What is the official website of Sense Reply ?

The official website of Sense Reply is https://www.reply.com/sense-reply/en/.

What is Sense Reply's cybersecurity risk score?

Sense Reply has an AI-generated cybersecurity risk score of 751 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has Sense Reply experienced?

According to Rankiteo, Sense Reply currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Sense Reply been affected by any supply chain cyber incidents ?

According to Rankiteo, Sense Reply has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does Sense Reply have SOC 2 Type 1 certification ?

According to Rankiteo, Sense Reply is not certified under SOC 2 Type 1.

Does Sense Reply have SOC 2 Type 2 certification ?

According to Rankiteo, Sense Reply does not hold a SOC 2 Type 2 certification.

Does Sense Reply comply with GDPR ?

According to Rankiteo, Sense Reply is not listed as GDPR compliant.

Does Sense Reply have PCI DSS certification ?

According to Rankiteo, Sense Reply does not currently maintain PCI DSS compliance.

Does Sense Reply comply with HIPAA ?

According to Rankiteo, Sense Reply is not compliant with HIPAA regulations.

Does Sense Reply have ISO 27001 certification ?

According to Rankiteo,Sense Reply is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Sense Reply operate in ?

Sense Reply operates primarily in the IT Services and IT Consulting industry.

How many employees does Sense Reply have ?

Sense Reply employs approximately 90 people worldwide.

Does Sense Reply own any subsidiaries ?

Sense Reply presently has no subsidiaries across any sectors.

How many LinkedIn followers does Sense Reply have ?

Sense Reply's official LinkedIn profile has approximately 2,757 followers.

What is the NAICS classification code for Sense Reply ?

Sense Reply is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.

Does Sense Reply have a Crunchbase profile ?

No, Sense Reply does not have a profile on Crunchbase.

Does Sense Reply have a LinkedIn profile ?

Yes, Sense Reply maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/sense-reply.

How many cybersecurity incidents has Sense Reply experienced ?

As of June 14, 2026, Rankiteo reports that Sense Reply has not experienced any cybersecurity incidents.

How many peer or competitor companies does Sense Reply have ?

Sense Reply has an estimated 40,681 peer or competitor companies worldwide.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

Sense Reply

Boost Score +25 with badge (5 left)

751

/1000

Fair

776

/1000

Fair

Sense Reply Vendor Cyber Rating & Cyber Score

reply.com

Add Your Compliance Badge

Sense Reply is the Reply group company specializing in end-to-end solutions for the decarbonization of the Energy & Utilities, Oil & Gas, Automotive, Telecommunications, Smart Cities, Transport, and Infrastructure sectors. Leveraging the power of IoT and AI technologies, Sense Reply supports market-leading companies operating in these sectors in transforming business models, processes, and enterprise architectures toward energy transition, enabling Things-to-things, Human-to-things, and AI-to-things models. Sense Reply is an AWS Premier Consulting Partner and has achieved AWS Energy Competency status. Reply, thanks to the significant contribution of Sense Reply, has won two major 2023 AWS Partner Awards: System Integrator Partner of

Sense Reply A.I CyberSecurity Scoring

Scoring History

Sense Reply

Sense Reply CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

No data available

Loading…

A.I.

Sense Reply Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for Sense Reply

Incidents vs IT Services and IT Consulting Industry Avg (This Year)

No incidents recorded for Sense Reply in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Sense Reply in 2026.

Incident Types Sense Reply vs IT Services and IT Consulting Industry Avg (This Year)

No incidents recorded for Sense Reply in 2026.

Incident History - Sense Reply (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Sense Reply Subsidiaries

Sense Reply

IT Services and IT Consulting

Website: https://www.reply.com/sense-reply/en/

Company Size: 90

119

ReplyIT Services and IT Consulting

Open Reply ITIT Services and IT Consulting

Blue Reply ITIT Services and IT Consulting

Airwalk ReplyIT Services and IT Consulting

Concept Reply GmbHInformation Technology & Services

Spike ReplyIT Services and IT Consulting

Machine Learning ReplyIT Services and IT Consulting

Spur ReplyBusiness Consulting and Services

Communication Valley ReplyComputer and Network Security

Concept Quality ReplyIT Services and IT Consulting

Data Reply UKIT Services and IT Consulting

e*finance consulting ReplyFinancial Services

Glue ReplyIT Services and IT Consulting

Wemanity Learning CenterDéveloppement professionnel et coaching

Fincon Reply GmbHInformation Services

Like ReplyAdvertising Services

AIM ReplyIT Services and IT Consulting

Solidsoft ReplyIT Services and IT Consulting

HERMES REPLYInformation Technology & Services

Target Reply RomeIT Services and IT Consulting

Sprint Reply ITInformation Technology & Services

Concept Reply USInformation Technology & Services

Logistics Reply UKSoftware Development

Roboverse Reply DEIT Services and IT Consulting

ARLANIS REPLYIT Services and IT Consulting

Business Elements ReplyIT Services and IT Consulting

Sprint Reply DEIT Services and IT Consulting

Liquid ReplyIT Services and IT Consulting

Life At ReplyIT Services and IT Consulting

BitmamaAdvertising Services

Avantage ReplyFinancial Services

Nexi DigitalFinancial Services

Wemanity MarocIT Services and IT Consulting

Lynx RecruitmentStaffing and Recruiting

Syskoplan Reply USIT Services and IT Consulting

Valorem ReplyIT Services and IT Consulting

Storm ReplyIT Services and IT Consulting

Threepipe ReplyAdvertising Services

Technology ReplySoftware Development

WM ReplyIT Services and IT Consulting

Cloud9 ReplyIT Services and IT Consulting

Machine Learning Reply GmbHIT Services and IT Consulting

Xister ReplyAdvertising Services

ATLAS REPLYIT Services and IT Consulting

Concept Engineering ReplyIT Services and IT Consulting

Wemanity BelgiumInformation Technology & Services

Go ReplyIT Services and IT Consulting

Cluster Reply DEIT Services and IT Consulting

Mansion House ConsultingBusiness Consulting and Services

Net ReplyIT Services and IT Consulting

Pay ReplyInformation Technology & Services

Connect ReplyIT Services and IT Consulting

TD ReplyBusiness Consulting and Services

Sytel ReplyIT Services and IT Consulting

Data Reply FRInformation Technology & Services

Comsysto Reply GmbHIT Services and IT Consulting

Whitehall ReplyIT Services and IT Consulting

Laife ReplyInformation Technology & Services

Business ReplySoftware Development

Syskoplan Reply DACHInformation Technology & Services

ARLANIS REPLY ITIT Services and IT Consulting

Canvas ReplyIT Services and IT Consulting

Spike Reply DEIT Services and IT Consulting

Wakanda Technologies - We bring African IT Power to EuropeIT-Dienstleistungen und IT-Beratung

Aktive ReplyInformation Technology & Services

Graymatter ReplyAdvertising Services

Graymatter REPLY DigitalAdvertising Services

Light ReplyIT Services and IT Consulting

Triplesense ReplyTechnology, Information and Internet

Technology Reply RomaniaIT Services and IT Consulting

Accelerator 365 by ReplySoftware Development

4brands ReplyInformation Technology & Services

Everlo Reply GmbHIT Services and IT Consulting

Shield ReplyIT Services and IT Consulting

Cortex Reply UKTechnology, Information and Internet

Autonomous Reply FRIT Services and IT Consulting

Blue Reply DEIT Services and IT Consulting

KI ReplyInformation Technology & Services

Sprint Reply BEIT Services and IT Consulting

Open Reply UKInformation Technology & Services

Starbytes.itInformation Technology & Services

Reply ChallengesFornitori di e-learning

Target ReplyData Infrastructure and Analytics

Blockchain ReplyIT Services and IT Consulting

Wemanity NetherlandsProfessional Training and Coaching

Data Reply DEInformation Technology & Services

Data Reply ITIT Services and IT Consulting

Leadvise ReplyBusiness Consulting and Services

Digital Transformation der Regulatory AffairsUnternehmensberatung

Live Reply DEIT Services and IT Consulting

Comwrap Reply DACHTechnology, Information and Internet

Open ReplyInformation Technology & Services

Logistics Reply USSoftware Development

Infinity Reply ITIT Services and IT Consulting

Up ReplyIT Services and IT Consulting

Brick Reply | IT Solutions and Services for ManufacturingSoftware Development

Storm Reply DEIT Services and IT Consulting

Sytel Reply NorthInformation Technology & Services

Net Reply UKIT Services and IT Consulting

Red Reply DEIT Services and IT Consulting

Neo ReplyIT Services and IT Consulting

Live Reply ItalyIT Services and IT Consulting

Sprint Reply UKIT Services and IT Consulting

Arlanis Reply UKIT Services and IT Consulting

Air ReplyIT Services and IT Consulting

Infinity Reply DEIT Services and IT Consulting

Macros Reply GmbHIT Services and IT Consulting

Spike Reply UKTechnology, Information and Internet

Storm Reply, Inc.Professional Services

Eos ReplyIT Services and IT Consulting

Open Reply Benelux - FranceBusiness Consulting and Services

Alpha ReplyIT Services and IT Consulting

Affinity ReplyIT Services and IT Consulting

Ki Reply UKIT Services and IT Consulting

Zest ReplyIT Services and IT Consulting

Nimbus ReplyIT Services and IT Consulting

Cluster Reply PLIT Services and IT Consulting

Industrie Reply USMotor Vehicle Manufacturing

Atomic ReplyBusiness Consulting and Services

Loading…

Sense Reply Similar Companies

Hitachi

hitachi.com

For over 100 years, Hitachi has been committed to developing innovations that improve lives. Today, this means creating superior technology and products that balance environment, well-being, and economic growth. We integrate IT, operational technology (OT), and products to transform critical infrastructure and industrial systems. Through Hitachi’s process for creating value from data, which we call Lumada, we combine rich industry insight and infrastructure expertise to create measurable, positive change. We operate across four global sectors – Digital Systems & Services, Energy, Mobility, and Connective Industries – plus a Strategic Social Innovation Business Unit developing next-generation solutions. With over 280,000 employees across 618 consolidated subsidiaries in over 140 countries, we partner with our customers to create a harmonized society and build what’s next for people and planet.

VOIS

vodafone.com

VOIS (Vodafone Intelligent Solutions) is a strategic arm of Vodafone Group Plc, creating value for customers by delivering intelligent solutions through Talent, Technology & Transformation. As the largest shared services organisation in the global telco industry, our portfolio of next-generation solutions and services are designed in partnership with customers across Vodafone Group, local markets, and partner markets to simplify and drive growth. We are pioneering a new Partnership model for the Telco industry, where the sharing of ideas, innovation, platforms and services will unlock opportunities for our people and value for our customers. With our strategic partner Accenture, we work alongside our Vodafone customers, other Telco and tech companies to drive transformation, meet the challenges of our industry and ensure we stay relevant and resilient. This partnership is a unique, industry-first model which brings together the best of in-house and 3rd party capability. We deliver value and results at scale by leveraging technology, data and our talented international team of 30K professionals in the following services: Technology, Business, B2B, Corporate Services, Customer Care. Our commercial model creates clear, benchmarked and competitively-priced services so that we can offer guaranteed outcomes for customers with flexibility and optionality. Bringing together our combined strengths with our strategic partner Accenture our strategy is to: Commercialise: Create cost transparency and foster trust and growth for our customers Re-platform: To simplify, streamline and scale our business Extend beyond our borders: deepening our relationships, growing our services and expanding our customer base across new customers & new geographies We work with customers across 28 countries from 10 VOIS locations: Albania, Egypt, Hungary, India, Romania, Spain, Turkey, UK, Germany, Ireland, and with a network of teams in Czech Republic, Italy, Greece, and Portugal.

SoftServe

softserveinc.com

SoftServe is a premier IT consulting and digital services provider. We expand the horizon of new technologies to solve today's complex business challenges and achieve meaningful outcomes for our clients. Our boundless curiosity drives us to explore and reimagine the art of the possible. Clients confidently rely on SoftServe to architect and execute mature and innovative capabilities, such as digital engineering, data and analytics, cloud, and AI/ML. Our global reputation is gained from more than 30 years of experience delivering superior digital solutions at exceptional speed by top-tier engineering talent to enterprise industries, including high tech, financial services, healthcare, life sciences, retail, energy, and manufacturing. At SoftServe, we live by our values. Trust, teamwork, growth, innovation, willingness to help, and exceeding expectations are engrained in everything we do. We partner with major technology players, such as Google Cloud Platform, Amazon Web Services, Microsoft Azure, Salesforce, NVIDIA, MuleSoft, VMware, and Odoo, to give clients a competitive advantage in the market. Founded in 1993, our global firm is headquartered in Austin, Texas, USA, and Lviv, Ukraine. Visit our website, blog, media, and news pages for more information. Blog: softserveinc.com/blog Media: softserveinc.com/media News: softserveinc.com/news

Carelon Global Solutions India

carelonglobal.in

Carelon Global Solutions makes healthcare operations more practical, effective, and efficient. Our global team of more than 25K innovators drives growth, delivers exceptional support, and develops digital tools specifically for health plans, providers, and systems. Each day, our partners and experts from across the globe implement new ways to save time and money — so doctors can focus on care. Formerly known as Legato Health Technologies, Carelon Global Solutions is part of the Carelon family of brands and is a fully owned subsidiary of Elevance Health. Headquartered in the United States, Carelon Global Solutions has talented teams in India, Ireland, the Philippines, and Puerto Rico. Want to be part of something meaningful? Join our growing team. We believe that when bold talent meets limitless thinking, the possibilities are endless. As part of our India team, you’ll work alongside some of the best minds in the business to solve healthcare’s most complex challenges. You’ll be part of an exciting, fast-paced, and supportive company culture, where all associates receive: • Competitive pay. • Generous benefits. • Training, mentorship, and growth. • Hybrid workplace flexibility. • The opportunity to help others and make a difference. Follow our Carelon Global Solutions India LinkedIn page for the latest job postings and timely company news.

Swisscom

swisscom.ch

As No. 1, we inspire people in the connected world. With the latest technologies and innovations, together we have the opportunity to shape the future. To do this, we are and act trustworthy, committed and curious. Are you with us? Join us on this exciting journey and work with us or in one of the DevOps Centres in Riga or Rotterdam in different business areas on the latest technological trends. Find out more about us and our vacancies on our careers page: www.swisscom.ch/career We look forward to hearing from you!

NTT DATA Business Solutions

nttdata-solutions.com

We understand the business of our clients and know what it takes to transform it into the future. At NTT DATA Business Solutions, we drive innovation – from advisory and implementation to managed services and beyond. With SAP at our core and a powerful ecosystem of partners, we continuously improve solutions and technology to make them work for companies – and for their people. Aiming to transform, grow and become more successful? We provide you with more than in-depth expertise for SAP solutions: As your passionate partner, we connect your business opportunities with the latest technologies – and offer you a unique approach to get the job done as smoothly as possible. Our close ties to our partners give you access to innovative solutions and developments. Being part of the global NTT DATA group enables us to master any scope of project. With operations in more than 30 countries, we have enabled thousands of companies become more efficient and effective during the last three decades. Our more than 16,000 experts around the world will also accompany you on your journey toward a truly intelligent enterprise – wherever you want to start!

NTT DATA North America

nttdata.com

NTT DATA, Inc. is a trusted global innovator of business and technology services. We're committed to helping clients innovate, optimize and transform for long-term success. Our R&D investments help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity.

ITC Infotech

itcinfotech.com

ITC Infotech is a global technology solution and services leader providing business-friendly solutions, that enable future-readiness for clients. We seamlessly bring together digital expertise, strong industry-specific alliances, and deep domain expertise from ITC Group businesses. Our solutions and services are focused on Banking and financial Services, Healthcare, Manufacturing, Consumer Goods, Travel and Hospitality. ITC Infotech is a wholly-owned subsidiary of ITC Ltd, one of India’s most admired companies.

UST

ust.com

UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world’s best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients’ organizations. With over 30K+ employees in 30+ countries, UST builds for boundless impact—touching billions of lives in the process.

Loading…

NEWS

Sense Reply CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

July 08, 2025 07:00 AM

Phishing Prevention: How to Spot, Stop and Respond to Scams

As the old adage goes, there are plenty of fish in the sea. In cybersecurity, make that plenty of phishing scams in the cyber-sea.

Read Article

September 29, 2024 07:00 AM

Palo Alto Networks CEO Nikesh Arora’s Epic Reply To Social Media User's 'Not Trained Engineer' Remark

The original post commended Arora's performance ever since he assumed the position of CEO and pointed out that the company's stock rose...

Read Article

April 05, 2023 07:00 AM

Beware of new YouTube phishing scam using authentic email address

YouTube is investigating and warning users of a new phishing scam that has been using its authentic [email protected] email address to lure users.

Read Article

February 24, 2023 08:00 AM

How to avoid falling victim to an online scam – research says slow down

Hoax websites are becoming more popular with fraudsters. So it's more important than ever to protect yourself.

Read Article

October 03, 2022 07:00 AM

New IBM Study Finds Cybersecurity Incident Responders Have Strong Sense of Service as Threats Cross Over to Physical World

The IBM study found that 68% of incident responders surveyed find it common to simultaneously need to respond to two or more cybersecurity incidents.

Read Article

November 18, 2021 08:00 AM

Taking a risk-based approach can help agencies, industry respond to rise in cybercrime

Industry is exploring ways to improve both its own cyber posture, and that of federal agencies. That's one of the reasons Microsoft...

Read Article

November 09, 2021 08:45 AM

Join us at AWS re:Invent 2021

Join Reply at AWS re:Invent 2021, one of the biggest event for the global cloud computing community, taking place from November 29th to December 3rd at Las...

Read Article

April 16, 2019 12:01 PM

Sense and Respond: Moving Toward Real-Time Assurance

Learn how to more effectively assess risks and allocate audit coverage to align with the organization's key risks.

Read Article

January 11, 2017 08:00 AM

Indian enterprises not able to respond to cyber threats: Survey

Indian companies are spending more on cyber security every year yet they are unable to sense, resist nor respond to cyber threats.

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-12175

SUMMARY

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 4.7)

cvss2

Base Score: 5.8

Complexity: LOW

AV:N/AC:L/Au:M/C:P/I:P/A:P

cvss3

Base Score: 4.7

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 2.0

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

1.2

REFERENCES

CVE-2026-12174

SUMMARY

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 8.8)

cvss2

Base Score: 9.0

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:C/A:C

cvss3

Base Score: 8.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 7.4

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

2.8

REFERENCES

CVE-2026-12183

SUMMARY

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-287) in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 (administrator) in response to any HTTP POST request that supplies arbitrary credentials (e.g., action=dologin&login=<any_value>&pwd=<any_value>), and subsequent privileged endpoints under /php/ajax-main.php and /modules/* do not validate a server-side session. A remote unauthenticated attacker can invoke any administrative action exposed by the configuration module, including reading and modifying user rules, fuel tank gauges, fuel dispensers, relays, cash registers, bank terminals, fuel cards, price and customer displays, cash collection, and pricing rules.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 9.8)

cvss3

Base Score: 9.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 9.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

3.9

REFERENCES

CVE-2026-6428

SUMMARY

SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary data from the Koha application database via the Filter URL parameter when the Criteria parameter matches /branchcode/. The vulnerable sink in sub calculate concatenates the unmodified Filter request parameter directly into a LIKE clause of the auxiliary $strsth2 statement and executes it via DBI without bound parameters: my $f = @$filters[0]; $f =~ s/\*/%/g; $strsth2 .= " AND $column LIKE '$f' "; This enables error-based SQL injection (e.g., via EXTRACTVALUE) and full read access to sensitive tables including borrowers (password hashes, 2FA secrets, PII), borrower_password_recovery, api_keys, and sessions. Proof of concept (error-based, single request): GET /cgi-bin/koha/reports/catalogue_out.pl?do_it=1&output=screen&Limit=10&Criteria=branchcode&Filter=x'+AND+EXTRACTVALUE(1,CONCAT(0x7e,VERSION(),0x7c,USER(),0x7c,DATABASE(),0x7e))--+- Cookie: CGISESSID=<LIBRARIAN_SESSION> The response body contains the DBI exception leaking the MariaDB version, database user, client IP, and database name, after which arbitrary data can be paged out using LIMIT n,1 / SUBSTRING(...). The vulnerable sink was introduced in commit 6bb77ae3e4 (2008-07-09); CVE-2015-4633 patched the same class in sibling files but did not generalise the fix to reports/catalogue_out.pl. Fixed in Koha 22.11.38, 24.11.16, 25.05.11, 25.11.05, 26.05.01, and 26.11.00 by replacing the raw concatenation with a parameterised placeholder.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.6)

cvss2

Base Score: 7.5

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:N/A:P

cvss3

Base Score: 7.6

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

cvss4

Base Score: 5.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:X/U:Amber

Impact Score

4.7

Exploitability

2.8

REFERENCES

CVE-2026-5513

SUMMARY

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires 'Remember personal information in cookies' setting to be enabled (disabled by default).

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.2)

cvss3

Base Score: 7.2

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Impact Score

2.7

Exploitability

3.9

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…