Has Natural Sciences and Engineering Research Council of Canada (NSERC) been affected by any supply chain cyber incidents ?

According to Rankiteo, Natural Sciences and Engineering Research Council of Canada (NSERC) has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does Natural Sciences and Engineering Research Council of Canada (NSERC) have PCI DSS certification ?

According to Rankiteo, Natural Sciences and Engineering Research Council of Canada (NSERC) does not currently maintain PCI DSS compliance.

Does Natural Sciences and Engineering Research Council of Canada (NSERC) have ISO 27001 certification ?

According to Rankiteo,Natural Sciences and Engineering Research Council of Canada (NSERC) is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

How many LinkedIn followers does Natural Sciences and Engineering Research Council of Canada (NSERC) have ?

Natural Sciences and Engineering Research Council of Canada (NSERC)'s official LinkedIn profile has approximately 58,267 followers.

What is the NAICS classification code for Natural Sciences and Engineering Research Council of Canada (NSERC) ?

Natural Sciences and Engineering Research Council of Canada (NSERC) is classified under the NAICS code 92, which corresponds to Public Administration.

How many peer or competitor companies does Natural Sciences and Engineering Research Council of Canada (NSERC) have ?

Natural Sciences and Engineering Research Council of Canada (NSERC) has an estimated 12,888 peer or competitor companies worldwide.

What types of cybersecurity incidents has Natural Sciences and Engineering Research Council of Canada (NSERC) faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Data Leak, Breach and Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

NSERCC

Boost Score +25 with badge (5 left)

765

/1000

Fair

790

/1000

Fair

Natural Sciences and Engineering Research Council of Canada (NSERC) Vendor Cyber Rating & Cyber Score

gc.ca

Add Your Compliance Badge

NSERC invests over $1 billion each year in natural sciences and engineering research in Canada. Our investments deliver discoveries, valuable world-firsts in knowledge claimed by a brain trust of over 11,000 professors, world-leading researchers in their fields. Our investments also enable partnerships and collaborations that connect industry with discoveries and the people behind them. Researcher-industry partnerships established by NSERC help inform R&D, solve scale-up challenges and reduce the risks of developing high-potential technology. Our investments also provide scholarships and hands-on training experience for the next generation of science and engineering leaders in Canada, more than 30,000 post-secondary students and

NSERCC A.I CyberSecurity Scoring

Scoring History

NSERCC

Natural Sciences and Engineering Research Council of Canada (NSERC) CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Natural Sciences an...

Breach

10/2025

TRA270222710182...

Natural Sciences an...

Breach

5/2025

OFF100251009182...

Natural Sciences an...

Breach

10/2022

CAN206221122

Government of Canad...

Cyber Attack

3/2020

GOV1766174849

Natural Sciences an...

Data Leak

08/2018

GOV12181122

Natural Sciences an...

Breach

06/2018

CAN17246822

Natural Sciences an...

Cyber Attack

100

06/2015

GOV192330422

Loading…

A.I.

NSERCC Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for NSERCC

Incidents vs Government Administration Industry Avg (This Year)

No incidents recorded for Natural Sciences and Engineering Research Council of Canada (NSERC) in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Natural Sciences and Engineering Research Council of Canada (NSERC) in 2026.

Incident Types NSERCC vs Government Administration Industry Avg (This Year)

No incidents recorded for Natural Sciences and Engineering Research Council of Canada (NSERC) in 2026.

Incident History - NSERCC (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Natural Sciences and Engineering Research Council of Canada (NSERC) Subsidiaries

NSERCC

Government Administration

Website: http://www.nserc-crsng.gc.ca

Company Size: 201-500 employees

Government of CanadaGovernment Administration

Canada Revenue Agency - Agence du revenu du CanadaGovernment Administration

Service CanadaGovernment Administration

Health Canada | Santé CanadaGovernment Administration

National Research Council Canada / Conseil national de recherches CanadaResearch Services

SSHRC-CRSHGovernment Administration

Office of the Privacy Commissioner of Canada/Commissariat à la protection de la vie privée du CanadaGovernment Administration

Canadian Centre for Occupational Health and SafetyGovernment Administration

Shared Services Canada | Services partagés CanadaGovernment Administration

WAGE / FEGCGovernment Administration

Federal Economic Development Agency for Southern Ontario | Agence fédérale de ...Government Administration

Department of Justice Canada | Ministère de la Justice du CanadaGovernment Administration

Canada School of Public Service | École de la fonction publique du CanadaGovernment Administration

Prairies Economic Development Canada I Développement économique Canada pour les PrairiesGovernment Administration

Commission de la fonction publique du Canada | Public Service Commission of CanadaGovernment Administration

Canada Border Services Agency | Agence des services frontaliers du CanadaGovernment Administration

ACOA - APECAGovernment Administration

Doing Business with the Government of Canada | Faire affaire avec le gouvernement du CanadaGovernment Administration

Canadian Armed Forces | Forces armées canadiennesArmed Forces

CAFCYBERCOM | COMCYBERFACMilitary and International Affairs

Inside ECCC | Ici à ECCCGovernment Administration

Canadian Intellectual Property Office / Office de la propriété intellectuelle du CanadaGovernment Administration

Statistics Canada | Statistique CanadaGovernment Administration

CRTCTelecommunications

Canada Economic Development for Quebec RegionsGovernment Administration

Competition Bureau CanadaLaw Enforcement

Bureau de la concurrence CanadaLaw Enforcement

Policy Horizons Canada - Horizons de politiques CanadaGovernment Administration

Public Prosecution Service of Canada | Service des poursuites pénales du CanadaGovernment Administration

Canada Mortgage and Housing Corporation (CMHC) Société canadienne d'hypothèques et de logement(SCHL)Government Administration

Get Cyber SafeGovernment Administration

My Source | Ma sourceGovernment Administration

Régie de l’énergie du CanadaGovernment Administration

Pensez cybersécuritéGovernment Administration

Communications Security Establishment Canada | Centre de la sécurité des télécommunications CanadaGovernment Administration

Treasury Board of Canada Secretariat | Secrétariat du Conseil du Trésor du CanadaGovernment Administration

Environment and Climate Change CanadaGovernment Administration

Finance Canada / Finances CanadaGovernment Administration

Canadian Food Inspection AgencyGovernment Administration

Transport Canada - Transports CanadaGovernment Administration

Emploi et Développement social Canada (EDSC) / Employment and Social Development Canada (ESDC)Government Administration

Labour ProgramGovernment Administration

Programme du travailGovernment Administration

Canada 2030 AgendaGovernment Administration

Programme 2030 CanadaGovernment Administration

Immigration and Refugee Board of Canada | Commission de l'immigration et du statut de réfugiéGovernment Administration

Veterans Affairs Canada / Anciens Combattants CanadaGovernment Administration

Public Safety Canada | Sécurité publique CanadaPublic Safety

Public Health Agency of Canada | Agence de la santé publique du CanadaGovernment Administration

Trade Commissioner Service | Service des délégués commerciauxInternational Trade and Development

Canadian Institutes of Health Research | Instituts de recherche en santé du CanadaGovernment Administration

Loading…

Natural Sciences and Engineering Research Council of Canada (NSERC) Similar Companies

Department of Education and Youth

www.gov.ie

The Department of Education and Youth is a ministerial department of the Irish State with responsibility for education. Our mission to facilitate children and young people, through learning, to achieve their full potential and contribute to Ireland’s social, economic and cultural development. The current Minister for Education is Hildegarde Naughton TD, and the Minister of State with responsiblity for Special Education and Inclusion is Michael Moynihan TD.

Etat de Vaud

vd.ch

Le canton de Vaud, c’est plus de 800 000 personnes vivant dans plus de 300 communes ! Rejoindre l’Administration cantonale vaudoise, c’est s’engager aux côtés de près de 40’000 personnes unies dans un même but : servir la population. Pourquoi nous suivre ? Dédiez votre quart d’heure vaudois aux opportunités de carrière et à l’info du canton ! Retrouvez les actualités vaudoises, les décisions du Grand Conseil et du Conseil d’Etat qui orientent les politiques publiques, les infos pratiques et les chiffres clés. Découvrez aussi des portraits des collaboratrices et collaborateurs au cœur de l’action et des offres d’emploi variées. Pourquoi nous rejoindre ? Nous rejoindre, c’est s’engager auprès d’un employeur fiable, éthique, équitable et tourné vers la durabilité. Parce que les envies, les attentes et les besoins évoluent tout au long d’une carrière, nous proposons des formations, des opportunités de développement de carrière ainsi qu’un équilibre entre vie privée et vie professionnelle. Vous aussi contribuez à l’actualité et à l’avenir du canton ! Retrouvez toutes nos offres d’emploi sur www.vd.ch/offres-demploi

Københavns Kommune

kk.dk

Københavns Kommune er Danmarks største arbejdsplads med ca. 45.000 medarbejdere. Vi udvikler hovedstaden og servicerer over 500.000 københavnere. Vores mål er at fastholde og udvikle København som en af verdens bedste byer at bo i – og skabe øget vækst gennem viden, innovation og beskæftigelse. Find dit næste job her eller på www.kk.dk/job På vores karrieresite www.kk.dk/job kan du bl.a. se alle vores ledige stillinger og tilmelde dig vores jobagent. Her kan du også læse om vores medarbejdergoder.

South African Revenue Service (SARS)

sars.gov.za

Its main functions are to: collect and administer all national taxes, duties and levies; collect revenue that may be imposed under any other legislation, as agreed on between SARS and an organ of state or institution entitled to the revenue; provide protection against the illegal importation and exportation of goods; facilitate trade; and advise the Minister of Finance on all revenue matters

Rijkswaterstaat

rijkswaterstaat.nl

Rijkswaterstaat is de uitvoeringsorganisatie van het Ministerie van Infrastructuur en Waterstaat. We beheren en ontwikkelen de rijkswegen, -vaarwegen en –wateren en zetten in op een duurzame leefomgeving. Samen met andere organisaties werken we aan een land dat beschermd is tegen overstromingen. Waar voldoende groen is, en voldoende en schoon water. En waar je vlot en veilig van A naar B kunt. Samenwerken aan een veilig, leefbaar en bereikbaar Nederland. Dat is Rijkswaterstaat. Bij Rijkswaterstaat werk je mee aan de toekomst van Nederland met de ruimte om jezelf te blijven ontwikkelen. Gun jezelf een baan met toekomst. Gun jezelf Rijkswaterstaat.

Helsingin kaupunki – Helsingfors stad – City of Helsinki

hel.fi

#MeTeemmeHelsingin Helsingin kaupunki on Suomen suurin työnantaja, jonka palveluksessa on lähes 39 000 ammattilaista ja asiantuntijaa. Helsingin kaupunki tarjoaa henkilöstölle monipuolisia, mielenkiintoisia ja yhteiskunnallisesti merkittäviä työtehtäviä, hyvät mahdollisuudet kehittymiseen, ammattitaitoiset työkaverit, työaikajoustot sekä kilpailukykyiset henkilöstöedut. Lisää kaupungista työnantajana: https://www.hel.fi/fi/avoimet-tyopaikat/miksi-toihin-kaupungille Helsingin kaupungin kotisivut: www.hel.fi *** Helsingfors stad, Finlands största arbetsgivare, har cirka 39 000 anställda. Dessa yrkesmänniskor och experter, som företräder ett antal olika branscher. Tack vare stadens och sektorernas storlek har de anställda mångsidiga, intressanta och samhälleligt viktiga arbetsuppgifter, goda möjligheter att utbilda sig och utvecklas, yrkeskunniga arbetskamrater, arbetstidsflexibilitet och konkurrenskraftiga personalförmåner. Mer om staden som arbetsgivare: https://www.hel.fi/sv/lediga-jobb/varfor-borja-arbeta-hos-staden Helsinki stad webbplats: www.hel.fi/sv *** The City of Helsinki is Finland’s biggest employer with 39 000 employees, who are professionals and experts of various fields. The large size of the City and the wide scope of the fields of employment give the City personnel versatile and socially important jobs, good opportunities for training and development on the job, skilled colleagues, flexible working hours and competitive personnel benefits. City as an employer: https://www.hel.fi/en/open-jobs/why-work-for-the-city City of Helsinki website: www.hel.fi/en

City of Cape Town

capetown.gov.za

Cape Town, or the Mother City, is South Africa’s oldest city, its second-most populous and the legislative capital. It is made up of a diverse population, a rich history, world-famous tourist attractions and an exciting calendar of international and local events. More than 231 councillors and 26 225 staff serve 4 million residents across a sprawling and cosmopolitan metro of 2 500 square kilometres. The City provides all the services normally associated with a full-service municipality, such as water, electricity, waste removal, sanitation, new infrastructure, roads, public spaces, facilities, housing developments, the upgrade of informal settlements and existing infrastructure, clinics and more. To meet the current and future needs of its residents, the City of Cape Town has formulated strategies and policies to guide development and growth. Central to these is the Integrated Development Plan (IDP), which is a five-year plan that informs the City’s policy and budget decisions. The City’s strong sense of community makes it one of the best places to live, work and raise a family. We offer rewarding career opportunities, great benefits and competitive salaries. New opportunities are posted at www.capetown.gov.za/careers.

Government of Canada

canada.ca

The Government of Canada works on behalf of Canadians, both at home and abroad. Visit www.Canada.ca to learn more. Canada’s professional, non-partisan public service is among the best in the world, and many of its departments and agencies place in Canada’s Top 100 Employers year after year. If you are interested in joining our diverse and innovative team, visit www.jobs.gc.ca for information and opportunities. Terms: https://www.canada.ca/en/transparency/terms.html Le gouvernement du Canada œuvre au nom des Canadiens, tant au pays qu’à l’étranger. Consultez le site www.canada.ca pour en savoir plus. Impartiale et professionnelle, la fonction publique du Canada fait partie de l’élite mondiale. Bon nombre de ses ministères et organismes figurent parmi les 100 meilleurs employeurs du pays année après année. Vous aimeriez intégrer notre équipe diversifiée et innovante? Rendez-vous au www.emplois.gc.ca pour obtenir des informations et connaître les possibilités qui s’offrent à vous. Avis : https://www.canada.ca/fr/transparence/avis.html

State of Ohio

ohio.gov

Employment with the State of Ohio is more than ‘just a job’ – it is a privilege to serve our families, friends and neighbors who rely on us throughout our great state. We are a team of dedicated public servants committed to high performance, innovative thinking, and delivering excellent and efficient services. Our goal is to recruit and retain the best talent for our positions, because when we have the best talent, we get the best results for our community. We are #TeamOhio.

Loading…

NEWS

Natural Sciences and Engineering Research Council of Canada (NSERC) CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

October 24, 2025 12:33 PM

Top Canadian Science and Engineering Prizes For Carleton Researchers

Two highly accomplished Carleton University researchers have received major awards from the Natural Sciences and Engineering Research Council of Canada...

Read Article

October 23, 2025 09:54 PM

Accelerating Discovery: Trailblazing Research Gets Additional Funding

Three Carleton University professors at the forefront in research for high-demand technologies have received the Discovery Accelerator Supplements funding.

Read Article

September 30, 2025 07:00 AM

2025-09-30

Dear colleagues,. The past few weeks have reminded us of what our community can accomplish together. The successful launch of Starsailor by...

Read Article

July 11, 2025 07:00 AM

TMU launching Canada’s first training program to integrate quantum computing, artificial intelligence and operations research

Professor Sharareh Taghipour and an interdisciplinary team of collaborators are launching a new training program to bridge quantum computing...

Read Article

July 09, 2025 07:00 AM

U of G Receives $25.4M for Cybersecurity, Sustainability, Social Justice, Health - U of G News

University of Guelph researchers have been awarded over $25.4 million from the Natural Sciences and Engineering Research Council (NSERC),...

Read Article

July 09, 2025 07:00 AM

School of Information Studies Professors Awarded $5.6M Grant to Propel Canada to the Forefront of Cybersecurity Data Analytics Research

Professor Benjamin Fung, Canada Research Chair in Data Mining for Cybersecurity, and Professor Steven Ding, both of the School of...

Read Article

July 09, 2025 07:00 AM

UNBC researchers secure more than $1.5 million in NSERC Discovery Grant funding

Eight UNBC researchers receive more than $1.5 million through NSERC's Discovery Grant program to support long-term, curiosity-driven...

Read Article

January 22, 2025 08:00 AM

Canadian quantum commercialization and research projects get federal funding boost

Three commercialization projects get $4.7 million from DIGITAL, NSERC grants $74 million to 107 research projects.

Read Article

January 21, 2025 08:00 AM

More than $8 million awarded to INRS, a leader in quantum research

Funding from Canada's National Quantum Strategy will lead to advances in telecommunications, cybersecurity and biomedicine VARENNES, QC,...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-12175

SUMMARY

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 4.7)

cvss2

Base Score: 5.8

Complexity: LOW

AV:N/AC:L/Au:M/C:P/I:P/A:P

cvss3

Base Score: 4.7

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 2.0

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

1.2

REFERENCES

CVE-2026-12174

SUMMARY

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 8.8)

cvss2

Base Score: 9.0

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:C/A:C

cvss3

Base Score: 8.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 7.4

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

2.8

REFERENCES

CVE-2026-12183

SUMMARY

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-287) in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 (administrator) in response to any HTTP POST request that supplies arbitrary credentials (e.g., action=dologin&login=<any_value>&pwd=<any_value>), and subsequent privileged endpoints under /php/ajax-main.php and /modules/* do not validate a server-side session. A remote unauthenticated attacker can invoke any administrative action exposed by the configuration module, including reading and modifying user rules, fuel tank gauges, fuel dispensers, relays, cash registers, bank terminals, fuel cards, price and customer displays, cash collection, and pricing rules.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 9.8)

cvss3

Base Score: 9.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 9.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

3.9

REFERENCES

CVE-2026-6428

SUMMARY

SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary data from the Koha application database via the Filter URL parameter when the Criteria parameter matches /branchcode/. The vulnerable sink in sub calculate concatenates the unmodified Filter request parameter directly into a LIKE clause of the auxiliary $strsth2 statement and executes it via DBI without bound parameters: my $f = @$filters[0]; $f =~ s/\*/%/g; $strsth2 .= " AND $column LIKE '$f' "; This enables error-based SQL injection (e.g., via EXTRACTVALUE) and full read access to sensitive tables including borrowers (password hashes, 2FA secrets, PII), borrower_password_recovery, api_keys, and sessions. Proof of concept (error-based, single request): GET /cgi-bin/koha/reports/catalogue_out.pl?do_it=1&output=screen&Limit=10&Criteria=branchcode&Filter=x'+AND+EXTRACTVALUE(1,CONCAT(0x7e,VERSION(),0x7c,USER(),0x7c,DATABASE(),0x7e))--+- Cookie: CGISESSID=<LIBRARIAN_SESSION> The response body contains the DBI exception leaking the MariaDB version, database user, client IP, and database name, after which arbitrary data can be paged out using LIMIT n,1 / SUBSTRING(...). The vulnerable sink was introduced in commit 6bb77ae3e4 (2008-07-09); CVE-2015-4633 patched the same class in sibling files but did not generalise the fix to reports/catalogue_out.pl. Fixed in Koha 22.11.38, 24.11.16, 25.05.11, 25.11.05, 26.05.01, and 26.11.00 by replacing the raw concatenation with a parameterised placeholder.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.6)

cvss2

Base Score: 7.5

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:N/A:P

cvss3

Base Score: 7.6

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

cvss4

Base Score: 5.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:X/U:Amber

Impact Score

4.7

Exploitability

2.8

REFERENCES

CVE-2026-5513

SUMMARY

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires 'Remember personal information in cookies' setting to be enabled (disabled by default).

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.2)

cvss3

Base Score: 7.2

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Impact Score

2.7

Exploitability

3.9

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…