What is the official website of T-Mobile ?

The official website of T-Mobile is https://t-mobile.com.

What is T-Mobile's cybersecurity risk score?

T-Mobile has an AI-generated cybersecurity risk score of 485 out of 1000, indicating a Critical security posture according to Rankiteo's assessment.

How many security incidents has T-Mobile experienced?

According to Rankiteo, T-Mobile currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has T-Mobile been affected by any supply chain cyber incidents ?

According to Rankiteo, T-Mobile has been affected by a supply chain cyber incident involving SolarWinds, with the incident ID T-M416050724.

Does T-Mobile have SOC 2 Type 1 certification ?

According to Rankiteo, T-Mobile is not certified under SOC 2 Type 1.

Does T-Mobile have SOC 2 Type 2 certification ?

According to Rankiteo, T-Mobile does not hold a SOC 2 Type 2 certification.

Does T-Mobile comply with GDPR ?

According to Rankiteo, T-Mobile is not listed as GDPR compliant.

Does T-Mobile have PCI DSS certification ?

According to Rankiteo, T-Mobile does not currently maintain PCI DSS compliance.

Does T-Mobile comply with HIPAA ?

According to Rankiteo, T-Mobile is not compliant with HIPAA regulations.

Does T-Mobile have ISO 27001 certification ?

According to Rankiteo,T-Mobile is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does T-Mobile operate in ?

T-Mobile operates primarily in the Telecommunications industry.

How many employees does T-Mobile have ?

T-Mobile employs approximately 95,676 people worldwide.

Does T-Mobile own any subsidiaries ?

T-Mobile presently has no subsidiaries across any sectors.

How many LinkedIn followers does T-Mobile have ?

T-Mobile's official LinkedIn profile has approximately 637,479 followers.

What is the NAICS classification code for T-Mobile ?

T-Mobile is classified under the NAICS code 517, which corresponds to Telecommunications.

Does T-Mobile have a Crunchbase profile ?

No, T-Mobile does not have a profile on Crunchbase.

Does T-Mobile have a LinkedIn profile ?

Yes, T-Mobile maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/t-mobile.

How many cybersecurity incidents has T-Mobile experienced ?

As of June 14, 2026, Rankiteo reports that T-Mobile has experienced 24 cybersecurity incidents.

How many peer or competitor companies does T-Mobile have ?

T-Mobile has an estimated 10,194 peer or competitor companies worldwide.

What types of cybersecurity incidents has T-Mobile faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Data Leak, Breach, Vulnerability and Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

T-Mobile

Boost Score +25 with badge (5 left)

485

/1000

Critical

510

/1000

Critical

T-Mobile Vendor Cyber Rating & Cyber Score

t-mobile.com

Add Your Compliance Badge

As the supercharged Un-carrier, T-Mobile US, Inc. (NASDAQ: TMUS) is powered by an award-winning 5G network that connects more people, in more places, than ever before. With T-Mobile’s unique value proposition of best network, best value, and best experiences, the Un-carrier is redefining connectivity and fueling competition while continuing to drive the next wave of innovation in wireless and beyond. Headquartered in Bellevue, Wash., T-Mobile provides services through its subsidiaries and operates its flagship brands, T-Mobile, Metro by T-Mobile, and Mint Mobile.

T-Mobile A.I CyberSecurity Scoring

Scoring History

T-Mobile

T-Mobile CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

T-Mobile

Breach

4/2026

T-M1775514990

T-Mobile

Breach

3/2026

T-M1774995874

T-Mobile

Breach

3/2026

T-M1775061177

T-Mobile

Breach

100

10/2025

T-M536275310152...

T-Mobile

Breach

6/2025

T-M1767599480

T-Mobile

Breach

100

12/2024

T-M000120524

T-Mobile

Data Leak

6/2023

TMO11721023

T-Mobile

Breach

100

2/2023

TMO05529523

T-Mobile

Breach

01/2023

TMO215721123

T-Mobile

Breach

11/2022

T-M510072825

T-Mobile

Cyber Attack

100

8/2022

TMO1148161122

T-Mobile

Cyber Attack

04/2022

TMO102316422

T-Mobile

Breach

12/2021

TMO154319322

T-Mobile

Breach

100

8/2021

SolarWinds

T-M416050724

T-Mobile

Breach

7/2021

T-M228072925

T-Mobile

Breach

6/2021

T-M733081425

T-Mobile

Breach

03/2020

TMO15334722

T-Mobile

Breach

11/2019

TMO0241722

T-Mobile

Breach

08/2018

TMO15303722

T-Mobile

Breach

6/2018

T-M260432611052...

T-Mobile

Vulnerability

02/2018

TMO18348622

T-Mobile

Data Leak

12/2017

TMO20024323

T-Mobile

Breach

9/2015

T-M759072725

T-Mobile

Breach

11/2013

T-M416072525

Loading…

A.I.

T-Mobile Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for T-Mobile

Incidents vs Telecommunications Industry Avg (This Year)

T-Mobile has 64.84% more incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

T-Mobile has 180.37% more incidents than the average of all companies with at least one recorded incident.

Incident Types T-Mobile vs Telecommunications Industry Avg (This Year)

T-Mobile reported 3 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 3 data breaches, compared to industry peers with at least 1 incident.

Incident History - T-Mobile (X = Date, Y = Severity)

Loading…

SUBSIDIARY

T-Mobile Subsidiaries

T-Mobile

Telecommunications

Website: https://t-mobile.com

Company Size: 10,000+ employees

T-PriorityTelecommunications

MetroPCSTelecommunications

Metro by T-MobileTelecommunications

T-Mobile AcceleratorTelecommunications

T-Mobile Advertising SolutionsMedia and Telecommunications

T-Mobile Puerto RicoTelecommunications

T-Mobile DevEdgeIT Services and IT Consulting

Loading…

T-Mobile Similar Companies

Vivo (Telefônica Brasil)

vivo.com.br

Vivo (Telefônica Brasil) is part of the Telefónica Group and with more than 94 million customers, of which 75 million mobile and 19 million fixed, we are the largest telecommunications company in Brazil, with nationwide presence and a complete, convergent portfolio of products, combining fixed, mobile and digital services. Our purpose is “Digitalize to Bring Closer”, helping to build a digital nation and transforming the life of our customers. More and more, we connect people and things with Fiber, 4G and 4.5G and cover more cities with the network quality that only Vivo has. Today, we cover around 90% of the population with 4G and are accelerating the launch of cities with 4.5G, using carrier aggregation technology. In the fixed operation, we ended 2019 with 21 million homes-passed (HPs) with fiber optic technology, of which 11 million HPs with FTTH (fiber to the home). In addition, all cities with FTTH technology also offer TV over fiber (IPTV), aiming to offer the best speed and experience to our consumers. At Vivo, we also do more than just telecommunications. Within the Group, we have the Telefônica Vivo Foundation, that is committed to making education a priority, developing projects that are based on human potential and use technology as an instrument in favor of inclusion and digital culture.

Telcel

telcel.com

Telcel (Radiomóvil Dipsa) es subsidiaria de América Móvil, uno de los mayores proveedores de comunicaciones celulares de Latinoamérica, grupo líder con inversiones en telecomunicaciones en varios países del continente americano. Telcel es la empresa de telefonía celular líder en México. Nuestra solidez y estructura nos consolidan gracias a la especialización y actualización permanente de todas las personas que trabajamos en ella. Todos nosotros estamos comprometidos a satisfacer de manera eficaz y constante todas las necesidades de comunicación inalámbrica de nuestros clientes.

yes

yes.co.il

תכירו את השחקנים הראשיים שלנו: העובדות והעובדים. אנחנו לא עובדים עם תסריט קבוע, חושבים מחוץ לקופסא, ומייצרים ז'אנר משלנו. כש-יס קמה, בשנת 1998, הבאנו את בשורת הלווין אל עולם שידורי הטלוויזיה והיינו הראשונים להציע שידורים דיגיטליים ושירותי טלוויזיה אינטראקטיביים - כשבחירת התכנים היא בידיים של הלקוח, מה שהגדיר מחדש את ענף שידורי הטלוויזיה בישראל. את החדשנות הזאת רואים ברזולוציית HD בכל הצוותים והמחלקות שלנו - מהתוכן שבוחר את התכנים, דרך הטכנאים שמתקינים את התשתית ועד חטיבת השירות שזמינה ללקוחות שלנו עם כל צורך שיצוץ. בשיתוף פעולה שחוצה צוותים ומחלקות, השתמשנו מהרגע הראשון בטכנולוגיות החדשניות ביותר ועליהן הלבשנו את מיטב התכנים. חתמנו על חוזי רכישה עם אולפני הסרטים והמפיצים המובילים בעולם כדי לדאוג למבחר הגדול ביותר של סרטים חדשים באיכות הצפייה החדה ביותר שנראתה עד היום. ואנחנו משתפים פעולה עם ענקיות הסטרימינג הבינלאומיות: דיסני פלוס, דיסקברי פלוס ונטפליקס וכל זה מתאפשר בזכות גיוס הטובים ביותר בעולמות הבידור, הטכנולוגיה והתמיכה תוך מתן דגש על שירות לקוחות שדוגל בהקשבה ובשקיפות. אפילו מכרנו לאחרונה כמה הפקות מקור מובילות בחו"ל. ביניהן "פאודה", עליה נכתב בניו יורק טיימס שהיא אחת הסדרות הבינלאומיות הטובות ביותר לשנת 2017, כמו גם "כבודו" ו-"שטיסל", שנמכרו ל-CBS. ו"מלכת היופי של ירושלים" שנמכרה ל-נטפליקס. לא פלא שכ- 580 אלף משפחות בישראל וכ- 1000 עובדים כבר אמרו לנו כן

Idea Cellular Ltd

cb ideacellular.com

Idea Cellular is an Aditya Birla Group Company, India's first truly multinational corporation. Idea is a pan-India integrated GSM operator offering 2G and 3G services, and has its own NLD and ILD operations, and ISP license. With revenue in excess of $4 billion; revenue market share of 18%; and subscriber base of over 150 million, Idea is India’s 3rd largest mobile operator. Idea ranks among the Top 10 country operators in the world with a traffic of over 1.5 billion minutes a day. Idea’s robust pan-India coverage is built on a network of over 100,000 2G and 3G cell sites, spread across over 55,000 towns in India. Using the latest in technology, Idea provides world-class service delivery through the most extensive network of customer touch points, comprising of nearly 4,500 exclusive Idea outlets, and over 7,000 call centre seats. Idea’s customer service delivery platform is ISO 9001:2008 certified, making it the only operator in the country to have this standard certification for all 22 service areas and the corporate office Idea won the ‘Best Brand Campaign’ at the esteemed World Communication Awards 2011. It also recently won 3 Awards at the ET Telecom Awards 2012, in the following categories Customer Experience Enhancement, Excellence in Marketing and Innovative products, respectively.

Telefónica

cb telefonica.com

Telefónica is today one of the largest telecommunications companies in the world in terms of market capitalisation and number of customers. We have the best infrastructure, as well as an innovative range of digital and data services; therefore, we are favorably positioned to meet the needs of our customers and capture growth in new businesses. We are sensitive to the new challenges demanded by society today and, therefore, we provide the means to facilitate communication between people, providing them with the most secure and cutting-edge technology. Our vision is focused on technology making people's lives easier and our aim is to promote progress in that direction, so that technology can make a positive impact on the world both socially and environmentally, and, ultimately, so as to provide value and trust in an ever-changing and accelerating world. Digital life is life itself, and technology is an essential part of being human. We want to create, protect and boost connections in life so people can choose a world of unlimited possibilities. We want to be a company in which our clients, employees, suppliers, shareholders, and society in general can trust. In order to achieve this, we communicate our strategy, business model and most relevant data to our stakeholders in a clear and transparent manner, so as to show the company's ability to create value.

airtel

airtel.com

Airtel was founded to provide global connectivity and unlock endless opportunities. Our organization embodies a unique blend of energy, innovation, creativity, dedication, scale, and ownership, all aimed at being limitless. At Airtel, we strive to go beyond our duties to create impactful solutions for our consumers. Our team is highly skilled and constantly growing, actively developing infrastructure to introduce cutting-edge technologies like 5G, IoT, IQ, and Airtel Black. We have successfully launched 5G services in over 5,000 cities and towns nationwide, with 10 million unique customers on the 5G network nationally. Airtel Black is another convenient consumer service that provides combined billing for family and friends under a single bill. We also offer enterprise solutions, including national and international long-distance services for carriers. With a subscriber base exceeding 574 million as of 2023, we are committed to delivering effective products that contribute to the realization of a 'Digital India', enabling millions of individuals to connect and thrive for a brighter future. Our presence spans 7,915 census and 802,577 non-census towns and villages, covering almost 96% of the country's population with 388,726 Rkms of optical fiber and an extensive distribution network of 1.2 million outlets. We've also implemented conservation initiatives that have saved 14,676 MWh of electricity, 4412 tonnes of paper through our e-bill initiatives, and recycled 3330 tonnes of e-waste. At Airtel, we believe in taking early ownership, delivering quality, and experimenting with various career paths to boost our trajectories and gain valuable insights into the business, making us the best in the industry. We are committed to creating the ultimate experience for our consumers while maintaining an ecological balance in the world.

AT&T

cb att.com

We understand that our customers want an easier, less complicated life. We’re using our network, labs, products, services, and people to create a world where everything works together seamlessly, and life is better as a result. How will we continue to drive for this excellence in innovation? With you. Our people, and their passion to succeed, are at the heart of what we do. Today, we’re poised to connect millions of people with their world, delivering the human benefits of technology in ways that defy the imaginable. What are you dreaming of doing with your career? Find stories about our talent, career advice, opportunities, company news, and innovations here on LinkedIn. To learn more about joining AT&T, visit: http://www.att.jobs We provide in some of our posts links to articles or posts from third-party websites unaffiliated with AT&T. In doing so, AT&T is not adopting, endorsing or otherwise approving the content of those articles or posts. AT&T is providing this content for your information only.

Orange

orange.com

Orange is one of the world’s leading telecommunications operators with revenues of 40.3 billion euros in 2024 and 127,000 employees worldwide at 31 December 2024, including 71,000 employees in France. The Group has a total customer base of 291 million customers worldwide at 31 December 2024, including 253 million mobile customers and 22 million fixed broadband customers. The Group is present in 26 countries. Orange is also a leading provider of global IT and telecommunication services to multinational companies under the brand Orange Business. In February 2023, the Group presented its strategic plan « Lead the future », built on a new business model and guided by responsibility and efficiency. « Lead the future » capitalizes on network excellence to reinforce Orange's leadership in service quality.

Telkomsel

telkomsel.com

Connecting Nation. Accelerating Indonesia's Future. As Indonesia's leading digital telecommunications company, Telkomsel is committed to building a connected, competitive, and future-ready society. For over 29 years, we've empowered individuals, homes, and businesses with innovative connectivity and digital solutions. With a nationwide network of over 271,000 BTS, we serve 159.4 million mobile users and 9.6 million fixed broadband (IndiHome B2C) customers. We continually expand our 4G coverage, advance 5G innovation, and deploy the latest fixed broadband technologies to enhance our customers' experiences. Beyond connectivity, Telkomsel plays a key role in driving Indonesia's digital transformation through services such as Digital Lifestyle, Advertising, Enterprise Solutions, and the Internet of Things (IoT). Guided by Environmental, Social, and Governance (ESG) principles, we are committed to creating a sustainable and inclusive digital ecosystem that benefits both people and the planet. Discover more at telkomsel.com or connect via the MyTelkomsel App, Facebook (Telkomsel), X (@telkomsel), and Instagram (@telkomsel).

Loading…

NEWS

T-Mobile CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

April 03, 2026 07:00 AM

T-Mobile Sets the Record Straight on Latest Data Breach Filing

The cybersecurity incident involved an insider and had a limited impact, the telecoms giant told SecurityWeek.

Read Article

March 16, 2026 07:00 AM

Cybersecurity expert highlights mobile device vulnerabilities

Cybersecurity threats to mobile devices are on the rise. A local tech expert is addressing the growing concerns and offering solutions to...

Read Article

March 04, 2026 08:00 AM

T-Mobile’s Eric Jensen on the challenge of securing vast supply chains

Eric Jensen, Senior Director of Cybersecurity at T-Mobile, discussed the primary challenges his organization faces in defending against an...

Read Article

January 15, 2026 08:00 AM

Verizon outage cause revealed

Verizon has confirmed that the extreme service outage was not caused by a cybersecurity breach but was some kind of software problem.

Read Article

December 04, 2025 08:00 AM

T-Mobile’s Cybersecurity Playbook: How Mark Clancy Is Reinventing Telecom Security for the AI Age

T-Mobile's Cybersecurity Playbook: How Mark Clancy Is Reinventing Telecom Security for the AI Age ... As cyber threats become increasingly...

Read Article

November 26, 2025 08:00 AM

AT&T, Verizon, And T-Mobile Customers Should Be Worried About The FCC's Ruling

The Federal Communications Commission recently voted to rescind certain cybersecurity rules, potentially putting mobile customers at greater...

Read Article

November 25, 2025 08:00 AM

Verizon, AT&T, and T‑Mobile users at risk as controversial law protecting them is scrapped

USERS at major communications companies like Verizon and AT&T may be left feeling uneasy as a law protecting cybersecurity has been...

Read Article

November 17, 2025 08:00 AM

Is mobile banking safe? How to actually protect your money

Mobile banking is secure when you use official apps and follow best practices. Major banks invest billions in cybersecurity, but user habits...

Read Article

November 03, 2025 08:00 AM

Google Declares Android as the Most Secure Mobile OS: A Game Changer in Mobile Cybersecurity

Discover why Google declares Android the most secure mobile OS, marking a true game changer in mobile cybersecurity for users and...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-12175

SUMMARY

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 4.7)

cvss2

Base Score: 5.8

Complexity: LOW

AV:N/AC:L/Au:M/C:P/I:P/A:P

cvss3

Base Score: 4.7

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 2.0

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

1.2

REFERENCES

CVE-2026-12174

SUMMARY

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 8.8)

cvss2

Base Score: 9.0

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:C/A:C

cvss3

Base Score: 8.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 7.4

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

2.8

REFERENCES

CVE-2026-12183

SUMMARY

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-287) in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 (administrator) in response to any HTTP POST request that supplies arbitrary credentials (e.g., action=dologin&login=<any_value>&pwd=<any_value>), and subsequent privileged endpoints under /php/ajax-main.php and /modules/* do not validate a server-side session. A remote unauthenticated attacker can invoke any administrative action exposed by the configuration module, including reading and modifying user rules, fuel tank gauges, fuel dispensers, relays, cash registers, bank terminals, fuel cards, price and customer displays, cash collection, and pricing rules.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 9.8)

cvss3

Base Score: 9.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 9.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

3.9

REFERENCES

CVE-2026-6428

SUMMARY

SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary data from the Koha application database via the Filter URL parameter when the Criteria parameter matches /branchcode/. The vulnerable sink in sub calculate concatenates the unmodified Filter request parameter directly into a LIKE clause of the auxiliary $strsth2 statement and executes it via DBI without bound parameters: my $f = @$filters[0]; $f =~ s/\*/%/g; $strsth2 .= " AND $column LIKE '$f' "; This enables error-based SQL injection (e.g., via EXTRACTVALUE) and full read access to sensitive tables including borrowers (password hashes, 2FA secrets, PII), borrower_password_recovery, api_keys, and sessions. Proof of concept (error-based, single request): GET /cgi-bin/koha/reports/catalogue_out.pl?do_it=1&output=screen&Limit=10&Criteria=branchcode&Filter=x'+AND+EXTRACTVALUE(1,CONCAT(0x7e,VERSION(),0x7c,USER(),0x7c,DATABASE(),0x7e))--+- Cookie: CGISESSID=<LIBRARIAN_SESSION> The response body contains the DBI exception leaking the MariaDB version, database user, client IP, and database name, after which arbitrary data can be paged out using LIMIT n,1 / SUBSTRING(...). The vulnerable sink was introduced in commit 6bb77ae3e4 (2008-07-09); CVE-2015-4633 patched the same class in sibling files but did not generalise the fix to reports/catalogue_out.pl. Fixed in Koha 22.11.38, 24.11.16, 25.05.11, 25.11.05, 26.05.01, and 26.11.00 by replacing the raw concatenation with a parameterised placeholder.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.6)

cvss2

Base Score: 7.5

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:N/A:P

cvss3

Base Score: 7.6

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

cvss4

Base Score: 5.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:X/U:Amber

Impact Score

4.7

Exploitability

2.8

REFERENCES

CVE-2026-5513

SUMMARY

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires 'Remember personal information in cookies' setting to be enabled (disabled by default).

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.2)

cvss3

Base Score: 7.2

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Impact Score

2.7

Exploitability

3.9

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…