Comparison Overview

Charles Derby Mortgage Bureau Ltd

VS

Paschoalotto

Charles Derby Mortgage Bureau Ltd

27 Duke Street, Chelmsford, Essex, CM1 1HT, GB
Last Update: 2025-03-19 (UTC)
View Profile
Between 750 and 799
http://charlesderbymortgagebureau.com/

With so many providers & products to choose from, where some products and even lenders, deal only through intermediary firms like us, knowing what might be right for you has never been so complex. Let a Charles Derby Mortgage Bureau adviser help you find what you cannot do yourself. We source from the whole of market. Correspondence address: Charles Derby Mortgage Bureau Limited, Saxon House, 27 Duke Street, Chelmsford Essex, CM1 1HT. Landline: 01245 951 198 Freephone: 0330 094 5476 Email: [email protected]

NAICS: 52
NAICS Definition: Finance and Insurance
Employees: 19
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0
View Profile

Paschoalotto

Rua Professor Guedes de Azevedo 2-144 Bauru, S√£o Paulo 7012-633, BR
Last Update: 2025-03-14 (UTC)
Between 750 and 799
http://www.paschoalotto.com.br

Somos um ecossistema especializado em revolucionar a forma que empresas se conectam com seus clientes. Através das nossas soluções que mesclam o melhor do humano e digital, conseguimos proporcionar uma experiência única através dos nossos produtos de recuperação de crédito, atendimento ao cliente, BPO, Pagou Fácil e soluções digitais. Solução para pessoas: Com as nossas soluções transformamos a vida das pessoas e oferecemos a melhor experiência na jornada de relacionamento. Solução para empresas: Com tecnologia e dados, as nossas soluções são feitas sob medidas para atender às necessidades de cada cliente. Solução para comunidade: Acreditamos no poder de fazer a diferença, de impactar vidas e de construir um futuro melhor para todos. Somos a evolução dos negócios, na construção de relacionamentos personalizados e na oferta da melhor experiência para os clientes. Somos a Paschoalotto, somos parte da solução.

NAICS: 52
NAICS Definition:
Employees: 10,001+
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/charles-derby-mortgage-bureau-ltd.jpeg
Charles Derby Mortgage Bureau Ltd
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/paschoalotto.jpeg
Paschoalotto
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
Charles Derby Mortgage Bureau Ltd
100%
Compliance Rate
0/4 Standards Verified
Paschoalotto
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Financial Services Industry Average (This Year)

No incidents recorded for Charles Derby Mortgage Bureau Ltd in 2025.

Incidents vs Financial Services Industry Average (This Year)

No incidents recorded for Paschoalotto in 2025.

Incident History — Charles Derby Mortgage Bureau Ltd (X = Date, Y = Severity)

Charles Derby Mortgage Bureau Ltd cyber incidents detection timeline including parent company and subsidiaries

Incident History — Paschoalotto (X = Date, Y = Severity)

Paschoalotto cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/charles-derby-mortgage-bureau-ltd.jpeg
Charles Derby Mortgage Bureau Ltd
Incidents

No Incident

https://images.rankiteo.com/companyimages/paschoalotto.jpeg
Paschoalotto
Incidents

No Incident

FAQ

Paschoalotto company demonstrates a stronger AI Cybersecurity Score compared to Charles Derby Mortgage Bureau Ltd company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Historically, Paschoalotto company has disclosed a higher number of cyber incidents compared to Charles Derby Mortgage Bureau Ltd company.

In the current year, Paschoalotto company and Charles Derby Mortgage Bureau Ltd company have not reported any cyber incidents.

Neither Paschoalotto company nor Charles Derby Mortgage Bureau Ltd company has reported experiencing a ransomware attack publicly.

Neither Paschoalotto company nor Charles Derby Mortgage Bureau Ltd company has reported experiencing a data breach publicly.

Neither Paschoalotto company nor Charles Derby Mortgage Bureau Ltd company has reported experiencing targeted cyberattacks publicly.

Neither Charles Derby Mortgage Bureau Ltd company nor Paschoalotto company has reported experiencing or disclosing vulnerabilities publicly.

Neither Charles Derby Mortgage Bureau Ltd nor Paschoalotto holds any compliance certifications.

Neither company holds any compliance certifications.

Neither Charles Derby Mortgage Bureau Ltd company nor Paschoalotto company has publicly disclosed detailed information about the number of their subsidiaries.

Charles Derby Mortgage Bureau Ltd company employs more people globally than Paschoalotto company, reflecting its scale as a Financial Services.

Neither Charles Derby Mortgage Bureau Ltd nor Paschoalotto holds SOC 2 Type 1 certification.

Neither Charles Derby Mortgage Bureau Ltd nor Paschoalotto holds SOC 2 Type 2 certification.

Neither Charles Derby Mortgage Bureau Ltd nor Paschoalotto holds ISO 27001 certification.

Neither Charles Derby Mortgage Bureau Ltd nor Paschoalotto holds PCI DSS certification.

Neither Charles Derby Mortgage Bureau Ltd nor Paschoalotto holds HIPAA certification.

Neither Charles Derby Mortgage Bureau Ltd nor Paschoalotto holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password (serverSecretKey) using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted from limited state/seed information (e.g., start time window), substantially reducing the effective search space of the generated key. An attacker who can obtain ciphertexts (e.g., exported or at‑rest strings protected by this service) and approximate the PRNG seed can feasibly reconstruct the serverSecretKey and decrypt affected data. SAK-49866 is patched in Sakai 23.5, 25.0, and trunk.

Published
Date
2025-10-22
Updated
Date
2025-10-22
Risk Information
cvss3
Base: 2.6
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
References
Description

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3.

Published
Date
2025-10-22
Updated
Date
2025-10-22
Risk Information
cvss4
Base: 6.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in pypdf version 6.1.3.

Published
Date
2025-10-22
Updated
Date
2025-10-22
Risk Information
cvss4
Base: 6.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable tokens to exhaust memory and CPU and cause denial of service. This issue has been patched in version 1.6.5. Workarounds for this issue involve rejecting or stripping zip=DEF for inbound JWEs at the application boundary, forking and add a bounded decompression guard via decompressobj().decompress(data, MAX_SIZE)) and returning an error when output exceeds a safe limit, or enforcing strict maximum token sizes and fail fast on oversized inputs; combine with rate limiting.

Published
Date
2025-10-22
Updated
Date
2025-10-22
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
Description

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent []byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64, all data would be emitted unredacted to the audit log, and Transit, when performing a signing operation with a derived Ed25519 key, would emit public keys to the audit log. This issue has been patched in OpenBao 2.4.2.

Published
Date
2025-10-22
Updated
Date
2025-10-22
Risk Information
cvss4
Base: 5.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References