What is Department of Justice Canada | Ministère de la Justice du Canada's cybersecurity risk score?

Department of Justice Canada | Ministère de la Justice du Canada has an AI-generated cybersecurity risk score of 775 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has Department of Justice Canada | Ministère de la Justice du Canada experienced?

According to Rankiteo, Department of Justice Canada | Ministère de la Justice du Canada currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Department of Justice Canada | Ministère de la Justice du Canada been affected by any supply chain cyber incidents ?

According to Rankiteo, Department of Justice Canada | Ministère de la Justice du Canada has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does Department of Justice Canada | Ministère de la Justice du Canada have SOC 2 Type 2 certification ?

According to Rankiteo, Department of Justice Canada | Ministère de la Justice du Canada does not hold a SOC 2 Type 2 certification.

Does Department of Justice Canada | Ministère de la Justice du Canada have PCI DSS certification ?

According to Rankiteo, Department of Justice Canada | Ministère de la Justice du Canada does not currently maintain PCI DSS compliance.

Does Department of Justice Canada | Ministère de la Justice du Canada have ISO 27001 certification ?

According to Rankiteo,Department of Justice Canada | Ministère de la Justice du Canada is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

How many employees does Department of Justice Canada | Ministère de la Justice du Canada have ?

Department of Justice Canada | Ministère de la Justice du Canada employs approximately 3,974 people worldwide.

How many LinkedIn followers does Department of Justice Canada | Ministère de la Justice du Canada have ?

Department of Justice Canada | Ministère de la Justice du Canada's official LinkedIn profile has approximately 126,396 followers.

What is the NAICS classification code for Department of Justice Canada | Ministère de la Justice du Canada ?

Department of Justice Canada | Ministère de la Justice du Canada is classified under the NAICS code 92, which corresponds to Public Administration.

Does Department of Justice Canada | Ministère de la Justice du Canada have a Crunchbase profile ?

No, Department of Justice Canada | Ministère de la Justice du Canada does not have a profile on Crunchbase.

Does Department of Justice Canada | Ministère de la Justice du Canada have a LinkedIn profile ?

Yes, Department of Justice Canada | Ministère de la Justice du Canada maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/justicecanada.

How many peer or competitor companies does Department of Justice Canada | Ministère de la Justice du Canada have ?

Department of Justice Canada | Ministère de la Justice du Canada has an estimated 12,888 peer or competitor companies worldwide.

What types of cybersecurity incidents has Department of Justice Canada | Ministère de la Justice du Canada faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Data Leak, Breach and Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

DJCMDLJDC

Boost Score +25 with badge (5 left)

775

/1000

Fair

800

/1000

Good

Department of Justice Canada | Ministère de la Justice du Canada Vendor Cyber Rating & Cyber Score

gc.ca

Add Your Compliance Badge

The Department of Justice Canada works to ensure a fair, accessible, and efficient system of justice for all Canadians. Led by the Minister of Justice, who is also the Attorney General of Canada, the Department of Justice strives to promote respect for rights and freedoms, the law and the Constitution. Roughly half of the Department’s staff are lawyers; the other half includes experts in fields such as research, the social sciences, and communication, as well as paralegals and support staff. Consult Justice Canada Social Media Terms of Use at http://www.justice.gc.ca/eng/terms-avis/index.html#social

DJCMDLJDC A.I CyberSecurity Scoring

Scoring History

DJCMDLJDC

Department of Justice Canada | Ministère de la Justice du Canada CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Department of Justi...

Breach

10/2025

TRA270222710182...

Department of Justi...

Breach

5/2025

OFF100251009182...

Department of Justi...

Breach

10/2022

CAN206221122

Government of Canad...

Cyber Attack

3/2020

GOV1766174849

Department of Justi...

Data Leak

08/2018

GOV12181122

Department of Justi...

Breach

06/2018

CAN17246822

Department of Justi...

Cyber Attack

100

06/2015

GOV192330422

Loading…

A.I.

DJCMDLJDC Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for DJCMDLJDC

Incidents vs Government Administration Industry Avg (This Year)

No incidents recorded for Department of Justice Canada | Ministère de la Justice du Canada in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Department of Justice Canada | Ministère de la Justice du Canada in 2026.

Incident Types DJCMDLJDC vs Government Administration Industry Avg (This Year)

No incidents recorded for Department of Justice Canada | Ministère de la Justice du Canada in 2026.

Incident History - DJCMDLJDC (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Department of Justice Canada | Ministère de la Justice du Canada Subsidiaries

DJCMDLJDC

Government Administration

Website: http://www.justice.gc.ca

Company Size: 1,001-5,000 employees

Government of CanadaGovernment Administration

Canada Revenue Agency - Agence du revenu du CanadaGovernment Administration

Health Canada | Santé CanadaGovernment Administration

Service CanadaGovernment Administration

Statistics Canada | Statistique CanadaGovernment Administration

Canada Border Services Agency | Agence des services frontaliers du CanadaGovernment Administration

Public Health Agency of Canada | Agence de la santé publique du CanadaGovernment Administration

National Research Council Canada / Conseil national de recherches CanadaResearch Services

Environment and Climate Change CanadaGovernment Administration

Public Services and Procurement Canada | Services publics et Approvisionnement CanadaGovernment Administration

PSPC Jobs | Emplois SPACGovernment Administration

Real Property Services / Services immobiliersGovernment Administration

Marine Procurement | Approvisionnement MaritimeShipbuilding

Translation Bureau | Bureau de la traductionGovernment Administration

Innovation, Science and Economic Development Canada | Innovation, Sciences et Développement économique CanadaGovernment Administration

Innovative Solutions CanadaGovernment Relations Services

Canada Digital Adoption Program | Programme canadien d'adoption du numériqueGovernment Relations Services

Finance Canada / Finances CanadaGovernment Administration

Canadian Armed Forces | Forces armées canadiennesArmed Forces

Transport Canada - Transports CanadaGovernment Administration

Canadian Food Inspection AgencyGovernment Administration

Canadian Institutes of Health Research | Instituts de recherche en santé du CanadaGovernment Administration

Canada Mortgage and Housing Corporation (CMHC) Société canadienne d'hypothèques et de logement(SCHL)Government Administration

Emploi et Développement social Canada (EDSC) / Employment and Social Development Canada (ESDC)Government Administration

Labour ProgramGovernment Administration

Programme du travailGovernment Administration

Canada 2030 AgendaGovernment Administration

Programme 2030 CanadaGovernment Administration

Treasury Board of Canada Secretariat | Secrétariat du Conseil du Trésor du CanadaGovernment Administration

Trade Commissioner Service | Service des délégués commerciauxInternational Trade and Development

Public Safety Canada | Sécurité publique CanadaPublic Safety

Immigration and Refugee Board of Canada | Commission de l'immigration et du statut de réfugiéGovernment Administration

Office of the Privacy Commissioner of Canada/Commissariat à la protection de la vie privée du CanadaGovernment Administration

Federal Economic Development Agency for Southern Ontario | Agence fédérale de ...Government Administration

Shared Services Canada | Services partagés CanadaGovernment Administration

Veterans Affairs Canada / Anciens Combattants CanadaGovernment Administration

Natural Sciences and Engineering Research Council of Canada (NSERC)Government Administration

Canada School of Public Service | École de la fonction publique du CanadaGovernment Administration

Prairies Economic Development Canada I Développement économique Canada pour les PrairiesGovernment Administration

WAGE / FEGCGovernment Administration

Doing Business with the Government of Canada | Faire affaire avec le gouvernement du CanadaGovernment Administration

Canadian Armed Forces | Forces armées canadiennesArmed Forces

ACOA - APECAGovernment Administration

Canada Economic Development for Quebec RegionsGovernment Administration

SSHRC-CRSHGovernment Administration

Commission de la fonction publique du Canada | Public Service Commission of CanadaGovernment Administration

Public Prosecution Service of Canada | Service des poursuites pénales du CanadaGovernment Administration

CRTCTelecommunications

Competition Bureau CanadaLaw Enforcement

Inside ECCC | Ici à ECCCGovernment Administration

My Source | Ma sourceGovernment Administration

Get Cyber SafeGovernment Administration

Bureau de la concurrence CanadaLaw Enforcement

Policy Horizons Canada - Horizons de politiques CanadaGovernment Administration

Canadian Intellectual Property Office / Office de la propriété intellectuelle du CanadaGovernment Administration

Pensez cybersécuritéGovernment Administration

Régie de l’énergie du CanadaGovernment Administration

Canadian Centre for Occupational Health and SafetyGovernment Administration

Communications Security Establishment Canada | Centre de la sécurité des télécommunications CanadaGovernment Administration

Centre canadien d'hygiène et de sécurité au travail (CCHST)Government Administration

Loading…

Department of Justice Canada | Ministère de la Justice du Canada Similar Companies

Government of Canada

canada.ca

The Government of Canada works on behalf of Canadians, both at home and abroad. Visit www.Canada.ca to learn more. Canada’s professional, non-partisan public service is among the best in the world, and many of its departments and agencies place in Canada’s Top 100 Employers year after year. If you are interested in joining our diverse and innovative team, visit www.jobs.gc.ca for information and opportunities. Terms: https://www.canada.ca/en/transparency/terms.html Le gouvernement du Canada œuvre au nom des Canadiens, tant au pays qu’à l’étranger. Consultez le site www.canada.ca pour en savoir plus. Impartiale et professionnelle, la fonction publique du Canada fait partie de l’élite mondiale. Bon nombre de ses ministères et organismes figurent parmi les 100 meilleurs employeurs du pays année après année. Vous aimeriez intégrer notre équipe diversifiée et innovante? Rendez-vous au www.emplois.gc.ca pour obtenir des informations et connaître les possibilités qui s’offrent à vous. Avis : https://www.canada.ca/fr/transparence/avis.html

Nav

nav.no

Nav er en viktig del av sikkerhetsnettet i velferdsstaten. Vi skal bidra til at flere kommer i arbeid og færre går på stønad, og samtidig sørge for at de som trenger det er sikra inntekt og økonomisk trygghet gjennom rett pengestøtte til rett tid. For å løse dette samfunnsoppdraget forvalter Nav om lag en tredel av statsbudsjettet, gjennom ordninger som arbeidsrettede tiltak, dagpenger, arbeidsavklaringspenger, sykepenger, pensjon, økonomisk sosialhjelp, foreldrepenger, barnetrygd og kontantstøtte. Nav tilbyr tjenester, ytelser og stønader til både privatpersoner og arbeidsgivere. For å sikre helhetlige tjenester, samarbeider vi tett med arbeidslivet, kommune-, helse- og utdanningssektoren, andre statlige virksomheter og frivillige aktører.

CONICET

conicet.gov.ar

El Consejo Nacional de Investigaciones Científicas y Técnicas (CONICET) es el principal organismo dedicado a la promoción de la ciencia y la tecnología en la Argentina. Su actividad se desarrolla en cuatro grandes áreas: • Ciencias agrarias, ingeniería y de materiales • Ciencias biológicas y de la salud • Ciencias exactas y naturales • Ciencias sociales y humanidades En el CONICET, además promovemos y gestionamos la transferencia de tecnologías, servicios y capacidades de Investigación y Desarrollo (I+D) que genera su comunidad científica hacia los sectores socioproductivos, Pymes, Gobiernos, organismos públicos y la sociedad civil. En ese sentido: • Conectamos recursos humanos altamente especializados con empresarios/as para generar oportunidades conjuntas. • Impulsamos la participación con cámaras y asociaciones empresarias, parques tecnológicos e industriales, organismos del Estado, ONG, organizaciones civiles, y redes nacionales e internacionales de vinculación tecnológica. • Facilitamos la transferencia al sector productivo mediante procesos de escalado, pruebas de concepto, entre otros. • Promovemos la creación de Empresas de Base Tecnológica. El CONICET es un ente autárquico del Estado Nacional en jurisdicción del Ministerio de Ciencia, Tecnología e Innovación.

US Government Accountability Office

gao.gov

For more information about GAO, please visit www.gao.gov. General Information The U.S. Government Accountability Office (GAO) is an independent, nonpartisan agency that works for Congress. Often called the "congressional watchdog," GAO investigates how the federal government spends taxpayer dollars. Mission Our Mission is to support the Congress in meeting its constitutional responsibilities and to help improve the performance and ensure the accountability of the federal government for the benefit of the American people. We provide Congress with timely information that is objective, fact-based, nonpartisan, non-ideological, fair, and balanced. GAO Social Media Terms of Use: https://www.facebook.com/usgao/app/250336418365488/

IBGE

ibge.gov.br

The Brazilian Institute of Geography and Statistics or IBGE (Portuguese: Instituto Brasileiro de Geografia e Estatística), is the agency responsible for statistical, geographic, cartographic, geodetic and environmental information in Brazil. The IBGE performs a national census every ten years, and the questionnaires account for information such as age, household income, literacy, education, occupation and hygiene levels. IBGE is an institution of the Federal Government, constituted a public foundation by Decree Law No. 161 of February 13, 1967, and is bound to the Brazilian Department of Planning, Budget and Management. It has four directors and two other central organs. IBGE has a network of national research and dissemination components, comprising: 27 state units (26 in state capitals and one in the Federal District); 27 centres for documentation and dissemination of information (26 in the capital and one in the Federal District); 581 data collection agencies in major cities. The IBGE also maintains the Roncador Ecological Reserve, situated 35 km south of Brasília.

City of Los Angeles

linkpages.pro

The City of Los Angeles employs more than 45,000 people in a wide range of careers. Visit our website for information on current openings, including regular civil service positions, exempt and emergency appointment opportunities, in addition to internships! The City of Los Angeles is a Mayor-Council-Commission form of government, as originally adopted by voters of the City of Los Angeles, effective July 1, 1925, and reaffirmed by a new Charter effective July 1, 2000. A Mayor, City Controller, and City Attorney are elected by City residents every four years. Fifteen City Council members representing fifteen districts are elected by the people for four-year terms, for a maximum of two terms. Members of Commissions are generally appointed by the Mayor, subject to the approval of the City Council. General Managers of the various City departments are also appointed by the Mayor, subject to confirmation by the City Council. Most employees of the City are subject to the civil service provisions of the City Charter.

Region Stockholm

regionstockholm.se

Är du beredd att tänka nytt och hitta framtidens lösningar? För vårt framtida uppdrag behöver vi medarbetare med hög kompetens, stort engagemang och som strävar efter ständig förbättring. Vid din sida kan du få engagerade kollegor inom hundratals kvalificerade yrken – ekonomer, sjuksköterskor, jurister, radiologer, ingenjörer och kirurger. Stockholms läns landsting är en av landets största arbetsgivare med ett livsviktigt uppdrag. Vi ger två miljoner invånare en effektiv kollektivtrafik och en god hälso- och sjukvård i landets snabbast växande region. Varje dag, dygnet runt.

Comunidad de Madrid

comunidad.madrid

Si necesitas información general y especializada sobre los servicios públicos madrileños puedes llamar al teléfono de Atención al Ciudadano 012. En la Comunidad de Madrid estamos encantados de recibir comentarios y favorecer el diálogo, por eso te proponemos unas normas básicas de participación: - Respeta a los demás usuarios y haz un uso adecuado de la red al publicar un comentario. Se eliminará cualquier mensaje difamatorio, ofensivo, amenazador, grosero o que esté penado por las leyes españolas. - Haz comentarios relacionados con lo publicado, sé lo más breve posible y evita las mayúsculas. Se borrarán aquellos comentarios que se consideren fuera de tema. - No están permitidos los mensajes que contengan spam o publicidad intrusiva. - La Comunidad de Madrid no se hace responsable del contenido de las opiniones que los participantes dejan en los comentarios, ni se identifica con ellas. ¡Esperamos tu participación! Síguenos también en www.twitter.com/ComunidadMadrid y www.facebook.com/ComunidadeMadrid.

City of Seattle

seattle.gov

Work With Purpose. Shape Seattle. Inspire the World. Seattle is more than a world-class city — it’s a vibrant, evolving community rooted in shared values of sustainability, innovation, and inclusion. As a public employer, the City of Seattle is committed to building a city that works for everyone, where communities thrive, opportunity is accessible, and public service drives real, lasting impact. With more than 12,000 employees across 40+ departments, we’re proud to serve the people of Seattle in every aspect of city life, from transportation and utilities to immigrant and refugee affairs, arts and culture, housing, and environmental stewardship. Whether you're maintaining parks, delivering clean water, strengthening neighborhoods, or shaping policy, your work helps power a city that puts people first. We offer more than 1,100 job titles, from seasonal and entry-level positions to senior leadership roles, across a wide range of fields: skilled trades, technology, finance, urban planning, public health, human services, public safety, and more. Whatever your background or career path, there’s a meaningful place for you here! At the City of Seattle, public service is more than a job; it's a shared purpose. We don’t just serve our community, we strive to be a model of what good government can be: inclusive, innovative, equitable, transparent, collaborative, and visionary. We believe that local leadership, done right, can inspire change far beyond our city limits. Joining the City of Seattle means joining a diverse, dedicated team that believes in the power of community and the possibility of progress. Together, we’re building a city where everyone can live, work, and thrive, and showing what’s possible when government works for the people it serves! Come build your career and community with us! View the City's policies at seattle.gov/digital

Loading…

NEWS

Department of Justice Canada | Ministère de la Justice du Canada CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

March 03, 2025 08:00 AM

Minister of Justice and Attorney General of Canada announces a judicial appointment to the Federal Court

March 3, 2025 – Ottawa, Ontario – Department of Justice Canada. The Honourable Arif Virani, Minister of Justice and Attorney General of...

Read Article

September 03, 2024 07:00 AM

Canada’s Indo-Pacific Strategy

The Indo-Pacific region will play a critical role in shaping Canada's future over the next half-century. Encompassing 40 economies, over four billion people.

Read Article

May 07, 2024 07:00 AM

Office of Public Affairs | U.S. Charges Russian National with Developing and Operating LockBit Ransomware

The US Justice Department unsealed charges today against a Russian national for his alleged role as the creator, developer, and administrator of the LockBit...

Read Article

April 10, 2024 07:00 AM

Article | Biden administration urges court to reconsider Line 5 shutdown order

The Department of Justice on Wednesday recommended that a federal district court reconsider a shutdown order of the Line 5 pipeline,...

Read Article

January 29, 2024 08:00 AM

Article | Exit interview with David Lametti on gains, groundwork and unkept promises

OTTAWA — Former justice minister David Lametti says his government's push on Indigenous reconciliation legislation is going to keep moving...

Read Article

February 13, 2019 08:00 AM

Article | Trump’s Canadian counterpart takes a hit

OTTAWA — A political scandal is threatening to spoil Canadian Prime Minister Justin Trudeau's date with a second term. Trudeau, cast as a...

Read Article

October 08, 2010 08:34 PM

Contact Us | Federal Bureau of Investigation

Please contact your local FBI office to submit a tip or report a crime. Use our online form to file electronically or call the appropriate toll-free number.

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-12175

SUMMARY

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 4.7)

cvss2

Base Score: 5.8

Complexity: LOW

AV:N/AC:L/Au:M/C:P/I:P/A:P

cvss3

Base Score: 4.7

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 2.0

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

1.2

REFERENCES

CVE-2026-12174

SUMMARY

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 8.8)

cvss2

Base Score: 9.0

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:C/A:C

cvss3

Base Score: 8.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 7.4

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

2.8

REFERENCES

CVE-2026-12183

SUMMARY

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-287) in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 (administrator) in response to any HTTP POST request that supplies arbitrary credentials (e.g., action=dologin&login=<any_value>&pwd=<any_value>), and subsequent privileged endpoints under /php/ajax-main.php and /modules/* do not validate a server-side session. A remote unauthenticated attacker can invoke any administrative action exposed by the configuration module, including reading and modifying user rules, fuel tank gauges, fuel dispensers, relays, cash registers, bank terminals, fuel cards, price and customer displays, cash collection, and pricing rules.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 9.8)

cvss3

Base Score: 9.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 9.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

3.9

REFERENCES

CVE-2026-6428

SUMMARY

SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary data from the Koha application database via the Filter URL parameter when the Criteria parameter matches /branchcode/. The vulnerable sink in sub calculate concatenates the unmodified Filter request parameter directly into a LIKE clause of the auxiliary $strsth2 statement and executes it via DBI without bound parameters: my $f = @$filters[0]; $f =~ s/\*/%/g; $strsth2 .= " AND $column LIKE '$f' "; This enables error-based SQL injection (e.g., via EXTRACTVALUE) and full read access to sensitive tables including borrowers (password hashes, 2FA secrets, PII), borrower_password_recovery, api_keys, and sessions. Proof of concept (error-based, single request): GET /cgi-bin/koha/reports/catalogue_out.pl?do_it=1&output=screen&Limit=10&Criteria=branchcode&Filter=x'+AND+EXTRACTVALUE(1,CONCAT(0x7e,VERSION(),0x7c,USER(),0x7c,DATABASE(),0x7e))--+- Cookie: CGISESSID=<LIBRARIAN_SESSION> The response body contains the DBI exception leaking the MariaDB version, database user, client IP, and database name, after which arbitrary data can be paged out using LIMIT n,1 / SUBSTRING(...). The vulnerable sink was introduced in commit 6bb77ae3e4 (2008-07-09); CVE-2015-4633 patched the same class in sibling files but did not generalise the fix to reports/catalogue_out.pl. Fixed in Koha 22.11.38, 24.11.16, 25.05.11, 25.11.05, 26.05.01, and 26.11.00 by replacing the raw concatenation with a parameterised placeholder.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.6)

cvss2

Base Score: 7.5

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:N/A:P

cvss3

Base Score: 7.6

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

cvss4

Base Score: 5.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:X/U:Amber

Impact Score

4.7

Exploitability

2.8

REFERENCES

CVE-2026-5513

SUMMARY

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires 'Remember personal information in cookies' setting to be enabled (disabled by default).

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.2)

cvss3

Base Score: 7.2

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Impact Score

2.7

Exploitability

3.9

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…