybersecurity risk score of 786 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has Canada Revenue Agency - Agence du revenu du Canada experienced?

According to Rankiteo, Canada Revenue Agency - Agence du revenu du Canada currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Canada Revenue Agency - Agence du revenu du Canada been affected by any supply chain cyber incidents ?

According to Rankiteo, Canada Revenue Agency - Agence du revenu du Canada has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does Canada Revenue Agency - Agence du revenu du Canada have SOC 2 Type 1 certification ?

According to Rankiteo, Canada Revenue Agency - Agence du revenu du Canada is not certified under SOC 2 Type 1.

Does Canada Revenue Agency - Agence du revenu du Canada have SOC 2 Type 2 certification ?

According to Rankiteo, Canada Revenue Agency - Agence du revenu du Canada does not hold a SOC 2 Type 2 certification.

Does Canada Revenue Agency - Agence du revenu du Canada comply with GDPR ?

According to Rankiteo, Canada Revenue Agency - Agence du revenu du Canada is not listed as GDPR compliant.

Does Canada Revenue Agency - Agence du revenu du Canada have PCI DSS certification ?

According to Rankiteo, Canada Revenue Agency - Agence du revenu du Canada does not currently maintain PCI DSS compliance.

Does Canada Revenue Agency - Agence du revenu du Canada comply with HIPAA ?

According to Rankiteo, Canada Revenue Agency - Agence du revenu du Canada is not compliant with HIPAA regulations.

Does Canada Revenue Agency - Agence du revenu du Canada have ISO 27001 certification ?

According to Rankiteo,Canada Revenue Agency - Agence du revenu du Canada is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Canada Revenue Agency - Agence du revenu du Canada operate in ?

Canada Revenue Agency - Agence du revenu du Canada operates primarily in the Government Administration industry.

How many employees does Canada Revenue Agency - Agence du revenu du Canada have ?

Canada Revenue Agency - Agence du revenu du Canada employs approximately 16,790 people worldwide.

Does Canada Revenue Agency - Agence du revenu du Canada own any subsidiaries ?

Canada Revenue Agency - Agence du revenu du Canada presently has no subsidiaries across any sectors.

How many LinkedIn followers does Canada Revenue Agency - Agence du revenu du Canada have ?

Canada Revenue Agency - Agence du revenu du Canada's official LinkedIn profile has approximately 618,056 followers.

What is the NAICS classification code for Canada Revenue Agency - Agence du revenu du Canada ?

Canada Revenue Agency - Agence du revenu du Canada is classified under the NAICS code 92, which corresponds to Public Administration.

Does Canada Revenue Agency - Agence du revenu du Canada have a Crunchbase profile ?

No, Canada Revenue Agency - Agence du revenu du Canada does not have a profile on Crunchbase.

Does Canada Revenue Agency - Agence du revenu du Canada have a LinkedIn profile ?

Yes, Canada Revenue Agency - Agence du revenu du Canada maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/cra-arc.

How many cybersecurity incidents has Canada Revenue Agency - Agence du revenu du Canada experienced ?

As of June 14, 2026, Rankiteo reports that Canada Revenue Agency - Agence du revenu du Canada has experienced 7 cybersecurity incidents.

How many peer or competitor companies does Canada Revenue Agency - Agence du revenu du Canada have ?

Canada Revenue Agency - Agence du revenu du Canada has an estimated 12,888 peer or competitor companies worldwide.

What types of cybersecurity incidents has Canada Revenue Agency - Agence du revenu du Canada faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Breach, Data Leak and Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

CRAADRDC

Boost Score +25 with badge (5 left)

786

/1000

Fair

811

/1000

Good

Canada Revenue Agency - Agence du revenu du Canada Vendor Cyber Rating & Cyber Score

canada.ca

Add Your Compliance Badge

Welcome to the Canada Revenue Agency’s (CRA) official LinkedIn page! 🇨🇦 We take pride in our diverse workforce, which brings a wide range of skills and perspectives to the Canada Revenue Agency, and remain committed to fostering an inclusive workplace where everyone can thrive. We’re on a mission to better serve Canadians, with the goal to be trusted, fair, and helpful by putting people first. Our dedication has earned us recognition as one of Canada's Top Employers for Young People, Canada’s Best Diversity Employers and National Capital Region’s Top Employer. Follow us for more on job opportunities, important information about benefits, credits, and all things taxes. Terms and Conditions: http://ow.ly/XpI030iPAP9 Bienvenue sur la

CRAADRDC A.I CyberSecurity Scoring

Scoring History

CRAADRDC

Canada Revenue Agency - Agence du revenu du Canada CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Canada Revenue Agen...

Breach

10/2025

TRA270222710182...

Canada Revenue Agen...

Breach

5/2025

OFF100251009182...

Canada Revenue Agen...

Breach

10/2022

CAN206221122

Government of Canad...

Cyber Attack

3/2020

GOV1766174849

Canada Revenue Agen...

Data Leak

08/2018

GOV12181122

Canada Revenue Agen...

Breach

06/2018

CAN17246822

Canada Revenue Agen...

Cyber Attack

100

06/2015

GOV192330422

Loading…

A.I.

CRAADRDC Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for CRAADRDC

Incidents vs Government Administration Industry Avg (This Year)

No incidents recorded for Canada Revenue Agency - Agence du revenu du Canada in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Canada Revenue Agency - Agence du revenu du Canada in 2026.

Incident Types CRAADRDC vs Government Administration Industry Avg (This Year)

No incidents recorded for Canada Revenue Agency - Agence du revenu du Canada in 2026.

Incident History - CRAADRDC (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Canada Revenue Agency - Agence du revenu du Canada Subsidiaries

CRAADRDC

Government Administration

Website: http://canada.ca/taxes

Company Size: 10,001+ employees

Government of CanadaGovernment Administration

Health Canada | Santé CanadaGovernment Administration

Service CanadaGovernment Administration

Statistics Canada | Statistique CanadaGovernment Administration

Canada Border Services Agency | Agence des services frontaliers du CanadaGovernment Administration

Public Health Agency of Canada | Agence de la santé publique du CanadaGovernment Administration

Public Services and Procurement Canada | Services publics et Approvisionnement CanadaGovernment Administration

PSPC Jobs | Emplois SPACGovernment Administration

Real Property Services / Services immobiliersGovernment Administration

Marine Procurement | Approvisionnement MaritimeShipbuilding

Translation Bureau | Bureau de la traductionGovernment Administration

Environment and Climate Change CanadaGovernment Administration

National Research Council Canada / Conseil national de recherches CanadaResearch Services

Finance Canada / Finances CanadaGovernment Administration

Innovation, Science and Economic Development Canada | Innovation, Sciences et Développement économique CanadaGovernment Administration

Innovative Solutions CanadaGovernment Relations Services

Canada Digital Adoption Program | Programme canadien d'adoption du numériqueGovernment Relations Services

Canadian Armed Forces | Forces armées canadiennesArmed Forces

Transport Canada - Transports CanadaGovernment Administration

Department of Justice Canada | Ministère de la Justice du CanadaGovernment Administration

Canadian Food Inspection AgencyGovernment Administration

Immigration and Refugee Board of Canada | Commission de l'immigration et du statut de réfugiéGovernment Administration

Canada Mortgage and Housing Corporation (CMHC) Société canadienne d'hypothèques et de logement(SCHL)Government Administration

Treasury Board of Canada Secretariat | Secrétariat du Conseil du Trésor du CanadaGovernment Administration

Public Safety Canada | Sécurité publique CanadaPublic Safety

Canadian Institutes of Health Research | Instituts de recherche en santé du CanadaGovernment Administration

Trade Commissioner Service | Service des délégués commerciauxInternational Trade and Development

Emploi et Développement social Canada (EDSC) / Employment and Social Development Canada (ESDC)Government Administration

Labour ProgramGovernment Administration

Programme du travailGovernment Administration

Canada 2030 AgendaGovernment Administration

Programme 2030 CanadaGovernment Administration

Natural Sciences and Engineering Research Council of Canada (NSERC)Government Administration

Federal Economic Development Agency for Southern Ontario | Agence fédérale de ...Government Administration

Office of the Privacy Commissioner of Canada/Commissariat à la protection de la vie privée du CanadaGovernment Administration

Canadian Centre for Occupational Health and SafetyGovernment Administration

Shared Services Canada | Services partagés CanadaGovernment Administration

WAGE / FEGCGovernment Administration

Veterans Affairs Canada / Anciens Combattants CanadaGovernment Administration

Canada School of Public Service | École de la fonction publique du CanadaGovernment Administration

Doing Business with the Government of Canada | Faire affaire avec le gouvernement du CanadaGovernment Administration

Canadian Armed Forces | Forces armées canadiennesArmed Forces

SSHRC-CRSHGovernment Administration

Prairies Economic Development Canada I Développement économique Canada pour les PrairiesGovernment Administration

Communications Security Establishment Canada | Centre de la sécurité des télécommunications CanadaGovernment Administration

ACOA - APECAGovernment Administration

CRTCTelecommunications

Commission de la fonction publique du Canada | Public Service Commission of CanadaGovernment Administration

Canadian Intellectual Property Office / Office de la propriété intellectuelle du CanadaGovernment Administration

Competition Bureau CanadaLaw Enforcement

Public Prosecution Service of Canada | Service des poursuites pénales du CanadaGovernment Administration

Policy Horizons Canada - Horizons de politiques CanadaGovernment Administration

Canada Economic Development for Quebec RegionsGovernment Administration

Get Cyber SafeGovernment Administration

My Source | Ma sourceGovernment Administration

Bureau de la concurrence CanadaLaw Enforcement

Inside ECCC | Ici à ECCCGovernment Administration

Régie de l’énergie du CanadaGovernment Administration

Pensez cybersécuritéGovernment Administration

Centre canadien d'hygiène et de sécurité au travail (CCHST)Government Administration

Loading…

Canada Revenue Agency - Agence du revenu du Canada Similar Companies

Gouvernement du Québec – Carrières

quebec.ca

Travailler dans la fonction publique du Québec, c'est plus qu'une carrière! Réparti(e)s dans une vingtaine de ministères et une soixantaine d'organismes à travers le Québec, tous les gestes posés par les employé(e)s de la fonction publique façonnent l’avenir de la société et contribuent à améliorer la vie des Québécoises et Québécois; nous rendons nos routes sécuritaires; nous protégeons nos richesses naturelles; nous faisons rayonner notre culture; nous améliorons nos milieux de vie; etc. Pour nous, être au service de la population, c’est bien plus qu’une carrière! Travailler dans la fonction publique québécoise permet d’œuvrer dans différentes organisations tout en maintenant ses conditions de travail. Nous adhérons aux valeurs de compétence, d’impartialité, d’intégrité, de loyauté et de respect; nous offrons de bonnes conditions de travail, de même que des milieux de travail sains et motivants, nous valorisons l’équité, la diversité et l’inclusion par notre Programme d’accès à l’égalité en emploi dont l’objectif principal est d’assurer une meilleure représentativité des groupes victimes de discrimination en emploi, nous favorisons l’équilibre entre la vie professionnelle et personnelle, nous misons sur le développement des compétences, nous sommes fier(ères) et dévoué(e)s. Nous sommes la fonction publique du Québec!

FDA

fda.gov

The Food and Drug Administration is an agency within the Department of Health and Human Services. The FDA is responsible for protecting the public health by ensuring the safety, efficacy, and security of human and veterinary drugs, biological products, and medical devices; and by ensuring the safety of our nation's food supply, cosmetics, and products that emit radiation. FDA also has responsibility for regulating the manufacturing, marketing, and distribution of tobacco products to protect the public health and to reduce tobacco use by minors. FDA is responsible for advancing the public health by helping to speed innovations that make medical products more effective, safer, and more affordable and by helping the public get the accurate, science-based information they need to use medical products and foods to maintain and improve their health. FDA also plays a significant role in the Nation's counterterrorism capability. FDA fulfills this responsibility by ensuring the security of the food supply and by fostering development of medical products to respond to deliberate and naturally emerging public health threats.

State of Missouri

mo.gov

Build the Missouri of tomorrow. Ensure a strong foundation today. Join a group of innovative team members focused on driving the State of Missouri forward. As public servants, our team members have the opportunity to produce work that is both lasting and important. This work serves to protect families, communities, and our natural resources. No matter where you are in your career, whether entry level or senior level, a career with the State of Missouri will challenge you to grow both personally and professionally. Though one employer, there is no shortage of exciting opportunities as there are many career paths you may take within the State. If you are searching for a job that transforms lives, including your own, a career with the State of Missouri is the perfect fit!

Department of Education

vic.gov.au

The Department of Education is responsible for delivering the Victorian Government’s commitment to making Victoria the Education State, where all Victorians have the best learning and development experience, regardless of their background, postcode or circumstances. Education remains a cornerstone for ensuring all Victorians have the skills and knowledge they need to actively participate in and contribute to our rapidly-changing economy and society. The Department delivers and regulates statewide learning and development services across the early childhood and school sectors. Previously the Department of Education and Training.

United States Postal Service

usps.com

As the United States Postal Service continues its evolution as a forward-thinking, fast-acting company capable of providing quality products and services for its customers, it continues to remember and celebrate its roots as the first national network of communications that literally bound a nation together. Ours is a proud heritage built on a simple yet profound mission: Bind the nation together. Connect every American, every door, every business, everywhere through the simple act of delivering mail and packages. This idea of universal service is at the heart of the $1.4 trillion industry that employs more than 7.5 million people and drives commerce, plays an integral part in every American community and remains the greatest value of any post in the world. The Postal Service delivers more mail to more addresses in a larger geographical area than any other post in the world. The Postal Service delivers to more than 157 million addresses in every state, city and town in this country. Everyone living in the United States and its territories has access to postal products and services and pays the same postage regardless of their location. The Postal Service receives no tax dollars for operating expenses and relies on the sale of postage, products and services to fund its operations. Facebook: www.facebook.com/usps Twitter: www.twitter.com/usps Instagram: www.instagram.com/uspostalservice Pinterest: www.pinterest.com/uspsstamps YouTube: www.youtube.com/usps Corporate Blog: www.uspsblog.com This profile, while affiliated with the U.S. Postal Service®, is not an official customer service page. Please use one of the methods described below to receive assistance. Get help on twitter @USPSHelp or call 800-275-8777or go to go.usa.gov/help Thank you

Region Stockholm

regionstockholm.se

Är du beredd att tänka nytt och hitta framtidens lösningar? För vårt framtida uppdrag behöver vi medarbetare med hög kompetens, stort engagemang och som strävar efter ständig förbättring. Vid din sida kan du få engagerade kollegor inom hundratals kvalificerade yrken – ekonomer, sjuksköterskor, jurister, radiologer, ingenjörer och kirurger. Stockholms läns landsting är en av landets största arbetsgivare med ett livsviktigt uppdrag. Vi ger två miljoner invånare en effektiv kollektivtrafik och en god hälso- och sjukvård i landets snabbast växande region. Varje dag, dygnet runt.

National Park Service

nps.gov

Most people know that the National Park Service cares for national parks, a network of over 420 natural, cultural and recreational sites across the nation. The treasures in this system – the first of its kind in the world – have been set aside by the American people to preserve, protect, and share the legacies of this land. People from all around the world visit national parks to experience America's story, marvel at the natural wonders, and have fun. Places like the Grand Canyon, the Statue of Liberty, and Gettysburg are popular destinations, but so too are the hundreds of lesser known yet equally meaningful gems like Rosie the Riveter in California, Boston Harbor Islands in Massachusetts, and Russell Cave in Alabama. The American system of national parks was the first of its kind in the world, and provides a living model for other nations wishing to establish and manage their own protected areas. The park service actively consults with these Nations, sharing what we've learned, and gaining knowledge from the experience of others. Beyond national parks, the National Park Service helps communities across America preserve and enhance important local heritage and close-to-home recreational opportunities. Grants and assistance are offered to register, record and save historic places; create community parks and local recreation facilities; conserve rivers and streams, and develop trails and greenways.

Belastingdienst

belastingdienst.nl

De organisatie bestaat uit diverse onderdelen, waaronder de Belastingdienst, Douane, Toeslagen, FIOD en enkele facilitaire organisaties. Met ruim 30.000 medewerkers werken we in kantoren die verspreid zijn over het hele land. Gezamenlijk heffen, innen en controleren we belastingen. Daarnaast zorgen we ook voor het uitbetalen van toeslagen. En zijn we verantwoordelijk voor douanetaken en het opsporen van fraude. De Belastingdienst is een organisatie die 24 uur per dag, 7 dagen per week in dienst staat van de samenleving. Waar jaarlijks miljoenen aangiften worden behandeld, en waar voor honderden miljoenen aan toeslagen worden uitbetaald. En waar de Douane dagelijks zorgt voor de vlotte en veilige in- en uitvoer van tonnen goederen. Ondanks deze grote aantallen streven wij waar mogelijk naar individuele en persoonlijke dienstverlening. En in de vorm van bijvoorbeeld convenanten en partnerships werken wij ook zo goed mogelijk samen met het bedrijfsleven en andere ketenpartners. De Belastingdienst: grootschalig, veelzijdig en altijd maatschappelijk relevant.

Social Security Administration

ssa.gov

Social Security provides financial protection for our nation’s people, supporting more than 64 million individuals and families. With retirement, disability, and survivors benefits, Social Security is one of the most successful anti-poverty programs in our nation's history. We are there throughout life’s journey, helping secure today and tomorrow. We are one of the largest independent agencies in government, with over 58,000 team members throughout the country. Our talented workforce includes employees who serve customers directly, as well as those who support their work in diverse fields. Through compassion and dedication, our team members help promote the economic security of the country. They are the heart of our agency, providing high-quality, personalized service to people in their communities, nationwide, and even living abroad. Our workforce is our greatest strength at SSA. We place high priority on developing, engaging, and empowering our team members. Through career development programs, our team members have access to a wide range of training and professional development opportunities. We rely on our team members’ feedback to improve how we administer our programs and to create an environment of trust and cooperation across our organization. We also offer an excellent benefits package to our team members. To learn more about a career with SSA, visit SSA.gov/careers.

Loading…

NEWS

Canada Revenue Agency - Agence du revenu du Canada CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

July 03, 2025 07:00 AM

T5018 slip – Statement of contract payments

A T5018 slip identifies the total contract payments made to a recipient by a contractor in a calendar year or fiscal period.

Read Article

June 05, 2025 07:00 AM

Prioritizing privacy in a data-driven world

2024-2025 Annual Report to Parliament on the Privacy Act and the Personal Information Protection and Electronic Documents Act...

Read Article

May 23, 2025 07:00 AM

Canada Revenue Agency cutting up to 280 jobs, mainly in national capital region

The Canada Revenue Agency (CRA) is cutting up to 280 more employees this spring, the latest announcement of job cuts at the federal department over the past...

Read Article

October 28, 2024 07:00 AM

Tens of thousands of taxpayer accounts hacked as CRA repeatedly paid out millions in bogus refunds

At the height of this year's tax season, the Canada Revenue Agency discovered that hackers had obtained confidential data used by one of the...

Read Article

February 27, 2024 08:00 AM

Canada says cannabis wholesalers must garnish payments over unpaid taxes

Canada's tax collection agency is garnishing cash from licensed cannabis producers that are delinquent on their excise duty payments.

Read Article

March 01, 2023 08:00 AM

CRA Scams Looking More and More Like The Real Thing: Expert

Cybersecurity experts are warning the public about the latest iteration of Canada Revenue Agency-style scams w...

Read Article

February 16, 2023 08:00 AM

Sweet v Canada: Federal Court Of Canada certified privacy breach class action against CRA

In Sweet v Canada, the Federal Court of Canada certified a class action lawsuit over a CRA personal and financial data breach at the Canada...

Read Article

September 16, 2022 07:00 AM

The making of music: is a master recording tangible or intangible property?

This article is part one of a four-part series that explores the Unidisc decisions and goes into detail on the issues of music masters,...

Read Article

February 17, 2021 08:00 AM

CRA locks online accounts amid investigation, leaving users worried

The Canada Revenue Agency has locked more than 100000 taxpayers out of its online platform, telling users their email addresses have been...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-12175

SUMMARY

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 4.7)

cvss2

Base Score: 5.8

Complexity: LOW

AV:N/AC:L/Au:M/C:P/I:P/A:P

cvss3

Base Score: 4.7

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 2.0

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

1.2

REFERENCES

CVE-2026-12174

SUMMARY

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 8.8)

cvss2

Base Score: 9.0

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:C/A:C

cvss3

Base Score: 8.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 7.4

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

2.8

REFERENCES

CVE-2026-12183

SUMMARY

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-287) in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 (administrator) in response to any HTTP POST request that supplies arbitrary credentials (e.g., action=dologin&login=<any_value>&pwd=<any_value>), and subsequent privileged endpoints under /php/ajax-main.php and /modules/* do not validate a server-side session. A remote unauthenticated attacker can invoke any administrative action exposed by the configuration module, including reading and modifying user rules, fuel tank gauges, fuel dispensers, relays, cash registers, bank terminals, fuel cards, price and customer displays, cash collection, and pricing rules.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 9.8)

cvss3

Base Score: 9.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 9.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

3.9

REFERENCES

CVE-2026-6428

SUMMARY

SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary data from the Koha application database via the Filter URL parameter when the Criteria parameter matches /branchcode/. The vulnerable sink in sub calculate concatenates the unmodified Filter request parameter directly into a LIKE clause of the auxiliary $strsth2 statement and executes it via DBI without bound parameters: my $f = @$filters[0]; $f =~ s/\*/%/g; $strsth2 .= " AND $column LIKE '$f' "; This enables error-based SQL injection (e.g., via EXTRACTVALUE) and full read access to sensitive tables including borrowers (password hashes, 2FA secrets, PII), borrower_password_recovery, api_keys, and sessions. Proof of concept (error-based, single request): GET /cgi-bin/koha/reports/catalogue_out.pl?do_it=1&output=screen&Limit=10&Criteria=branchcode&Filter=x'+AND+EXTRACTVALUE(1,CONCAT(0x7e,VERSION(),0x7c,USER(),0x7c,DATABASE(),0x7e))--+- Cookie: CGISESSID=<LIBRARIAN_SESSION> The response body contains the DBI exception leaking the MariaDB version, database user, client IP, and database name, after which arbitrary data can be paged out using LIMIT n,1 / SUBSTRING(...). The vulnerable sink was introduced in commit 6bb77ae3e4 (2008-07-09); CVE-2015-4633 patched the same class in sibling files but did not generalise the fix to reports/catalogue_out.pl. Fixed in Koha 22.11.38, 24.11.16, 25.05.11, 25.11.05, 26.05.01, and 26.11.00 by replacing the raw concatenation with a parameterised placeholder.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.6)

cvss2

Base Score: 7.5

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:N/A:P

cvss3

Base Score: 7.6

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

cvss4

Base Score: 5.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:X/U:Amber

Impact Score

4.7

Exploitability

2.8

REFERENCES

CVE-2026-5513

SUMMARY

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires 'Remember personal information in cookies' setting to be enabled (disabled by default).

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.2)

cvss3

Base Score: 7.2

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Impact Score

2.7

Exploitability

3.9

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…