Waltio
Company Details
Linkedin ID:
waltio
Website:
Employees number:
16
Number of followers:
3,519
NAICS:
52
Industry Type:
Homepage:
waltio.com
IP Addresses:
0
Company ID:
WAL_2954258
Scan Status:
In-progress
Waltio Company CyberSecurity Posture
waltio.com
Waltio is a cryptocurrency tax assistant and helps cryptocurrency owners in calculating and reporting their capital gains. More than 60 000 European investissors use Waltio to calculate and report their profits. Waltio: 🛎️ answers technical questions: [email protected] ⚒️ develops requested features: feedback.waltio.com 📚 offers a free tax guide in your home country : https://www.waltio.com/whitepaper-crypto-tax/
Waltio A.I CyberSecurity Scoring
Waltio Risk Score (AI oriented)Between 550 and 599
Waltio
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Waltio Global Score (TPRM)XXXX
Waltio
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Waltio Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
Waltio: French Authorities Investigate Data Breach Affecting Crypto Tax Platform
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: French Authorities Probe Waltio Data Breach Affecting 50,000 Crypto Users French authorities have opened an investigation into a data breach at Waltio, a crypto tax platform, after hackers exposed the personal information of approximately 50,000 users, most of whom are based in France. The breach, attributed to the hacker group Shiny Hunters, involved the theft of sensitive data, which the group later attempted to monetize through a ransom demand. Officials warn that the stolen information could be exploited for malicious activities, including targeted attacks on crypto holders. Among the primary concerns are "wrench attacks" a form of extortion where criminals use threats or physical coercion to force victims into transferring digital assets. Cybersecurity authorities have highlighted the risk of kidnapping or unlawful detention as potential consequences for affected users. The incident has intensified scrutiny of crypto tax platforms like Waltio, which have grown in prominence due to new EU regulations requiring detailed reporting of users' crypto holdings. The DAC-8 proposal, which mandates disclosure of even inactive assets, has increased the volume of sensitive data stored by such platforms, making them attractive targets for cybercriminals. Authorities are examining possible connections between the Waltio breach and other recent attacks on crypto holders, suggesting the stolen data may already be in use for fraudulent purposes. The investigation remains ongoing.
Waltio and Ledger: French Police Probe Waltio Data Breach as France Warns of Crypto Kidnappings
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: French Crypto Tax Platform Waltio Investigated After Data Breach Exposes 5,000 Users On December 24, 2025, dark web intelligence firm Brinztech identified a database containing the personal data of approximately 5,000 French cryptocurrency holders listed for sale. The exposed information, linked to crypto tax platform Waltio, reportedly included emails and summary details from 2024 tax reports but no passwords, wallet addresses, or banking data were compromised. French authorities launched an investigation following the breach, with the Paris Prosecutor’s cybercrime unit assigning the case to France’s National Cyber Unit. The probe aims to determine the full scope of the stolen data and identify affected users. Waltio confirmed the incident in a January 23, 2026, security notice, acknowledging an extortion attempt received two days prior. The company filed a criminal complaint for unauthorized system access and attempted extortion, describing the attack as "particularly sophisticated." The breach has raised concerns beyond digital security. French authorities issued warnings about criminals impersonating law enforcement to target victims, emphasizing that police will never request confidential data by phone or appear unannounced at residences. The alert follows a surge in physical attacks on crypto holders, including a January 14 kidnapping of a retired couple in Sallanches and a foiled abduction attempt in Paris on January 23. Waltio maintains that the exposed data was limited to emails and tax report summaries, though Brinztech’s initial report suggested the dark web listing included names and phone numbers information Waltio claims it does not collect. The discrepancy remains unresolved, and it is unclear whether the December dark web listing is directly tied to the January extortion attempt. Waltio has notified France’s data protection authority (CNIL) and advised users to verify security codes in official communications. The incident underscores the risks faced by crypto tax platforms, which handle sensitive transaction data under international reporting requirements. It also follows a separate January 2026 breach at French hardware wallet maker Ledger, highlighting growing cybersecurity threats in the sector. Investigations into the Waltio breach are ongoing.
Waltio Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Waltio
Incidents vs Financial Services Industry Average (This Year)
Waltio has 33.33% fewer incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Waltio has 28.57% fewer incidents than the average of all companies with at least one recorded incident.
Incident Types Waltio vs Financial Services Industry Avg (This Year)
Waltio reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — Waltio (X = Date, Y = Severity)
Waltio cyber incidents detection timeline including parent company and subsidiaries
Waltio Company Subsidiaries
Waltio is a cryptocurrency tax assistant and helps cryptocurrency owners in calculating and reporting their capital gains. More than 60 000 European investissors use Waltio to calculate and report their profits. Waltio: 🛎️ answers technical questions: [email protected] ⚒️ develops requested features: feedback.waltio.com 📚 offers a free tax guide in your home country : https://www.waltio.com/whitepaper-crypto-tax/
Loading...
Waltio Similar Companies
PT. Pegadaian
PT Pegadaian didirikan di kota Sukabumi, Jawa Barat pada 1 April 1901. Tak hanya bergerak di Industri Gadai, Pegadaian juga memiliki ragam produk dan layanan seperti investasi berbasis emas yang dapat dimiliki oleh masyarakat dengan cara yang mudah, diantaranya Tabungan Emas, Cicil Emas dan Arisan
Citi's mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients. We have over 20
Manappuram Finance Ltd. is one of India’s largest and most trusted gold loan companies, with 4,199 branches across the length and breadth of the country. It currently has nearly Rs. 157.65 billion worth assets under management (AUM), and 20,185 employees. Promoted by Shri. V.P. Nandakumar, the curr
DNB
We are here. So you can stay ahead. For nearly two hundred years we have acquired and shared knowledge, developed global networks and adapted to modern everyday life. To us, it is important to combine profitability with responsibility. DNB is Norway's largest financial services group and one of t
Motilal Oswal Financial Services Ltd
Motilal Oswal Financial Services Ltd. (MOFSL) was founded in 1987 as a small sub-broking unit, with just 2 people running the show. Focus on a customer-first attitude, ethical and transparent business practices, respect for professionalism, research-based value investing, and implementation of cutti
TVS Credit Services Ltd.
From the largest cities to the smallest villages, India is filled with ambition and enterprise. As Indians from all walks of life set out to write their growth story, our timely and affordable credit empowers them to bring their dreams alive. As part of the TVS Group, we empower Indians from vario
Founded in 2006, CreditEase is a Beijing-based world-leading FinTech conglomerate in China. It specializes in inclusive finance and wealth management with a dominant position in credit technology, wealth management technology, insurance technology, etc. Main business sectors of CreditEase include Yi
Moody's Corporation
In a world shaped by increasingly interconnected risks, Moody’s helps customers develop a holistic view of these risks to advance their business and act decisively. With a rich history of expertise in global markets and a diverse workforce in more than 40 countries, Moody’s unites the brightest mind
RHB Banking Group
We are a multinational regional financial services provider that is committed to deliver complete solutions to our clients through differentiated segment offerings and an ecosystem that supports simple, fast and seamless customer experience, underpinned by cohesive and inspired workforce and relatio
.png)
Waltio CyberSecurity News
December 01, 2025 08:00 AM
SETU’s Walton Institute to lead €5.3m EU quantum cybersecurity project
Led by Dr Indrakshi Dey, who is head of the Programmable Autonomous Systems division at the Walton Institute, Q-Fence is a €5.3m Horizon Europe...
September 04, 2025 07:00 AM
Cybersecurity survey reveals most small-to-medium businesses targeted in past six months
The cybersecurity agency has revealed more than half of New Zealand's small-to-medium businesses have been targeted by hackers and scammers...
August 19, 2025 07:00 AM
Meet Jessica Walton
We were lucky to catch up with Jessica Walton recently and have shared our conversation below. Jessica, we're thrilled to have you on our...
July 15, 2025 07:00 AM
Article | Florida appeals court judges question how to move forward with 2018 beach access law repeal
A panel of state appeals court judges wrangled Tuesday over the beach use legal fight in Walton County, following the recent repeal of a Florida law.
June 10, 2025 07:00 AM
Real-World Learning Leads to Real-World Cybersecurity Jobs
Seth, whose story was recently featured by NBCU, is in his second year of the cybersecurity curriculum offered through Digital Promise's Center...
June 10, 2025 07:00 AM
Student and Parent Awareness of Postsecondary Pathways Remains Limited, Gallup Finds
Most Gen Z students and their parents know little about postsecondary options beyond four-year college or paid work, according to a survey by Gallup.
May 29, 2025 07:00 AM
IrelandQCI launches mobile quantum engagement trailer
The innovative mobile engagement unit, designed to bring quantum technologies to life for the Irish public, was launched in Trinity's Front...
May 05, 2025 07:00 AM
Fast 15: Amanda White
Amanda White's professor at the University of Alabama, a former chief information security officer for the state of Alabama, piqued her interest in...
April 16, 2025 07:00 AM
Chinese firm tied to Uyghur rights abuses now training Tibet police on hacking techniques
The digital forensics company known as Meiya Pico won a contract in mid-2023 to build two labs at the Tibet Police College: one on offensive...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Waltio CyberSecurity History Information
Official Website of Waltio
The official website of Waltio is https://waltio.com.
Waltio’s AI-Generated Cybersecurity Score
According to Rankiteo, Waltio’s AI-generated cybersecurity score is 588, reflecting their Very Poor security posture.
How many security badges does Waltio’ have ?
According to Rankiteo, Waltio currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Waltio been affected by any supply chain cyber incidents ?
According to Rankiteo, Waltio has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Waltio have SOC 2 Type 1 certification ?
According to Rankiteo, Waltio is not certified under SOC 2 Type 1.
Does Waltio have SOC 2 Type 2 certification ?
According to Rankiteo, Waltio does not hold a SOC 2 Type 2 certification.
Does Waltio comply with GDPR ?
According to Rankiteo, Waltio is not listed as GDPR compliant.
Does Waltio have PCI DSS certification ?
According to Rankiteo, Waltio does not currently maintain PCI DSS compliance.
Does Waltio comply with HIPAA ?
According to Rankiteo, Waltio is not compliant with HIPAA regulations.
Does Waltio have ISO 27001 certification ?
According to Rankiteo,Waltio is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Waltio
Waltio operates primarily in the Financial Services industry.
Number of Employees at Waltio
Waltio employs approximately 16 people worldwide.
Subsidiaries Owned by Waltio
Waltio presently has no subsidiaries across any sectors.
Waltio’s LinkedIn Followers
Waltio’s official LinkedIn profile has approximately 3,519 followers.
NAICS Classification of Waltio
Waltio is classified under the NAICS code 52, which corresponds to Finance and Insurance.
Waltio’s Presence on Crunchbase
Yes, Waltio has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/waltio.
Waltio’s Presence on LinkedIn
Yes, Waltio maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/waltio.
Cybersecurity Incidents Involving Waltio
As of January 24, 2026, Rankiteo reports that Waltio has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Waltio has an estimated 30,839 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Waltio ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Waltio detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes, and law enforcement notified with yes (paris prosecutor’s cybercrime unit, france’s national cyber unit), and communication strategy with security notice issued to users, cnil notified, warnings about impersonation scams, and law enforcement notified with yes (french authorities)..
Incident Details
Can you provide details on each incident ?
Title: French Crypto Tax Platform Waltio Data Breach Exposes 5,000 Users
Description: On December 24, 2025, dark web intelligence firm Brinztech identified a database containing the personal data of approximately 5,000 French cryptocurrency holders listed for sale. The exposed information, linked to crypto tax platform Waltio, included emails and summary details from 2024 tax reports but no passwords, wallet addresses, or banking data. French authorities launched an investigation, and Waltio confirmed the incident in a January 23, 2026, security notice, acknowledging an extortion attempt received two days prior.
Date Detected: 2025-12-24
Date Publicly Disclosed: 2026-01-23
Type: Data Breach
Motivation: Extortion
Title: Waltio Data Breach Affecting 50,000 Crypto Users
Description: French authorities have opened an investigation into a data breach at Waltio, a crypto tax platform, after hackers exposed the personal information of approximately 50,000 users, most of whom are based in France. The breach, attributed to the hacker group Shiny Hunters, involved the theft of sensitive data, which the group later attempted to monetize through a ransom demand. Officials warn that the stolen information could be exploited for malicious activities, including targeted attacks on crypto holders, such as 'wrench attacks' involving extortion or physical coercion.
Type: Data Breach
Threat Actor: Shiny Hunters
Motivation: Financial gain (ransom demand, monetization of stolen data)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach WALZEN1769189829
Data Compromised: Emails, tax report summaries (potentially names and phone numbers)
Brand Reputation Impact: High
Legal Liabilities: Potential regulatory fines (CNIL)
Identity Theft Risk: Moderate (due to exposed personal data)
Payment Information Risk: None (no banking data compromised)
Incident : Data Breach WAL1769191566
Data Compromised: Personal information of approximately 50,000 users
Brand Reputation Impact: Intensified scrutiny of crypto tax platforms
Identity Theft Risk: High (potential for targeted attacks, extortion, or physical coercion)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal data (emails, tax report summaries, potentially names and phone numbers) and Personal information.
Which entities were affected by each incident ?
Incident : Data Breach WALZEN1769189829
Entity Name: Waltio
Entity Type: Crypto Tax Platform
Industry: Financial Services (Cryptocurrency)
Location: France
Customers Affected: 5000
Incident : Data Breach WAL1769191566
Entity Name: Waltio
Entity Type: Crypto tax platform
Industry: Financial Services (Cryptocurrency)
Location: France
Customers Affected: 50,000
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach WALZEN1769189829
Incident Response Plan Activated: Yes
Law Enforcement Notified: Yes (Paris Prosecutor’s cybercrime unit, France’s National Cyber Unit)
Communication Strategy: Security notice issued to users, CNIL notified, warnings about impersonation scams
Incident : Data Breach WAL1769191566
Law Enforcement Notified: Yes (French authorities)
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach WALZEN1769189829
Type of Data Compromised: Personal data (emails, tax report summaries, potentially names and phone numbers)
Number of Records Exposed: 5000
Sensitivity of Data: Moderate (no passwords, wallet addresses, or banking data)
Data Exfiltration: Yes (listed for sale on dark web)
Personally Identifiable Information: Yes (emails, potentially names and phone numbers)
Incident : Data Breach WAL1769191566
Type of Data Compromised: Personal information
Number of Records Exposed: 50,000
Sensitivity of Data: High (potential for extortion, targeted attacks, or physical coercion)
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach WAL1769191566
Ransom Demanded: Yes (attempted monetization through ransom demand)
Data Exfiltration: Yes
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach WALZEN1769189829
Regulations Violated: Potential GDPR violations (CNIL notified)
Legal Actions: Criminal complaint filed for unauthorized system access and attempted extortion
Regulatory Notifications: CNIL (France’s data protection authority)
Incident : Data Breach WAL1769191566
Regulations Violated: Potential violations of EU data protection regulations (e.g., GDPR)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Criminal complaint filed for unauthorized system access and attempted extortion.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach WALZEN1769189829
Lessons Learned: Risks faced by crypto tax platforms handling sensitive transaction data under international reporting requirements; importance of verifying security codes in official communications to prevent impersonation scams.
Incident : Data Breach WAL1769191566
Lessons Learned: Increased scrutiny of crypto tax platforms due to new EU regulations (DAC-8) requiring detailed reporting of users' crypto holdings, making them attractive targets for cybercriminals.
What recommendations were made to prevent future incidents ?
Incident : Data Breach WALZEN1769189829
Recommendations: Enhanced monitoring for unauthorized access, user education on impersonation scams, and stricter data collection policies to avoid storing unnecessary personal information.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Risks faced by crypto tax platforms handling sensitive transaction data under international reporting requirements; importance of verifying security codes in official communications to prevent impersonation scams.Increased scrutiny of crypto tax platforms due to new EU regulations (DAC-8) requiring detailed reporting of users' crypto holdings, making them attractive targets for cybercriminals.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Enhanced monitoring for unauthorized access, user education on impersonation scams and and stricter data collection policies to avoid storing unnecessary personal information..
References
Where can I find more information about each incident ?
Incident : Data Breach WALZEN1769189829
Source: Brinztech
Incident : Data Breach WALZEN1769189829
Source: Paris Prosecutor’s Office
Incident : Data Breach WAL1769191566
Source: Cyber incident report
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Brinztech, and Source: Waltio Security NoticeDate Accessed: 2026-01-23, and Source: Paris Prosecutor’s Office, and Source: Cyber incident report.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach WALZEN1769189829
Investigation Status: Ongoing
Incident : Data Breach WAL1769191566
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Security notice issued to users, CNIL notified and warnings about impersonation scams.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach WALZEN1769189829
Stakeholder Advisories: French authorities warned about criminals impersonating law enforcement to target victims; advised users to verify security codes in official communications.
Customer Advisories: Waltio advised users to verify security codes in official communications and be cautious of impersonation scams.
Incident : Data Breach WAL1769191566
Stakeholder Advisories: Authorities warn of risks including 'wrench attacks' (extortion or physical coercion) and potential connections to other recent attacks on crypto holders.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were French authorities warned about criminals impersonating law enforcement to target victims; advised users to verify security codes in official communications., Waltio advised users to verify security codes in official communications and be cautious of impersonation scams. and Authorities warn of risks including 'wrench attacks' (extortion or physical coercion) and potential connections to other recent attacks on crypto holders..
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was Yes (attempted monetization through ransom demand).
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Shiny Hunters.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-12-24.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2026-01-23.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Emails, tax report summaries (potentially names and phone numbers), Personal information of approximately 50 and000 users.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Personal information of approximately 50,000 users, Emails and tax report summaries (potentially names and phone numbers).
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 50.5K.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was Yes (attempted monetization through ransom demand).
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Criminal complaint filed for unauthorized system access and attempted extortion.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Risks faced by crypto tax platforms handling sensitive transaction data under international reporting requirements; importance of verifying security codes in official communications to prevent impersonation scams., Increased scrutiny of crypto tax platforms due to new EU regulations (DAC-8) requiring detailed reporting of users' crypto holdings, making them attractive targets for cybercriminals.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Enhanced monitoring for unauthorized access, user education on impersonation scams and and stricter data collection policies to avoid storing unnecessary personal information..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Waltio Security Notice, Paris Prosecutor’s Office, Cyber incident report and Brinztech.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was French authorities warned about criminals impersonating law enforcement to target victims; advised users to verify security codes in official communications., Authorities warn of risks including 'wrench attacks' (extortion or physical coercion) and potential connections to other recent attacks on crypto holders., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Waltio advised users to verify security codes in official communications and be cautious of impersonation scams.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=waltio' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
