Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download

Comparison Overview

A & A Vending Co., Inc.A & A Vending Co., Inc.
VS
Krispy KremeKrispy Kreme
A & A Vending Co., Inc.

A & A Vending Co., Inc.

undefined, Akron, undefined, undefined, US

Last Update: 01/04/2026

View Profile
Between 750 and 799
http://www.aavending.com
762/1000Fair

Since 1984, A & A Vending has been offering the Northeast Ohio area the highest level of service. Whether it’s our state-of-the-art vending machines, our unrivaled selection of vending snacks, sodas and other beverages, or our premiere office coffee service, A & A Vendi...

NAICS:722
NAICS Definition:Food Services and Drinking Places
Employees:27
Subsidiaries:0
12-month incidents
0
Known data breaches
0
Attack type number
0
Krispy Kreme

Krispy Kreme

2116 Hawkins St, Charlotte, North Carolina, US, 28203

Last Update: 27/05/2026

View Profile
350/1000Critical

Headquartered in Charlotte, N.C., Krispy Kreme is one of the most beloved and well-known sweet treat brands in the world. Our iconic Original Glazed® doughnut is universally recognized for its hot-off-the-line, melt-in-your-mouth experience. Krispy Kreme operates in mor...

NAICS:722
NAICS Definition:Food Services and Drinking Places
Employees:10,305
Subsidiaries:0
12-month incidents
1
Known data breaches
4
Attack type number
3

Compliance Ranges Comparison

Based On Specific Ai Models Category
A & A Vending Co., Inc.

A & A Vending Co., Inc.

-
ISO 27001Not verified
ISO 27001
-
SOC2 Type 1Not verified
SOC2 Type 1
-
SOC2 Type 2Not verified
SOC2 Type 2
-
GDPRNot verified
GDPR
-
PCI DSSNot verified
PCI DSS
-
HIPAANot verified
HIPAA
Krispy Kreme

Krispy Kreme

-
ISO 27001Not verified
ISO 27001
-
SOC2 Type 1Not verified
SOC2 Type 1
-
SOC2 Type 2Not verified
SOC2 Type 2
-
GDPRNot verified
GDPR
-
PCI DSSNot verified
PCI DSS
-
HIPAANot verified
HIPAA

Benchmark & Cyber Underwriting Signals

Incidents vs Food and Beverage Services Industry Avg (This Year)

No incidents recorded for A & A Vending Co., Inc. in 2026.

Incidents

Incidents vs Food and Beverage Services Industry Avg (This Year)

Krispy Kreme has 5.66% fewer incidents than the average of all companies with at least one recorded incident.

Incidents

Incident History - A & A Vending Co., Inc. (X = Date, Y = Severity)

A & A Vending Co., Inc. cyber incidents detection timeline including parent company and subsidiaries.

No timeline data available
R - Ransomware
C - Cyber Attack
D - Data Breach
V - Vulnerability

Incident History - Krispy Kreme (X = Date, Y = Severity)

Krispy Kreme cyber incidents detection timeline including parent company and subsidiaries.

R - Ransomware
C - Cyber Attack
D - Data Breach
V - Vulnerability

Notable Incidents

Last Cyber / HR Incidents / Global...
A & A Vending Co., Inc.

A & A Vending Co., Inc.

Incidents
No explicit notable incidents reported.
Krispy Kreme

Krispy Kreme

Incidents
🔒 Incident : Breach
KRI1779668812
🔒 Incident : Ransomware
KRI1768390561
🔒 Incident : Cyber Attack
KRI5093650100125

FAQ

Between A & A Vending Co., Inc. company and Krispy Kreme company, which one has the best AI Cybersecurity Score ?
Between A & A Vending Co., Inc. company and Krispy Kreme company, which one has experienced more cyber incidents in the past ?
Between A & A Vending Co., Inc. company and Krispy Kreme company, which one has experienced more cyber incidents this year ?
Between A & A Vending Co., Inc. company and Krispy Kreme company, which one has experienced at least one ransomware attack ?
Between A & A Vending Co., Inc. company and Krispy Kreme company, which one has experienced at least one data breach ?
Between A & A Vending Co., Inc. company and Krispy Kreme company, which one has experienced at least one targeted cyberattack ?
Between A & A Vending Co., Inc. company and Krispy Kreme company, which one has experienced at least one vulnerability ?
Between A & A Vending Co., Inc. company and Krispy Kreme company, which one holds the most compliance certifications ?
Between A & A Vending Co., Inc. company and Krispy Kreme company, which one holds the fewest compliance certifications ?
Between A & A Vending Co., Inc. company and Krispy Kreme company, which one has the most subsidiaries ?
Between A & A Vending Co., Inc. company and Krispy Kreme company, which one has the largest number of employees ?
Between A & A Vending Co., Inc. and Krispy Kreme, which company holds both SOC 2 Type 1 certifications ?
Between A & A Vending Co., Inc. and Krispy Kreme, which company holds both SOC 2 Type 2 certifications ?
Which company is ISO 27001 certified - A & A Vending Co., Inc. or Krispy Kreme ?
Which company is PCI DSS compliant - A & A Vending Co., Inc. or Krispy Kreme ?
Between A & A Vending Co., Inc. and Krispy Kreme, which company complies with HIPAA regulations for healthcare data ?
Between A & A Vending Co., Inc. and Krispy Kreme, which company complies with GDPR requirements ?

Latest Global CVEs

CVE-2026-53646
SUMMARY

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a `ClientPasswordReset` record already exists for a client (from a previous unexpired reset request), subsequent calls to the `reset_password` guest API endpoint reuse the existing token instead of generating a new one. The 15-minute validity window is anchored to the first request's `created_at` timestamp, not the time of the most recent email. An attacker who obtained the original reset link remains able to use it even after the victim requests a new reset, because the original token is never invalidated or rotated. Version 0.8.0 patches the issue. Some workarounds are available. Configure a reverse proxy (e.g., Nginx, Apache, Cloudflare) to apply per-IP rate limiting to the `/client/reset-password` endpoint to minimize the window of opportunity, and/or manually clear expired `client_password_reset` records from the database after a client reports a suspected compromise.

PUBLISHED
Date2026-07-06
UPDATED
Date2026-07-06
RISK INFORMATION (Score: )
CVSS4
Base Score: 7.7
Complexity: HIGH
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
IMPACT SCORE
NA
EXPLOITABILITY
NA
CVE-2026-53645
SUMMARY

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow a low-privileged staff account to grant arbitrary module permissions to itself through the admin API, resulting in persistent privilege escalation. A staff user that only has `staff.create_and_edit_staff` can call `/api/admin/staff/permissions_update` targeting their own account and write any permission structure, bypassing the intended role-based access control boundary. Version 0.8.0 patches the issue. Some workarounds are available. Restrict the `staff.create_and_edit_staff` permission to only highly trusted staff members and/or use a reverse proxy or WAF to restrict access to `/api/admin/staff/permissions_update` to specific trusted roles.

PUBLISHED
Date2026-07-06
UPDATED
Date2026-07-06
RISK INFORMATION (Score: )
CVSS4
Base Score: 8.5
Complexity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
IMPACT SCORE
NA
EXPLOITABILITY
NA
CVE-2026-53644
SUMMARY

FOSSBilling is a free, open-source billing and client management system. Versions 0.5.3 through 0.7.2 allow authenticated clients to both read and reset API key service secrets for orders that are no longer in an `active` state (e.g., `suspended`, `canceled`). The root cause is missing order-state validation in two client API endpoints, despite an `isActive()` helper already existing in the `Serviceapikey` module and the frontend UI correctly gating access on `order.status == 'active'`. Version 0.8.0 contains a fix. Some workarounds are available. If the `Serviceapikey` module is not needed, uninstall it to remove the affected endpoints. One may also use a reverse proxy or WAF to restrict access to `/api/client/order/service` and `/api/client/serviceapikey/reset` based on application-level order-state logic.

PUBLISHED
Date2026-07-06
UPDATED
Date2026-07-06
RISK INFORMATION (Score: )
CVSS4
Base Score: 8.6
Complexity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
IMPACT SCORE
NA
EXPLOITABILITY
NA
CVE-2026-53643
SUMMARY

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the `can_always_access` module flag (which grants all staff access to certain modules) and insufficient permission checks or unsafe parameter handling on individual endpoints. Version 0.8.0 contains a fix. Some workarounds are available. Restrict staff accounts to only those who need access to sensitive settings and/or use a reverse proxy or WAF to restrict access to the affected endpoints to trusted IP addresses or higher-privilege roles.

PUBLISHED
Date2026-07-06
UPDATED
Date2026-07-06
RISK INFORMATION (Score: )
CVSS4
Base Score: 8.7
Complexity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
IMPACT SCORE
NA
EXPLOITABILITY
NA
CVE-2026-53642
SUMMARY

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when the "Require Email Confirmation" setting is enabled, a logged-in client with an unverified email address (`email_approved = 0`) can access all client-area pages (e.g. `/client/balance`, `/client/order/list`, `/client/invoice`) and read real account data, including wallet balances and transaction history. The API-side enforcement correctly restricts unverified clients to only profile-related endpoints, but the page-side enforcement is overly permissive, allowing any request whose path starts with `/client`. Version 0.8.0 contains a fix. No known workarounds that don't involve modifying the source code are available.

PUBLISHED
Date2026-07-06
UPDATED
Date2026-07-06
RISK INFORMATION (Score: )
CVSS4
Base Score: 5.3
Complexity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
IMPACT SCORE
NA
EXPLOITABILITY
NA