What is the official website of RSK Geosciences ?

The official website of RSK Geosciences is https://rskgroup.com/rsk-business/rsk-geosciences/.

What is RSK Geosciences's cybersecurity risk score?

RSK Geosciences has an AI-generated cybersecurity risk score of 751 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has RSK Geosciences experienced?

According to Rankiteo, RSK Geosciences currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has RSK Geosciences been affected by any supply chain cyber incidents ?

According to Rankiteo, RSK Geosciences has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does RSK Geosciences have SOC 2 Type 1 certification ?

According to Rankiteo, RSK Geosciences is not certified under SOC 2 Type 1.

Does RSK Geosciences have SOC 2 Type 2 certification ?

According to Rankiteo, RSK Geosciences does not hold a SOC 2 Type 2 certification.

Does RSK Geosciences comply with GDPR ?

According to Rankiteo, RSK Geosciences is not listed as GDPR compliant.

Does RSK Geosciences have PCI DSS certification ?

According to Rankiteo, RSK Geosciences does not currently maintain PCI DSS compliance.

Does RSK Geosciences comply with HIPAA ?

According to Rankiteo, RSK Geosciences is not compliant with HIPAA regulations.

Does RSK Geosciences have ISO 27001 certification ?

According to Rankiteo,RSK Geosciences is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does RSK Geosciences operate in ?

RSK Geosciences operates primarily in the Environmental Services industry.

How many employees does RSK Geosciences have ?

RSK Geosciences employs approximately 156 people worldwide.

Does RSK Geosciences own any subsidiaries ?

RSK Geosciences presently has no subsidiaries across any sectors.

How many LinkedIn followers does RSK Geosciences have ?

RSK Geosciences's official LinkedIn profile has approximately 6,281 followers.

What is the NAICS classification code for RSK Geosciences ?

RSK Geosciences is classified under the NAICS code 54162, which corresponds to Environmental Consulting Services.

Does RSK Geosciences have a Crunchbase profile ?

No, RSK Geosciences does not have a profile on Crunchbase.

Does RSK Geosciences have a LinkedIn profile ?

Yes, RSK Geosciences maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/rskgeosciences.

How many cybersecurity incidents has RSK Geosciences experienced ?

As of June 14, 2026, Rankiteo reports that RSK Geosciences has experienced 1 cybersecurity incidents.

How many peer or competitor companies does RSK Geosciences have ?

RSK Geosciences has an estimated 8,482 peer or competitor companies worldwide.

What types of cybersecurity incidents has RSK Geosciences faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

RSK Geosciences

Boost Score +25 with badge (5 left)

751

/1000

Fair

776

/1000

Fair

RSK Geosciences Vendor Cyber Rating & Cyber Score

rskgroup.com

Add Your Compliance Badge

RSK Geosciences is a leading UK-based environmental, geotechnical, surveying, and geophysics consultancy, part of the RSK Group. Staffed by more than 300 professionals, we have been operating for more than 30 years. Our highly dedicated and skilled team comprises chartered geologists, hydrogeologists, geotechnical engineers, geophysicists, geochemists and environmental scientists. Located in 20 offices throughout the UK, our vast network responds quickly to client enquiries, rapidly mobilises teams to site and uses the latest technology to ensure an efficient flow of data among sites, offices and clients. We help our clients to realise opportunities and manage the potential liabilities associated with acquiring, owning, operating,

RSK Geosciences A.I CyberSecurity Scoring

Scoring History

RSK Geosciences

RSK Geosciences CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

RSK Geosciences

Cyber Attack

10/2025

JEN273212710242...

Loading…

A.I.

RSK Geosciences Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for RSK Geosciences

Incidents vs Environmental Services Industry Avg (This Year)

No incidents recorded for RSK Geosciences in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for RSK Geosciences in 2026.

Incident Types RSK Geosciences vs Environmental Services Industry Avg (This Year)

No incidents recorded for RSK Geosciences in 2026.

Incident History - RSK Geosciences (X = Date, Y = Severity)

Loading…

SUBSIDIARY

RSK Geosciences Subsidiaries

RSK Geosciences

Environmental Services

Website: https://rskgroup.com/rsk-business/rsk-geosciences/

Company Size: 201-500 employees

124

RSK GroupEnvironmental Services

BinniesCivil Engineering

Binnies DCWWCivil Engineering

CANCivil Engineering

ADASEnvironmental Services

RSK Habitat ManagementEnvironmental Services

ADAS ArboricultureEnvironmental Services

FarmPEPFarming

RSK Middle EastEnvironmental Services

Copper ConsultancyPublic Relations and Communications Services

CAN RenewablesServices for Renewable Energy

MWH TreatmentConstruction

Envireau WaterEnvironmental Services

BMG ResearchMarket Research

Absolute Solar and Wind LtdRenewable Energy Semiconductor Manufacturing

Nature PositiveEnvironmental Services

RSK AfricaEnvironmental Services

Cambridge Environmental Assessments, part of RSK ADAS LtdChemical Manufacturing

Inis Environmental Consultants Ltd.Environmental Services

CS2 Chartered SurveyorsConstruction

RSK EnvironmentEnvironmental Services

GeocoreCivil Engineering

RSK International Projects GroupEnvironmental Services

Proeon Systems Ltd.Automation Machinery Manufacturing

Spencer Quantum LtdConstruction

CX Utilities Ltd (An RSK Company)Utilities

The Woodhouse Partnership Ltd (TWPL)Business Consulting and Services

Woodhouse AustralasiaBusiness Consulting and Services

EDP Consultants AustraliaEnvironmental Services

The MSS GroupEnvironmental Services

Stephenson HallidayEnvironmental Services

cbec eco-engineering UK & EuropeEnvironmental Services

C J Associates Geotechnical LtdConstruction

RSK WildingEnvironmental Services

Salix River and WetlandEnvironmental Services

WatertrainEducation

ADAS LandscapeArchitecture and Planning

Richard Irvin FM LimitedFacilities Services

Silcock Leedham Group LimitedConstruction

HydrofixServices for Renewable Energy

RSK APACEnvironmental Services

RSK ResponseEnvironmental Services

W Crowder & Sons LtdWholesale

Pharos Generator Services LimitedMechanical Or Industrial Engineering

Up and UnderCivil Engineering

RSK AcousticsArchitecture and Planning

HI-LINEEnvironmental Services

Calibrate Energy LtdRenewable Energy Semiconductor Manufacturing

Ian Farmer Associates (1998) LimitedCivil Engineering

MG Scaffolding LtdConstruction

RSK NetherlandsEnvironmental Services

RSK AsbestosEnvironmental Services

RSK BENELUX BVEnvironmental Services

RSK EnvironnementBusiness Consulting and Services

Advantage RSKAlternative Dispute Resolution

Aurora Health Physics Services LtdEnvironmental Services

RSK CreativeDesign Services

Virtus EnergyComputers and Electronics Manufacturing

FishtekEnvironmental Services

Optisol Services LtdRenewable Energy Semiconductor Manufacturing

Acies Civil and Structural LtdCivil Engineering

Smith + Kennedy ArchitectsArchitecture and Planning

ADEV ENVIRONNEMENTEnvironmental Services

RGM Environmental, Science and Technical support servicesEnvironmental Services

RSK EcologyEnvironmental Services

CR Civil EngineeringCivil Engineering

Nicholas O'Dwyer LtdEnvironmental Services

Civil Engineering InternationalCivil Engineering

WRc GroupResearch Services

Amphos 21Environmental Services

Structural SoilsCivil Engineering

WGM Engineering LtdEngineering Services

Headland Archaeology (UK) LtdEnvironmental Services

AxisOil and Gas

Centara Ltd - Surveying, Engineering and CADUtilities

EcologiaEnvironmental Services

PellingsConstruction

RSK Ireland Ltd.Environmental Services

Jennings O'Donovan & PartnersCivil Engineering

RSK BiocensusEnvironmental Services

FR ConsultantsConstruction

Central AllianceConstruction

SCPCivil Engineering

COGNICAConstruction

RSK AustraliaEnvironmental Services

ADAS PlanningArchitecture and Planning

Leap EnvironmentalEnvironmental Services

Non Destructive Testing Services LtdConstruction

RoC ConsultingConstruction

EDPBusiness Consulting and Services

Southern Ecological Solutions (SES)Environmental Services

1stinrailCivil Engineering

MilestoneConstruction

Richard Allitt Associates LtdCivil Engineering

Remote Aerial SurveysPhotography

rsim Remote SimulationsCivil Engineering

RemedX LtdEnvironmental Services

Streetwise UK Management LtdConstruction

TWIG GroupEnvironmental Services

B-Line and Easy2PlotPrinting Services

RSK LDE (Land and Development Engineering)Civil Engineering

RSK DACH-RegionEnvironmental Services

WaldramsReal Estate

Milner AssociatesConstruction

LARSEN WATER MANAGEMENT LTDUtilities

Minerex Environmental Ltd.Environmental Services

Travis BakerCivil Engineering

RSK RadiologicalEnvironmental Services

Brown & May Marine LtdFisheries

RSK IWS Integrated Waste Solutions LtdUtilities

Hawkins Electrical LtdAppliances, Electrical, and Electronics Manufacturing

Kirton Water Treatment ServicesUtilities

Treefellers LtdEnvironmental Services

Dermot Casey Tree Care Ltd.Consumer Services

Homer Burgess LtdIndustrial Machinery Manufacturing

RSK Consents SolutionsUtilities

ATP Architects & Building SurveyorsArchitecture and Planning

Technik GSConstruction

ATV Contract Services LtdEnvironmental Services

Enviroflow Management LimitedUtilities

EDP Singapore PTEBusiness Consulting and Services

RSK Geophysics and SafegroundEnvironmental Services

RSK GeospatialSurveying and Mapping Services

Carbon Zero ConsultingServices for Renewable Energy

Loading…

RSK Geosciences Similar Companies

Bureau Veritas Group

bureauveritas.com

Bureau Veritas is a world leader in Testing, Inspection and Certification. Our mission is at the heart of key challenges: quality, health and safety, environmental protection and social responsibility. Through our wide range of expertise, impartiality and independence, we foster confidence between companies, public authorities and clients. Bureau Veritas is a Business to Business to Society company, contributing to transform the world we live in. Driven by society, we are working ever more closely with our clients, addressing today’s crucial challenges and answering society’s aspirations. Bureau Veritas is listed on the Euronext Paris (Compartment A, code ISIN FR 0006174348, stock symbol: BVI).

Veolia | Water Tech

veoliawatertechnologies.com

As the world leader in water technologies and services, Veolia relies on its 17,500 water technology experts to deliver innovative solutions that drive both performance and sustainability, without compromise. With over 4,400 technology patents and serving more than 14,000 customers worldwide, Veolia’s water technology activities generated 4.97 billion euros in revenue in 2024. These solutions are central to Veolia’s GreenUp strategic plan, accelerating the ecological transformation of cities and industries while safeguarding resources for the future

Veolia

veolia.com

Veolia group aims to be the benchmark company for ecological transformation. With nearly 220,000 employees worldwide, the Group designs and provides game-changing solutions that are both useful and practical for water, waste and energy management. Through its three complementary business activities, Veolia helps to develop access to resources, preserve available resources, and replenish them. In 2021, the Veolia group supplied 79 million people with drinking water and 61 million people with wastewater service, produced nearly 48 million megawatt hours of energy and treated 48 million metric tons of waste. Veolia Environnement (listed on Paris Euronext: VIE) recorded consolidated revenue of €28.508 billion in 2021. ---- Le groupe Veolia a pour ambition de devenir l’entreprise de référence de la transformation écologique. Présent sur les cinq continents avec près de 220 000 salariés, le Groupe conçoit et déploie des solutions utiles et concrètes pour la gestion de l’eau, des déchets et de l’énergie qui participent à changer radicalement la donne. Au travers de ses trois activités complémentaires, Veolia contribue à développer l’accès aux ressources, à préserver les ressources disponibles et à les renouveler. En 2021, le groupe Veolia a servi 79 millions d’habitants en eau potable et 61 millions en assainissement, produit près de 48 millions de mégawattheures et valorisé 48 millions de tonnes de déchets. Veolia Environnement (Paris Euronext : VIE) a réalisé en 2021 un chiffre d’affaires consolidé de 28,508 milliards d’euros.

Clean Harbors

cb cleanharbors.com

Clean Harbors is North America’s leading provider of environmental and industrial services. The Company serves a diverse customer base, including a majority of Fortune 500 companies. Its customer base spans a number of industries, including chemical, and manufacturing, as well as numerous government agencies. These customers rely on Clean Harbors to deliver a broad range of services such as end-to-end hazardous waste management, emergency spill response, industrial cleaning and maintenance, and recycling services. Through its Safety-Kleen subsidiary, Clean Harbors also is North America’s largest re-refiner and recycler of used oil and a leading provider of parts washers and environmental services to commercial, industrial and automotive customers. Founded in 1980 and based in Massachusetts, Clean Harbors operates throughout the United States, Canada, Mexico and Puerto Rico.

Grupo Tragsa

tragsa.es

Tragsa Group is a group of public companies, integrated in the State Industrial Ownership Corporation (SEPI), which has become a full service supplier and a reference company to Public Administrations. It is formed by four enterprises: Tragsa (1977) responsible for works and services' execution and Tragsatec (1989) which performs engineering works and technical assistance for every sections of the Group. By these companies, the Group is able to take part in every stage of any project, from its conception and design to its execution. 40 years of experience working for Public Administrations and at the service of society, have settle this business group at the front line of the various fields where it intervenes, from agricultural, forest, livestock and rural development services to environmental conservation and protection. Tragsa Group is represented in all the national territory, what makes it possible to give a quick and efficient response to any request that may be done from the central, autonomic and local administrations. Moreover, our collaboration in more than 120 projects of Spanish cooperation – in over 35 different countries of Northern Africa, Sub-Saharan Africa, Latin America and the Caribbean, Asia, Europe and the Middle East – has given the company international importance. In every field of activity, the differentiating factor of the Group stands in its proved experience, its capacity to give a fast-response and adapt its work to Administration’s needs, and its high I+D+I profile, what makes the group able to provide leading edge technology and the highest quality services

Eiffage Énergie Systèmes

eiffageenergiesystemes.com

Rejoindre Eiffage, c’est rejoindre une entreprise animée d’un esprit de famille unique. Nous recherchons des talents qui valorisent l’esprit d’équipe et l’entraide et qui souhaitent découvrir, progresser, innover dans un collectif engagé pour construire un avenir à taille humaine. Nous avons besoin de vos différences et de vos singularités car elles sont la richesse d’un Groupe qui donne sa chance à chacun. Rejoindre Eiffage, c’est rejoindre une grande entreprise qui a tous les atouts d’une petite ! _ Eiffage Énergie Systèmes est la marque des métiers de l’énergie du groupe Eiffage. Eiffage Énergie Systèmes conçoit, réalise, exploite et maintient des systèmes d'énergie. Experte en génies électrique, industriel, climatique et énergétique, Eiffage Énergie Systèmes propose des solutions innovantes portées par de nouvelles marques expertises: 👉 Clemessy, la marque dédiée à l’industrie 👉 Dorsalys, la marque dédiée aux infrastructures et réseaux 👉 Expercité, la marque dédiée aux villes et collectivités 👉 Terceo, la marque dédiée aux bâtiments tertiaires. ➡️ Eiffage Énergie Systèmes, c’est : 38 250 collaborateurs 7.2 Mds€ de chiffre d’affaires total 2.8 Mds€ de chiffre d’affaires en Europe 170 M€ de chiffre d’affaires Grand international (hors Europe) ➡️ Eiffage : 21.8 Mds € de chiffre d’affaires 78 200 salariés CA : 21,8 milliards d’euros 78 200 salariés 🌍 Présente dans plus de 50 pays, Eiffage Énergie Systèmes tisse une relation de proximité avec ses clients et offre ses expertises pointues afin de répondre au plus juste aux besoins énergétiques. Rejoindre Eiffage Énergie Systèmes c’est prendre part à des projets d’envergure et concevoir des solutions énergétiques respectueuses des Hommes et de l’environnement. C’est aussi évoluer dans un milieu professionnel d’avenir et participer à créer un avenir à taille humaine.

EQUANS

equans.com

Equans, a Bouygues group company, is a world leader in multi-technical services with offices in 20 country hubs. This brand expresses the desire to provide the right answer [ANS] to the equations [EQU] of our customers. We design and provide customised solutions to improve our customers’ buildings, technical equipment, systems and processes and to support them in optimising their use. With nearly 90,000 highly qualified employees and a strong geographic footprint through our historical local brands, we have excellent technical know-how in design, installation, maintenance and performance services, with a unique combination of skills as in HVAC, Cooling & Fire protection, Facility Management, Digital & ICT, Electrical, Mechanical & Robotics... Equans expertise and knowledge of our customers’ businesses now place us to support them in their transitions for modernisation and sustainable development.

RSK Group

rskgroup.com

RSK Group is a global leader in the delivery of environmental and engineering solutions. We recognise the urgent need for sustainable change and know that this will be achieved by delivering meaningful action, not just words. We are committed to supporting our clients and societies as they navigate these complex challenges, while making a positive impact. The business was founded in 1989, originally focused on providing environmental consultancy services to global energy clients. Today, while we remain a leader in environmental consultancy, the business is significantly more diverse. RSK delivers an unrivalled breadth and depth of environmental and engineering services, either as stand-alone projects or as large and integrated multidisciplinary solutions. The group believes this emphasis on multidisciplinary collaboration is essential for successfully addressing complex global challenges. This is why we have brought together pragmatic advice, forward-thinking engineering, cutting-edge innovation, digital solutions, and best-in-class delivery services. The group continues to deliver its ambitious global growth strategy. It now comprises more than 200 companies and employs over 16,000 people.

Rentokil Initial

cb rentokil-initial.com

Rentokil Initial plc employs c.68,500 people across 89 countries - offering the experience and expertise of a multi-national organisation, whilst delivering services with the agility and characteristics of a local business. As world leaders in Pest Control and Hygiene & Well-being services, we deliver services that protect people and enhance lives, to commercial and private customers worldwide. Rentokil Initial plc is listed on the London Stock Exchange (FTSE 100).

Loading…

NEWS

RSK Geosciences CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-12175

SUMMARY

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 4.7)

cvss2

Base Score: 5.8

Complexity: LOW

AV:N/AC:L/Au:M/C:P/I:P/A:P

cvss3

Base Score: 4.7

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 2.0

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

1.2

REFERENCES

CVE-2026-12174

SUMMARY

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 8.8)

cvss2

Base Score: 9.0

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:C/A:C

cvss3

Base Score: 8.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 7.4

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

2.8

REFERENCES

CVE-2026-12183

SUMMARY

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-287) in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 (administrator) in response to any HTTP POST request that supplies arbitrary credentials (e.g., action=dologin&login=<any_value>&pwd=<any_value>), and subsequent privileged endpoints under /php/ajax-main.php and /modules/* do not validate a server-side session. A remote unauthenticated attacker can invoke any administrative action exposed by the configuration module, including reading and modifying user rules, fuel tank gauges, fuel dispensers, relays, cash registers, bank terminals, fuel cards, price and customer displays, cash collection, and pricing rules.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 9.8)

cvss3

Base Score: 9.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 9.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

3.9

REFERENCES

CVE-2026-6428

SUMMARY

SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary data from the Koha application database via the Filter URL parameter when the Criteria parameter matches /branchcode/. The vulnerable sink in sub calculate concatenates the unmodified Filter request parameter directly into a LIKE clause of the auxiliary $strsth2 statement and executes it via DBI without bound parameters: my $f = @$filters[0]; $f =~ s/\*/%/g; $strsth2 .= " AND $column LIKE '$f' "; This enables error-based SQL injection (e.g., via EXTRACTVALUE) and full read access to sensitive tables including borrowers (password hashes, 2FA secrets, PII), borrower_password_recovery, api_keys, and sessions. Proof of concept (error-based, single request): GET /cgi-bin/koha/reports/catalogue_out.pl?do_it=1&output=screen&Limit=10&Criteria=branchcode&Filter=x'+AND+EXTRACTVALUE(1,CONCAT(0x7e,VERSION(),0x7c,USER(),0x7c,DATABASE(),0x7e))--+- Cookie: CGISESSID=<LIBRARIAN_SESSION> The response body contains the DBI exception leaking the MariaDB version, database user, client IP, and database name, after which arbitrary data can be paged out using LIMIT n,1 / SUBSTRING(...). The vulnerable sink was introduced in commit 6bb77ae3e4 (2008-07-09); CVE-2015-4633 patched the same class in sibling files but did not generalise the fix to reports/catalogue_out.pl. Fixed in Koha 22.11.38, 24.11.16, 25.05.11, 25.11.05, 26.05.01, and 26.11.00 by replacing the raw concatenation with a parameterised placeholder.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.6)

cvss2

Base Score: 7.5

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:N/A:P

cvss3

Base Score: 7.6

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

cvss4

Base Score: 5.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:X/U:Amber

Impact Score

4.7

Exploitability

2.8

REFERENCES

CVE-2026-5513

SUMMARY

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires 'Remember personal information in cookies' setting to be enabled (disabled by default).

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.2)

cvss3

Base Score: 7.2

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Impact Score

2.7

Exploitability

3.9

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…