What is the official website of Tata Steel ?

The official website of Tata Steel is https://www.tatasteel.com.

What is Tata Steel's cybersecurity risk score?

Tata Steel has an AI-generated cybersecurity risk score of 802 out of 1000, indicating a Good security posture according to Rankiteo's assessment.

How many security incidents has Tata Steel experienced?

According to Rankiteo, Tata Steel currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Tata Steel been affected by any supply chain cyber incidents ?

According to Rankiteo, Tata Steel has been affected by a supply chain cyber incident involving Tata Group, with the incident ID MAR1193411110425.

Does Tata Steel have SOC 2 Type 1 certification ?

According to Rankiteo, Tata Steel is not certified under SOC 2 Type 1.

Does Tata Steel have SOC 2 Type 2 certification ?

According to Rankiteo, Tata Steel does not hold a SOC 2 Type 2 certification.

Does Tata Steel comply with GDPR ?

According to Rankiteo, Tata Steel is not listed as GDPR compliant.

Does Tata Steel have PCI DSS certification ?

According to Rankiteo, Tata Steel does not currently maintain PCI DSS compliance.

Does Tata Steel comply with HIPAA ?

According to Rankiteo, Tata Steel is not compliant with HIPAA regulations.

Does Tata Steel have ISO 27001 certification ?

According to Rankiteo,Tata Steel is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Tata Steel operate in ?

Tata Steel operates primarily in the Mining industry.

How many employees does Tata Steel have ?

Tata Steel employs approximately 56,276 people worldwide.

Does Tata Steel own any subsidiaries ?

Tata Steel presently has no subsidiaries across any sectors.

How many LinkedIn followers does Tata Steel have ?

Tata Steel's official LinkedIn profile has approximately 2,283,578 followers.

What is the NAICS classification code for Tata Steel ?

Tata Steel is classified under the NAICS code 212, which corresponds to Mining (except Oil and Gas).

Does Tata Steel have a Crunchbase profile ?

No, Tata Steel does not have a profile on Crunchbase.

Does Tata Steel have a LinkedIn profile ?

Yes, Tata Steel maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/tatasteelltd.

How many cybersecurity incidents has Tata Steel experienced ?

As of June 14, 2026, Rankiteo reports that Tata Steel has experienced 7 cybersecurity incidents.

How many peer or competitor companies does Tata Steel have ?

Tata Steel has an estimated 3,801 peer or competitor companies worldwide.

What types of cybersecurity incidents has Tata Steel faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Ransomware, Breach and Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

Tata Steel

Boost Score +25 with badge (5 left)

802

/1000

Good

827

/1000

Good

Tata Steel Vendor Cyber Rating & Cyber Score

tatasteel.com

Add Your Compliance Badge

Tata Steel group is among the top global steel companies with an annual crude steel capacity of 34 million tonnes per annum. It is one of the world's most geographically-diversified steel producers, with operations and commercial presence across the world. The group (excluding SEA operations) recorded a consolidated turnover of US $19.7 billion in the financial year ending March 31, 2020. A Great Place to Work-CertifiedTM organisation, Tata Steel Ltd., together with its subsidiaries, associates and joint ventures, is spread across five continents with an employee base of over 65,000. Tata Steel has been a part of the DJSI Emerging Markets Index since 2012 and has been consistently ranked amongst top 5 steel companies in the DJSI

Tata Steel A.I CyberSecurity Scoring

Scoring History

Tata Steel

Tata Steel CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Tata Steel

Cyber Attack

100

11/2025

TAT066210611172...

Tata Group

Ransomware

100

9/2025

Tata Group

MAR119341111042...

Tata Steel

Breach

100

5/2025

TAT203292010312...

Tata Steel

Ransomware

100

4/2025

TAT235040325

Tata Steel Nederlan...

Ransomware

100

2/2025

TAT1777667117

Tata Steel

Ransomware

1/2025

TAT702030425

Tata Steel

Ransomware

10/2022

TAT000020325

Loading…

A.I.

Tata Steel Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for Tata Steel

Incidents vs Mining Industry Avg (This Year)

No incidents recorded for Tata Steel in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Tata Steel in 2026.

Incident Types Tata Steel vs Mining Industry Avg (This Year)

No incidents recorded for Tata Steel in 2026.

Incident History - Tata Steel (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Tata Steel Subsidiaries

Tata Steel

Mining

Website: https://www.tatasteel.com

Company Size: 10,001+ employees

Tata GroupExecutive Offices

Tata MotorsMotor Vehicle Manufacturing

Bolt from Tata MotorsMotor Vehicle Manufacturing

Tata ElxsiIT Services and IT Consulting

Tata Elxsi TransportationIT Services and IT Consulting

Tata Elxsi Healthcare and Life SciencesIT Services and IT Consulting

Tata Elxsi Media & CommunicationsIT Services and IT Consulting

Tata Elxsi JapanIT Services and IT Consulting

Tata Elxsi Design StudioIT Services and IT Consulting

Tata TechnologiesEngineering Services

iGETIT by Tata Technologies | Learning Solutions for EngineersE-learning

Tata Consultancy ServicesIT Services and IT Consulting

Tata Consultancy Services - IndiaIT Services and IT Consulting

Future-Ready ManufacturingManufacturing

Tata Consultancy Services - JapanIT Services and IT Consulting

TCS Life Sciences and HealthcareIT Services and IT Consulting

TCS Financial Services and InsuranceIT Services and IT Consulting

Tata Consultancy Services - UK and IrelandIT Services and IT Consulting

Tata Consultancy Services LATAMServicios y tecnologías de la información

Tata Consultancy Services - UK and EuropeIT-services en consultancy

TCS Retail and Consumer GoodsIT Services and IT Consulting

Tata Consultancy Services - EuropeIT Services and IT Consulting

Tata Consultancy Services - ResearchResearch Services

TCS AI & Advanced TechIT Services and IT Consulting

TCS BaNCSIT Services and IT Consulting

Tata Consultancy Services - North AmericaIT Services and IT Consulting

TCS Digital Software & SolutionsIT Services and IT Consulting

Tata Consultancy Services – Asia PacificIT Services and IT Consulting

Titan Company LimitedRetail

Titan Corporate GiftingRetail

Design Impact IndiaCivic and Social Organizations

Titan Watches IndiaManufacturing

Titan Precision ToolsMachinery Manufacturing

Xylys WatchesManufacturing

Titan MovementsRetail Luxury Goods and Jewelry

Tata CapitalFinancial Services

Taj HotelsHospitality

Taj InnerCircleHospitality

Tata Housing Development Company LimitedReal Estate

Tata International LimitedInternational Trade and Development

Tata Mutual FundFinancial Services

Prof.Simply SimpleFinancial Services

CMC LTDIT Services and IT Consulting

Tata Group - EuropeIndustrial Machinery Manufacturing

Tata HealthWellness and Fitness Services

Roz Ka DozHealth, Wellness & Fitness

Tata Steel NederlandMining

Packaging | Tata Steel NederlandPackaging and Containers Manufacturing

Multisteel | Tata Steel NederlandMining

Automotive | Tata Steel NederlandMotor Vehicle Manufacturing

Feijen | Tata Steel NederlandMining

Engineering | Tata Steel NederlandAgriculture, Construction, Mining Machinery Manufacturing

Gelsenkirchen | Tata Steel NederlandMining

Service Centre Maastricht B. V. | Tata Steel NederlandMining

Layde | Tata Steel NederlandMining

Multisteel | Tata Steel NederlandMining

Packaging | Tata Steel NederlandPackaging and Containers Manufacturing

Tata Steel i NordenMining

Automotive | Tata Steel NederlandMotor Vehicle Manufacturing

Engineering | Tata Steel NederlandAgriculture, Construction, Mining Machinery Manufacturing

Tubes | Tata Steel NederlandMining

Feijen | Tata Steel NederlandMining

Naantali Steel Service Centre @ Tata SteelMining

Gelsenkirchen | Tata Steel NederlandMining

Layde | Tata Steel NederlandMining

Colors | Tata Steel NederlandBuilding Construction

Tata Pravesh - Doors and WindowsFurniture and Home Furnishings Manufacturing

CorusMining

Tata Steel Industrial ConsultingOperations Consulting

Loading…

Tata Steel Similar Companies

Gerdau

gerdau.com.br

With a history spanning 122 years, Gerdau is Brazil's largest steel producer, one of the leading producers of long steel in the Americas and of special steel in the world. In Brazil, Gerdau also produces flat steel and iron ore for its own use. Gerdau also has a new business division, Gerdau Next, which fosters entrepreneurship in segments adjacent to the steel industry. Guided by its purpose of empowering people who build the future, Gerdau has operations in nine countries and over 30,000 direct and indirect employees. Gerdau is the largest recycling company in Latin America and uses scrap as an important input, with 73% of the steel it produces made from scrap. Every year, Gerdau transforms 11 million tonnes of scrap into a variety of steel products. Gerdau also is the world’s largest charcoal producer, with over 250 hectares of planted forests in the state of Minas Gerais. As a result of its sustainable production matrix, Gerdau currently has one of the industry’s lowest average greenhouse gas emissions (CO₂e), of 0.86t/CO₂e per tonne of steel, which is about half the global industry average of 1.91 t/CO₂e per tonne of steel (worldsteel). By 2031, Gerdau’s target is to reduce its carbon emissions to 0.83 t/CO₂e per tonne of steel. Gerdau’s shares are listed on the São Paulo (B3), New York (NYSE) and Madrid (Latibex) stock exchanges.

First Quantum Minerals

first-quantum.com

First Quantum Minerals Ltd. is a global mining company producing copper and nickel, as well as gold and cobalt. Our growing portfolio of operations and projects spans four continents and employs around 20,000 people. We are well-known for our ‘can do’ attitude and specialist technical, project management, engineering, construction and operational skills, which allow us to develop and successfully run complex mines and minerals processing plants. We strive to go beyond the goals set by other companies. After 25 years of operations we are now one of the world’s top 10 copper producers and we focus on providing a tangible benefit from everything we do for employees, investors and the many communities that host our operations. From our initial operation reprocessing tailings facilities in Zambia, to the recently completed giant Cobre Panama operation, we have recorded many significant commercial and technical achievements over the past two decades. By 2021, the combined output of our mines will be more than 800,000 tonnes of copper per year.

Orica

cb orica.com

Our story began in 1874, when we first supplied explosives to the Victorian goldfields in Australia. Since then, we have grown to become one of the world’s leading mining and infrastructure solutions providers. From the production and supply of explosives, blasting systems, mining chemicals and geotechnical monitoring to our cutting-edge digital solutions and comprehensive range of services, we sustainably mobilise the earth’s resources. With 150 years of expertise, our 14,000+ community of engineers, scientists, technologists, operators, business specialists and on-site crew support customers in surface and underground mines, quarry, construction, and oil and gas operations. Sustainability is integral to our operations. Our approach to sustainability begins with ensuring we operate our business responsibly, and by prioritising the safety of our people, customers, and communities. We are in a unique position to leverage our expertise in technology to create safer and more responsible solutions and deliver positive economic, social, and environmental contributions through our business activities.

ArcelorMittal

arcelormittal.com

ArcelorMittal is the world's leading steel and mining company, with a presence in more than 60 countries and an industrial footprint in 18 countries. Guided by a philosophy to produce safe, sustainable steel, we are the leading supplier of quality steel in the major global steel markets including automotive, construction, household appliances and packaging, with world-class research and development and outstanding distribution networks. Through our core values of sustainability, quality and leadership, we operate responsibly with respect to the health, safety and wellbeing of our employees, contractors and the communities in which we operate. For us, steel is the fabric of life, as it is at the heart of the modern world from railways to cars and washing machines. We are actively researching and producing steel-based technologies and solutions that make many of the products and components we use in our everyday lives more energy-efficient. We are one of the world’s five largest producers of iron ore and metallurgical coal and our mining business is an essential part of our growth strategy. With a geographically diversified portfolio of iron ore and coal assets, we are strategically positioned to serve our network of steel plants and the external global market.

ArcelorMittal Nippon Steel India

cb amns.in

AM/NS India is a joint venture between the world's leading steel companies, ArcelorMittal and Nippon Steel. Established in December 2019, post-acquisition of Essar Steel, we are an integrated flat steel manufacturer - from iron ore to ready-to-market products. With over 300 steel grades - many substituting imports, we serve an array of contemporary industries (agriculture, automotive, infrastructure, defence, energy, etc.) and contribute to an Aatmanirbhar Bharat. Our portfolio encapsulates hot rolled coils / sheets / plates, cold rolled coils / sheets, galvanized coil / sheets, pre-painted galvanized coil / sheets, pipelines, etc. We ascribe to advancement with sustainability and envision creating 'Smarter Steels, Brighter Futures'. Our vision has nestled in empowering communities by providing employment to more than 16,00,000 individuals and enriching millions of lives across the country through our CSR interventions. We are inspired by ArcelorMittal's XCarb programme and Nippon Steel's Zero Carbon initiative and stand in alignment with India's vision to be carbon-neutral by 2070. Our recent partnership with Greenko for renewable power and storage facility is a notable step in that direction. Our MoUs with National Small Industries Corporation and National Skill Development Corporations are devised to bolster the MSME ecosystem in India. We prioritize health and safety and foster a culture of innovation by placing research and development at the heart of our operations. We are a committed partner to the nation, and our avid growth story will be purposeful, inclusive, and sustainable.

Sandvik

cb home.sandvik

Sandvik is a global, high-tech engineering group providing solutions that enhance productivity, profitability and sustainability for the manufacturing, mining and infrastructure industries. We are at the forefront of digitalization and focus on optimizing our customers’ processes. Our world-leading offering includes equipment, tools, services and digital solutions for machining, mining, rock excavation and rock processing. In 2024, the Sandvik Group had approximately 41,000 employees, sales in more than 150 countries and revenues of about SEK 123 billion.

Alcoa

alcoa.com

Recruitment Fraud Alert: Alcoa has become aware of some fraudulent employment offers being sent to candidates via social media channels. Alcoa never makes job offers or asks for bank details through social media. Always verify the authenticity of any recruitment communication directly through our official channels. Alcoa (NYSE: AA, ASX: AAI) is a global industry leader in bauxite, alumina, and aluminum products with a vision to build a legacy of excellence for future generations. With a values-based approach that encompasses integrity, operating excellence, care for people and courageous leadership, our purpose is to Turn Raw Potential into Real Progress. Since developing the process that made aluminum an affordable and vital part of modern life, our talented Alcoans have developed breakthrough innovations and best practices that have led to greater efficiency, safety, sustainability, and stronger communities wherever we operate.

Anglo American

cb angloamerican.com

Anglo American is a leading global mining company and our products are the essential ingredients in almost every aspect of modern life. Our portfolio of world-class competitive operations, with a broad range of future development options, provides many of the future-enabling metals and minerals for a cleaner, greener, more sustainable world and that meet the fast growing every day demands of billions of consumers. With our people at the heart of our business, we use innovative practices and the latest technologies to discover new resources and to mine, process, move and market our products to our customers – safely and sustainably.

JSW Steel

jsw.in

Over the last 35 years, we have partnered the country in its journey to self-reliance, by embracing sustainability, adopting cutting-edge technology and having innovation and R&D initiatives at the heart of our culture. From humble beginnings with a single plant in 1982, we are now India's leading manufacturer of value-added and high-end steels. Our plants in Karnataka, Tamil Nadu and Maharashtra have a total capacity of 29.7 MTPA, and we are scaling up existing plants and opening new ones to take that figure to 40 MTPA. Globally, we own a plate and pipe mill in the US, and mining assets in the US, Chile and Mozambique. But we're not ones to rest on our laurels. Driven by decades of experience and a dynamic culture, we constantly seek new ways to revolutionize steelmaking. To begin with, we integrate sustainability into everything we do. We benchmark our business vision and governance systems, manufacturing and sales processes, and even our customer and community engagement initiatives, against global best-in-class standards. We bolster these sustainability initiatives, by staying on the cutting edge of technology. It's a strategy that has helped us create the largest product portfolio in India, and at the same time, become India's largest exporter of steel with a presence in more than 100 countries. Today, nearly 40% of our products are high-value steels, a figure we intend to take up to 50% soon. We’ve made this technological prowess possible with a relentless focus on innovation and R&D. It has helped us stay ahead of competition, customise our offerings as per client requirements, partner with global leaders such as JFE Steel, Marubeni Itochu Steel, Praxair and Severfield Rowen Plc. to be cost-efficient, and be seen worldwide as a purveyor of high-end, value-added steel.

Loading…

NEWS

Tata Steel CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

March 12, 2026 11:00 AM

Cybersecurity's missing half: Why women still struggle to reach the top

Cybersecurity is attracting more women than ever, yet leadership remains largely male. What's causing the mid-career drop-off and how can...

Read Article

February 25, 2026 08:00 AM

Multibagger IPO: NSE SME-listed cybersecurity stock doubles allottees' money in five months

TechD Cybersecurity doubled investors' funds in five months post-IPO, but shares fell over 12% amid AI replacement concerns.

Read Article

February 13, 2026 08:00 AM

BSF Sub-Inspector Duped of Lakhs by Fraudsters Posing as Tata Steel Executives

BSF sub-inspector duped of ₹3.12L by fake Tata Steel execs using proforma invoice. RTGS+UPI payments extracted; Moradabad police probe bank...

Read Article

February 10, 2026 12:35 PM

EY at India AI Impact Summit 2026

Join EY at the India Impact AI Expo 2026 to explore how our innovative AI solutions can accelerate human-centered AI transformation at scale.

Read Article

January 29, 2026 08:00 AM

AI, GCCs are pushing India’s IT sector into a new phase: Economic Survey

The Survey notes that demand is shifting toward technologies such as generative AI, data engineering and cybersecurity.

Read Article

January 05, 2026 08:00 AM

Tata Steel, Ambuja Cements among top stock picks from SMC Global for strong returns

SMC Global said that CESC has been trading within a downward-sloping channel for a considerable period, indicating a phase of healthy...

Read Article

December 24, 2025 08:00 AM

Top stocks in news: Tata Steel, GAIL, HCL Tech, Adani Ports, Zydus Life, Coal India, Ola

Stocks including Tata Steel, GAIL, HCL Tech, Adani Ports, Zydus Life, Coal India, Ola Electric, Emcure Pharma, RVNL and more will be in the...

Read Article

December 18, 2025 01:30 PM

How Tata Steel became a leader in risk management in the steel sector

Discover how Tata Steel built industry-leading risk management with SAP BIS and EY, using real-time alerts to prevent fraud, improve compliance and protect...

Read Article

December 15, 2025 08:00 AM

ServiceNow in advanced talks to acquire cybersecurity startup Armis for upto $7 billion, says report

ServiceNow is in advanced talks to buy Israeli military veteran-run Armis for up to $7 billion, its largest acquisition.

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-12175

SUMMARY

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 4.7)

cvss2

Base Score: 5.8

Complexity: LOW

AV:N/AC:L/Au:M/C:P/I:P/A:P

cvss3

Base Score: 4.7

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 2.0

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

1.2

REFERENCES

CVE-2026-12174

SUMMARY

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 8.8)

cvss2

Base Score: 9.0

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:C/A:C

cvss3

Base Score: 8.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 7.4

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

2.8

REFERENCES

CVE-2026-12183

SUMMARY

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-287) in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 (administrator) in response to any HTTP POST request that supplies arbitrary credentials (e.g., action=dologin&login=<any_value>&pwd=<any_value>), and subsequent privileged endpoints under /php/ajax-main.php and /modules/* do not validate a server-side session. A remote unauthenticated attacker can invoke any administrative action exposed by the configuration module, including reading and modifying user rules, fuel tank gauges, fuel dispensers, relays, cash registers, bank terminals, fuel cards, price and customer displays, cash collection, and pricing rules.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 9.8)

cvss3

Base Score: 9.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 9.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

3.9

REFERENCES

CVE-2026-6428

SUMMARY

SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary data from the Koha application database via the Filter URL parameter when the Criteria parameter matches /branchcode/. The vulnerable sink in sub calculate concatenates the unmodified Filter request parameter directly into a LIKE clause of the auxiliary $strsth2 statement and executes it via DBI without bound parameters: my $f = @$filters[0]; $f =~ s/\*/%/g; $strsth2 .= " AND $column LIKE '$f' "; This enables error-based SQL injection (e.g., via EXTRACTVALUE) and full read access to sensitive tables including borrowers (password hashes, 2FA secrets, PII), borrower_password_recovery, api_keys, and sessions. Proof of concept (error-based, single request): GET /cgi-bin/koha/reports/catalogue_out.pl?do_it=1&output=screen&Limit=10&Criteria=branchcode&Filter=x'+AND+EXTRACTVALUE(1,CONCAT(0x7e,VERSION(),0x7c,USER(),0x7c,DATABASE(),0x7e))--+- Cookie: CGISESSID=<LIBRARIAN_SESSION> The response body contains the DBI exception leaking the MariaDB version, database user, client IP, and database name, after which arbitrary data can be paged out using LIMIT n,1 / SUBSTRING(...). The vulnerable sink was introduced in commit 6bb77ae3e4 (2008-07-09); CVE-2015-4633 patched the same class in sibling files but did not generalise the fix to reports/catalogue_out.pl. Fixed in Koha 22.11.38, 24.11.16, 25.05.11, 25.11.05, 26.05.01, and 26.11.00 by replacing the raw concatenation with a parameterised placeholder.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.6)

cvss2

Base Score: 7.5

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:N/A:P

cvss3

Base Score: 7.6

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

cvss4

Base Score: 5.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:X/U:Amber

Impact Score

4.7

Exploitability

2.8

REFERENCES

CVE-2026-5513

SUMMARY

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires 'Remember personal information in cookies' setting to be enabled (disabled by default).

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.2)

cvss3

Base Score: 7.2

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Impact Score

2.7

Exploitability

3.9

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…