GoDaddy
Company Details
Linkedin ID:
godaddy
Website:
Employees number:
8,635
Number of followers:
154,386
NAICS:
513
Industry Type:
Homepage:
godaddy.com
IP Addresses:
0
Company ID:
GOD_3070288
Scan Status:
In-progress
GoDaddy Company CyberSecurity Posture
godaddy.com
At GoDaddy, you’re the star when it comes to your craft—you’re the real deal. But being an entrepreneur means juggling it all: online marketing, digital ads, website building—pretty much everything! That’s why we created GoDaddy Airo for small business owners—designed to help you conquer it all while growing your online business at AI speed. Business dreamers can go from “no clue” to “wow, I did it!” in minutes with Airo—the intelligent experience that can whip up social posts, a classy logo, or a full-blown website out of thin air—powered by AI. 20+ million customers around the globe are convincing the world (and themselves) that they’re top dog entrepreneurs with GoDaddy, and they’re crushing it. With GoDaddy Airo and your vision – It’s like you know what you’re doing 😎
GoDaddy A.I CyberSecurity Scoring
GoDaddy Risk Score (AI oriented)Between 700 and 749
GoDaddy
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
GoDaddy Global Score (TPRM)XXXX
GoDaddy
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
GoDaddy Company CyberSecurity News & History
Past Incidents
5
Attack Types
2
GoDaddy.com LLC
Breach
Rankiteo Explanation
Attack without any consequences
Description: The California Office of the Attorney General reported on May 17, 2023, that GoDaddy.com LLC experienced a data breach that occurred on October 16, 2019. The breach involved unauthorized remote access to a virtual private server (VPS) due to malware that captured Secure Shell (SSH) passwords.
GoDaddy
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: GoDaddy, a provider of web hosting services, reported that malware and source code had been stolen from its servers. Threat actors have infiltrated the organization's cPanel shared hosting environment. Although the company is unable to pinpoint the exact moment of the initial penetration, it is currently looking into the breach to ascertain the incident's underlying cause. Random client websites might occasionally be redirected to dangerous websites by the malware that had been installed on the company's computer systems. The organization claimed that the attacks haven't affected their operations or business, but that it believes it was the target of a sophisticated threat actor's strike.
GoDaddy
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: GoDaddy reported the compromising of 28,000 of its customers' web hosting accounts. One of its primary domain names is hosted by "GoDaddy," who inadvertently gave a malicious actor control of the account and site. As a result, the actor was able to manipulate several internal email accounts by altering DNS data. After some time had passed, the hostile actor was able to access document storage and compromise some of their infrastructure. Unauthorized changes were made to certain of the domain registration records' settings at GoDaddy, temporarily rerouting the site's email and web traffic. Although it appears that no emails, passwords, or other sensitive information was obtained, the business advised changing the password and turning on 2FA security.
GoDaddy
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Attorney General reported a data breach involving GoDaddy on November 17, 2021. The breach occurred on or about September 6, 2021, when an unauthorized third party accessed customer authentication information, including customer numbers, email addresses, and login credentials. The number of individuals affected is currently unknown.
GoDaddy
Vulnerability
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Hackers are exploiting a critical vulnerability in the Roundcube webmail application, which is widely used by hosting providers like GoDaddy. The vulnerability, CVE-2025-49113, allows remote code execution and has a severity score of 9.9 out of 10. This vulnerability has been present for over a decade and impacts versions 1.1.0 through 1.6.10. Despite a patch being released, attackers have reverse-engineered the fix and are selling exploits on hacker forums. The wide use of Roundcube, including by government and academic institutions, makes the attack surface significant. The vulnerability can lead to data breaches and significant impact on organizations using the application.
GoDaddy Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for GoDaddy
Incidents vs Technology, Information and Internet Industry Average (This Year)
GoDaddy has 11.11% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
GoDaddy has 28.21% more incidents than the average of all companies with at least one recorded incident.
Incident Types GoDaddy vs Technology, Information and Internet Industry Avg (This Year)
GoDaddy reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 1 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — GoDaddy (X = Date, Y = Severity)
GoDaddy cyber incidents detection timeline including parent company and subsidiaries
GoDaddy Company Subsidiaries
At GoDaddy, you’re the star when it comes to your craft—you’re the real deal. But being an entrepreneur means juggling it all: online marketing, digital ads, website building—pretty much everything! That’s why we created GoDaddy Airo for small business owners—designed to help you conquer it all while growing your online business at AI speed. Business dreamers can go from “no clue” to “wow, I did it!” in minutes with Airo—the intelligent experience that can whip up social posts, a classy logo, or a full-blown website out of thin air—powered by AI. 20+ million customers around the globe are convincing the world (and themselves) that they’re top dog entrepreneurs with GoDaddy, and they’re crushing it. With GoDaddy Airo and your vision – It’s like you know what you’re doing 😎
Loading...
GoDaddy Similar Companies
Peraton
Do the can't be done. At Peraton, we're at the forefront of delivering the next big thing every day. We're the partner of choice to help solve some of the world's most daunting challenges, delivering bold, new solutions to keep people around the world safer and more secure. How do we do it? By thi
Thirteen-time Webby award-winning Freelancer is the world’s largest freelancing and crowdsourcing marketplace by total number of users and projects posted. More than 80 million registered users have posted over 25 million projects and contests to date in over 3,000 areas as diverse as website develo
Times Internet
At Times Internet, we create premium digital products that simplify and enhance the lives of millions. As India’s largest digital products company, we have a significant presence across a wide range of categories, including News, Sports, Fintech, and Enterprise solutions. Our portfolio features mar
Launched in May 2003, Taobao Marketplace (www.taobao.com) is the online shopping destination of choice for Chinese consumers looking for wide selection, value and convenience. Shoppers choose from a wide range of products and services on Taobao Marketplace, which features hundreds of millions of pro
Sohu.com Inc. (NASDAQ: SOHU) is China's premier online brand and indispensable to the daily life of millions of Chinese, providing a network of web properties and community based/web 2.0 products which offer the vast Sohu user community a broad array of choices regarding information, entertainment a
Jumia (NYSE :JMIA) is a leading e-commerce platform in Africa. It is built around a marketplace, Jumia Logistics, and JumiaPay. The marketplace helps millions of consumers and sellers to connect and transact. Jumia Logistics enables the delivery of millions of packages through our network of local p
SLB
We are a technology company that unlocks access to energy for the benefit of all. As innovators, that’s been our mission for nearly a century. Today, we face a global imperative to create a future with more energy, but less carbon. Our diverse, innovative change makers are focused on going further i
Meesho is India’s fastest growing internet commerce company. We want to make eCommerce accessible to all. Our vision is to enable 100 million small businesses in India, including individual entrepreneurs, to succeed online. Our mission is to democratise internet commerce by bringing a range of produ
Myntra
At Myntra, we don’t just follow fashion - we define it. As India's leading fashion, lifestyle, and beauty destination, we bring together the best of style, technology, and innovation to create a seamless shopping experience for our customers. With a commitment to empowering self-expression, we cura
.png)
GoDaddy CyberSecurity News
November 20, 2025 08:00 AM
Adama Builds with GoDaddy Airo
For Adama Fall (https://apo-opa.co/4oNInCB), football is more than a sport — it's a platform. With roots in Senegal and a master's degree in...
November 11, 2025 08:00 AM
Adama Builds With GoDaddy Airo
For Adama Fall, football is more than a sport - it's a platform. With roots in Senegal and a master's degree in Cybersecurity underway at...
November 11, 2025 08:00 AM
Adama Builds With GoDaddy Airo - ACN Newswire
Adama Builds With GoDaddy Airo. SINGAPORE, Nov 11, 2025 - (ACN Newswire) - For Adama Fall, football is more than a sport — it's a platform.
August 07, 2025 07:00 AM
Risk analysis is the foundation of data security, but regulator approaches differ
IAPP Cybersecurity Law Center Managing Director Jim Dempsey analyzes several cybersecurity-related enforcement actions taken by the U.S....
July 01, 2025 07:00 AM
GoDaddy 2024 Sustainability Report: Responsible Governance & Operations | Cybersecurity & Data Privacy
The Audit and Finance Committee receives regular reports from GoDaddy's Chief Information Security Officer (CISO) regarding the state of the...
June 16, 2025 07:00 AM
Report Links Los Pollos and RichAds to Malware Traffic Operations
Threat Intel exposes a hidden alliance between major cybercrime groups like VexTrio and seemingly legitimate AdTech firms such as Los Pollos, Partners House,...
May 30, 2025 07:00 AM
GoDaddy Hit With an FTC Order Mandating a Robust Security Program After a Series of Data Breaches
Popular domain registrar and web hosting company GoDaddy was slapped with an FTC order mandating a robust information security program for...
May 29, 2025 07:00 AM
5 ways teams can comply with the FTC’s GoDaddy ruling
COMMENTARY: The FTC's finalized order against GoDaddy last week marks a strategic breakpoint in cybersecurity oversight.
May 27, 2025 07:00 AM
FTC tells GoDaddy to shape up and secure its hosting services following 2018 attacks
The US Federal and Trade Commission (FTC) has outlined almost a dozen requirements which hosting provider GoDaddy must fulfill in order to settle the charges...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
GoDaddy CyberSecurity History Information
Official Website of GoDaddy
The official website of GoDaddy is http://www.godaddy.com.
GoDaddy’s AI-Generated Cybersecurity Score
According to Rankiteo, GoDaddy’s AI-generated cybersecurity score is 725, reflecting their Moderate security posture.
How many security badges does GoDaddy’ have ?
According to Rankiteo, GoDaddy currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does GoDaddy have SOC 2 Type 1 certification ?
According to Rankiteo, GoDaddy is not certified under SOC 2 Type 1.
Does GoDaddy have SOC 2 Type 2 certification ?
According to Rankiteo, GoDaddy does not hold a SOC 2 Type 2 certification.
Does GoDaddy comply with GDPR ?
According to Rankiteo, GoDaddy is not listed as GDPR compliant.
Does GoDaddy have PCI DSS certification ?
According to Rankiteo, GoDaddy does not currently maintain PCI DSS compliance.
Does GoDaddy comply with HIPAA ?
According to Rankiteo, GoDaddy is not compliant with HIPAA regulations.
Does GoDaddy have ISO 27001 certification ?
According to Rankiteo,GoDaddy is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of GoDaddy
GoDaddy operates primarily in the Technology, Information and Internet industry.
Number of Employees at GoDaddy
GoDaddy employs approximately 8,635 people worldwide.
Subsidiaries Owned by GoDaddy
GoDaddy presently has no subsidiaries across any sectors.
GoDaddy’s LinkedIn Followers
GoDaddy’s official LinkedIn profile has approximately 154,386 followers.
NAICS Classification of GoDaddy
GoDaddy is classified under the NAICS code 513, which corresponds to Others.
GoDaddy’s Presence on Crunchbase
Yes, GoDaddy has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/godaddy.
GoDaddy’s Presence on LinkedIn
Yes, GoDaddy maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/godaddy.
Cybersecurity Incidents Involving GoDaddy
As of December 23, 2025, Rankiteo reports that GoDaddy has experienced 5 cybersecurity incidents.
Number of Peer and Competitor Companies
GoDaddy has an estimated 13,279 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at GoDaddy ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Breach.
How does GoDaddy detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with password change, enable 2fa security..
Incident Details
Can you provide details on each incident ?
Title: GoDaddy Web Hosting Accounts Compromised
Description: GoDaddy reported the compromising of 28,000 of its customers' web hosting accounts. A malicious actor gained control of a primary domain name and manipulated internal email accounts by altering DNS data. The actor accessed document storage and compromised some of their infrastructure. Unauthorized changes were made to domain registration records' settings at GoDaddy, temporarily rerouting the site's email and web traffic. No emails, passwords, or other sensitive information was obtained, but the business advised changing the password and turning on 2FA security.
Type: Unauthorized Access, DNS Manipulation
Attack Vector: DNS Manipulation, Compromised Accounts
Vulnerability Exploited: Compromised Account Credentials
Threat Actor: Unknown Malicious Actor
Title: GoDaddy Malware and Source Code Theft
Description: GoDaddy, a provider of web hosting services, reported that malware and source code had been stolen from its servers. Threat actors have infiltrated the organization's cPanel shared hosting environment. Although the company is unable to pinpoint the exact moment of the initial penetration, it is currently looking into the breach to ascertain the incident's underlying cause. Random client websites might occasionally be redirected to dangerous websites by the malware that had been installed on the company's computer systems. The organization claimed that the attacks haven't affected their operations or business, but that it believes it was the target of a sophisticated threat actor's strike.
Type: Malware and Source Code Theft
Attack Vector: Malware installed on the company's computer systems
Threat Actor: Sophisticated threat actor
Title: Exploitation of CVE-2025-49113 in Roundcube Webmail
Description: Hackers are likely starting to exploit CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. The security issue has been present in Roundcube for over a decade and impacts versions of Roundcube webmail 1.1.0 through 1.6.10. It received a patch on June 1st. It took attackers just a couple of days to reverse engineer the fix, weaponize the vulnerability, and start selling a working exploit on at least one hacker forum.
Date Detected: 2025-06-01
Type: Remote Code Execution (RCE)
Attack Vector: Exploiting CVE-2025-49113
Vulnerability Exploited: CVE-2025-49113
Motivation: Financial gain through selling exploits
Title: GoDaddy Data Breach
Description: The California Attorney General reported a data breach involving GoDaddy on November 17, 2021. The breach occurred on or about September 6, 2021, when an unauthorized third party accessed customer authentication information, including customer numbers, email addresses, and login credentials. The number of individuals affected is currently unknown.
Date Detected: 2021-11-17
Date Publicly Disclosed: 2021-11-17
Type: Data Breach
Attack Vector: Unauthorized Access
Threat Actor: Unauthorized Third Party
Title: GoDaddy Data Breach
Description: Unauthorized remote access to a virtual private server (VPS) due to malware that captured Secure Shell (SSH) passwords.
Date Detected: 2023-05-17
Date Publicly Disclosed: 2023-05-17
Type: Data Breach
Attack Vector: Malware
Vulnerability Exploited: SSH password capture
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Compromised Account Credentials, Lack of sanitization of the $_GET['_from'] parameter and VPS.
Impact of the Incidents
What was the impact of each incident ?
Incident : Unauthorized Access, DNS Manipulation GOD2315623
Data Compromised: Document Storage, DNS Data
Systems Affected: Web Hosting Accounts, Internal Email Accounts, Domain Registration Records
Operational Impact: Temporary rerouting of email and web traffic
Incident : Malware and Source Code Theft GOD195781023
Data Compromised: Malware, Source code
Systems Affected: cPanel shared hosting environment
Incident : Remote Code Execution (RCE) GOD616060625
Systems Affected: Roundcube webmail versions 1.1.0 through 1.6.10
Incident : Data Breach GOD348072625
Data Compromised: Customer numbers, Email addresses, Login credentials
Incident : Data Breach GOD123072625
Systems Affected: VPS
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Document Storage, DNS Data, Malware, Source Code, , Customer Numbers, Email Addresses, Login Credentials and .
Which entities were affected by each incident ?
Incident : Unauthorized Access, DNS Manipulation GOD2315623
Entity Name: GoDaddy
Entity Type: Web Hosting Provider
Industry: Technology
Customers Affected: 28,000
Incident : Malware and Source Code Theft GOD195781023
Entity Name: GoDaddy
Entity Type: Web Hosting Service Provider
Industry: Technology
Incident : Remote Code Execution (RCE) GOD616060625
Entity Name: Roundcube
Entity Type: Software
Industry: Webmail
Location: Global
Incident : Data Breach GOD123072625
Entity Name: GoDaddy.com LLC
Entity Type: Company
Industry: Web Hosting
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Unauthorized Access, DNS Manipulation GOD2315623
Remediation Measures: Password Change, Enable 2FA Security
Data Breach Information
What type of data was compromised in each breach ?
Incident : Unauthorized Access, DNS Manipulation GOD2315623
Type of Data Compromised: Document Storage, DNS Data
Incident : Malware and Source Code Theft GOD195781023
Type of Data Compromised: Malware, Source code
Incident : Data Breach GOD348072625
Type of Data Compromised: Customer numbers, Email addresses, Login credentials
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Password Change, Enable 2FA Security, .
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : Unauthorized Access, DNS Manipulation GOD2315623
Recommendations: Change Passwords, Enable 2FA Security
References
Where can I find more information about each incident ?
Incident : Data Breach GOD123072625
Source: California Office of the Attorney General
Date Accessed: 2023-05-17
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Kirill FirsovDate Accessed: 2025-06-01, and Source: California Attorney GeneralDate Accessed: 2021-11-17, and Source: California Office of the Attorney GeneralDate Accessed: 2023-05-17.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Malware and Source Code Theft GOD195781023
Investigation Status: Investigating
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Unauthorized Access, DNS Manipulation GOD2315623
Entry Point: Compromised Account Credentials
Incident : Remote Code Execution (RCE) GOD616060625
Entry Point: Lack of sanitization of the $_GET['_from'] parameter
Incident : Data Breach GOD123072625
Entry Point: VPS
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Remote Code Execution (RCE) GOD616060625
Root Causes: Lack of sanitization of the $_GET['_from'] parameter leading to PHP Object deserialization
Incident : Data Breach GOD123072625
Root Causes: Malware capturing SSH passwords
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Unknown Malicious Actor, Sophisticated threat actor and Unauthorized Third Party.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-06-01.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-05-17.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Document Storage, DNS Data, Malware, Source Code, , Customer Numbers, Email Addresses, Login Credentials and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was cPanel shared hosting environment and Roundcube webmail versions 1.1.0 through 1.6.10 and VPS.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Malware, Document Storage, DNS Data, Email Addresses, Login Credentials, Customer Numbers and Source Code.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Change Passwords and Enable 2FA Security.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Kirill Firsov, California Office of the Attorney General and California Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Investigating.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Compromised Account Credentials, Lack of sanitization of the $_GET['_from'] parameter and VPS.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Lack of sanitization of the $_GET['_from'] parameter leading to PHP Object deserialization, Malware capturing SSH passwords.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time. This issue has been patched in version 3.26.2 and 4.1.2.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The vulnerability stems from an incorrect or insufficient path validation when loading the Service Account Token specified in spec.hashiCorpVault.credential.serviceAccount. An attacker with permissions to create or modify a TriggerAuthentication resource can exfiltrate the content of any file from the node's filesystem (where the KEDA pod resides) by directing the file's content to a server under their control, as part of the Vault authentication request. The potential impact includes the exfiltration of sensitive system information, such as secrets, keys, or the content of files like /etc/passwd. This issue has been patched in versions 2.17.3 and 2.18.3.
Risk Information
cvss4
Base: 8.2
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Fedify's document loader. The HTML parsing regex at packages/fedify/src/runtime/docloader.ts:259 contains nested quantifiers that cause catastrophic backtracking when processing maliciously crafted HTML responses. This issue has been patched in versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
- https://github.com/fedify-dev/fedify/commit/2bdcb24d7d6d5886e0214ed504b63a6dc5488779
- https://github.com/fedify-dev/fedify/commit/bf2f0783634efed2663d1b187dc55461ee1f987a
- https://github.com/fedify-dev/fedify/releases/tag/1.6.13
- https://github.com/fedify-dev/fedify/releases/tag/1.7.14
- https://github.com/fedify-dev/fedify/releases/tag/1.8.15
- https://github.com/fedify-dev/fedify/releases/tag/1.9.2
- https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93
Description
Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Description
An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=godaddy' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
