Comparison Overview

CVI Refrigerantes

VS

GoTo Foods

CVI Refrigerantes

Santa Maria - Passo Fundo - Vera Cruz - Bagé - Santana do Livramento - Erechim, Rio Grande do Sul, BR
Last Update: 2025-03-15 (UTC)
Between 900 and 1000
http://www.cvi.com.br

Excellent

A CVI Refrigerantes é uma empresa da CVI (Companhia Vontobel de Investimentos) que atua no segmento de bebidas por meio da produção, comercialização e distribuição de produtos das linhas The Coca-Cola Company, Heineken e SABB. Fundada no dia 5 de dezembro de 1977, tem sua fábrica instalada em Santa Maria (RS), além de Centros de Distribuição em Passo Fundo e Santa Cruz do Sul e Cross Dockings (responsáveis exclusivamente pela distribuição de produtos) em Bagé e Sant´Ana do Livramento. Atualmente a empresa totaliza 23 mil metros de área construída e opera com quatro linhas (uma de envase para latas, duas de embalagens PET e uma de embalagens de vidro). Constituídas por modernos equipamentos de fabricação, elas têm capacidade de produzir 298,743 milhões de litros de bebidas por ano, as quais estão presentes diariamente na mesa de consumidores gaúchos das regiões Centro, Fronteira Oeste e Planalto Médio.

NAICS: 722
NAICS Definition:
Employees: 501-1,000
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0

GoTo Foods

5620 Glenridge Drive, Atlanta, GA, 30342, US
Last Update: 2025-05-05 (UTC)

Excellent

Between 900 and 1000
http://www.gotofoods.com

Atlanta-based GoTo Foods (formerly known as Focus Brands) is a leading developer of global multi-channel foodservice brands. As of December 31, 2023, GoTo Foods, through its affiliate brands, is the franchisor and operator of more than 6,700 restaurants, cafes, ice cream shoppes, and bakeries in all 50 states and over 60 countries and territories under the Auntie Anne’s®, Carvel®, Cinnabon®, Jamba®, Moe’s Southwest Grill®, McAlister’s Deli®, and Schlotzsky’s® brand names, as well as the Seattle’s Best Coffee® brand on certain military bases and in certain international markets. GoTo Foods is proud to be Certified™ by Great Place To Work®, the most definitive “employer-of-choice” recognition and the only recognition based entirely on what employees report about their workplace experience. Please visit www.gotofoods.com to learn more. As a leading developer of iconic food-service brands around the globe, we know our company is only as strong as our people. And that’s why we’re committed to providing our associates with a work environment that encourages and supports innovation, collaboration, and fun! From our unique family culture to our focus on personal development, a career with GoTo Foods is anything but ordinary. We rely on the unique attributes and experiences each of our associates has to offer, we remain focused on providing every individual with continuous opportunities to grow their skills, develop their talents, and unlock their potential as part of a collaborative and supportive team. We’re unleashing the power of our brands with the passion of our people – and we want you to join us!

NAICS: 722
NAICS Definition: Food Services and Drinking Places
Employees: 17,535
Subsidiaries: 8
12-month incidents
0
Known data breaches
2
Attack type number
1

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/cvi-refrigerantes.jpeg
CVI Refrigerantes
ISO 27001
Not verified
SOC 2
Not verified
GDPR
No public badge
PCI DSS
No public badge
https://images.rankiteo.com/companyimages/focus-brands.jpeg
GoTo Foods
ISO 27001
Not verified
SOC 2
Not verified
GDPR
No public badge
PCI DSS
No public badge
Compliance Summary
CVI Refrigerantes
100%
Compliance Rate
0/4 Standards Verified
GoTo Foods
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Food and Beverage Services Industry Average (This Year)

No incidents recorded for CVI Refrigerantes in 2025.

Incidents vs Food and Beverage Services Industry Average (This Year)

No incidents recorded for GoTo Foods in 2025.

Incident History — CVI Refrigerantes (X = Date, Y = Severity)

CVI Refrigerantes cyber incidents detection timeline including parent company and subsidiaries

Incident History — GoTo Foods (X = Date, Y = Severity)

GoTo Foods cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/cvi-refrigerantes.jpeg
CVI Refrigerantes
Incidents

No Incident

https://images.rankiteo.com/companyimages/focus-brands.jpeg
GoTo Foods
Incidents

Date Detected: 4/2019
Type:Breach
Attack Vector: Unauthorized code
Blog: Blog

Date Detected: 4/2019
Type:Breach
Attack Vector: Unauthorized code (likely malware or skimming)
Motivation: Financial gain (payment card data theft)
Blog: Blog

FAQ

Both CVI Refrigerantes company and GoTo Foods company demonstrate a comparable AI risk posture, with strong governance and monitoring frameworks in place.

GoTo Foods company has historically faced a number of disclosed cyber incidents, whereas CVI Refrigerantes company has not reported any.

In the current year, GoTo Foods company and CVI Refrigerantes company have not reported any cyber incidents.

Neither GoTo Foods company nor CVI Refrigerantes company has reported experiencing a ransomware attack publicly.

GoTo Foods company has disclosed at least one data breach, while CVI Refrigerantes company has not reported such incidents publicly.

Neither GoTo Foods company nor CVI Refrigerantes company has reported experiencing targeted cyberattacks publicly.

Neither CVI Refrigerantes company nor GoTo Foods company has reported experiencing or disclosing vulnerabilities publicly.

GoTo Foods company has more subsidiaries worldwide compared to CVI Refrigerantes company.

GoTo Foods company employs more people globally than CVI Refrigerantes company, reflecting its scale as a Food and Beverage Services.

Latest Global CVEs (Not Company-Specific)

Description

Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. This issue is fixed in versions 16.34.1, 17.22.2, 18.27.2 and 19.0.0-alpha.6.

Published
Date
2025-10-02
Updated
Date
2025-10-02
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Traccar is an open source GPS tracking system. Default installs of Traccar on Windows between versions 6.1- 6.8.1 and non default installs between versions 5.8 - 6.0 are vulnerable to unauthenticated local file inclusion attacks which can lead to leakage of passwords or any file on the file system including the Traccar configuration file. Versions 5.8 - 6.0 are only vulnerable if <entry key='web.override'>./override</entry> is set in the configuration file. Versions 6.1 - 6.8.1 are vulnerable by default as the web override is enabled by default. The vulnerable code is removed in version 6.9.0.

Published
Date
2025-10-02
Updated
Date
2025-10-02
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Stalwart is a mail and collaboration server. Versions 0.13.3 and below contain an unbounded memory allocation vulnerability in the IMAP protocol parser which allows remote attackers to exhaust server memory, potentially triggering the system's out-of-memory (OOM) killer and causing a denial of service. The CommandParser implementation enforces size limits on its dynamic buffer in most parsing states, but several state handlers omit these validation checks. This issue is fixed in version 0.13.4. A workaround for this issue is to implement rate limiting and connection monitoring at the network level, however this does not provide complete protection.

Published
Date
2025-10-02
Updated
Date
2025-10-02
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
Description

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Broken Access Control vulnerability, identified in the get_relatorios_socios.php endpoint. This vulnerability allows unauthenticated attackers to directly access sensitive personal and financial information of members without requiring authentication or authorization. This issue is fixed in version 3.5.0.

Published
Date
2025-10-02
Updated
Date
2025-10-02
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an Open Redirect vulnerability, identified in the control.php endpoint, specifically in the nextPage parameter (metodo=listarUmnomeClasse=FuncionarioControle). This vulnerability allows attackers to redirect users to arbitrary external domains, enabling phishing campaigns, malicious payload distribution, or user credential theft. This issue is fixed in version 3.5.0.

Published
Date
2025-10-02
Updated
Date
2025-10-02
Risk Information
cvss4
Base: 4.8
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References