Strong
AltaReturn is now Allvue Systems. Follow us: https://www.linkedin.com/company/allvuesystems/
Strong
At UKG, our purpose is people. As strong believers in the power of culture and belonging as the secret to success, we champion great workplaces and build lifelong partnerships with our customers to show whatโs possible when businesses invest in their people. One of the worldโs leading HCM cloud companies today, UKG and our Life-work Technology approach to HR, pay, time, and culture solutions for all people helps 80,000 organizations around the globe and across every industry anticipate and adapt to their employeesโ needs beyond just work. To learn more, visit ukg.com. UKG Social Media Guidelines available at https://www.ukg.com/ukg-social-media-guidelines.
Security & Compliance Standards Overview
No incidents recorded for AltaReturn in 2025.
No incidents recorded for UKG in 2025.
AltaReturn cyber incidents detection timeline including parent company and subsidiaries
UKG cyber incidents detection timeline including parent company and subsidiaries
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki QuizGame extension allows Stored XSS.This issue affects MediaWiki QuizGame extension: 1.39, 1.43, 1.44.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PollNY extension allows Stored XSS.This issue affects MediaWiki PollNY extension: 1.39, 1.43, 1.44.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects MediaWiki WebAuthn extension: 1.39, 1.43, 1.44.
pyquokka is a framework for making data lakes work for time series. In versions 0.3.1 and prior, the FlightServer class directly uses pickle.loads() to deserialize action bodies received from Flight clients without any sanitization or validation in the do_action() method. The vulnerable code is located in pyquokka/flight.py at line 283 where arbitrary data from Flight clients is directly passed to pickle.loads(). When FlightServer is configured to listen on 0.0.0.0, this allows attackers across the entire network to perform arbitrary remote code execution by sending malicious pickled payloads through the set_configs action. Additional vulnerability points exist in the cache_garbage_collect, do_put, and do_get functions where pickle.loads is used to deserialize untrusted remote data.
