DH
Company Details
Linkedin ID:
doubletree-hilton
Website:
Employees number:
15,099
Number of followers:
131,691
NAICS:
7211
Industry Type:
Homepage:
doubletree.com
IP Addresses:
0
Company ID:
DOU_3954735
Scan Status:
In-progress
DoubleTree by Hilton Company CyberSecurity Posture
doubletree.com
DoubleTree by Hilton hotels are distinctively designed properties that provide true comfort to today’s business and leisure travelers. From the millions of delighted hotel guests who are welcomed with the brand’s legendary, warm chocolate chip cookies at check-in to the advantages of the award-winning Hilton HHonors® guest reward program, each DoubleTree by Hilton guest receives a satisfying stay wherever their travels take them. With a growing collection of contemporary, upscale accommodations in more than 375+ gateway cities, metropolitan areas and vacation destinations worldwide. DoubleTree by Hilton is part of Hilton Worldwide (NYSE: HLT), a leading global hospitality company spanning the lodging sector from luxury and full-service hotels and resorts to extended-stay suites and focused-service hotels. For 95 years, Hilton Worldwide has been dedicated to continuing its tradition of providing exceptional guest experiences. The company’s portfolio of eleven world-class global brands is comprised of more than 4,100 managed, franchised, owned and leased hotels and timeshare properties, with more than 685,000 rooms in 92 countries and territories, including Hilton Hotels & Resorts, Waldorf Astoria Hotels & Resorts, Conrad Hotels & Resorts, Curio – A Collection by Hilton, DoubleTree by Hilton, Embassy Suites Hotels, Hilton Garden Inn, Hampton Hotels, Homewood Suites by Hilton, Home2 Suites by Hilton and Hilton Grand Vacations. The company also manages an award-winning customer loyalty program, Hilton Honors.
DoubleTree by Hilton A.I CyberSecurity Scoring
DH Risk Score (AI oriented)Between 750 and 799
DH
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
DH Global Score (TPRM)XXXX
DH
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
DH Company CyberSecurity News & History
Past Incidents
4
Attack Types
1
Hilton
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: Hilton Worldwide Holdings, a hotel group, revealed that credit card information was stolen by cybercriminals from a few of its point-of-sale systems. Executive vice president of Hilton Global Brands Jim Holthouser claims that malware compromised PoS systems, enabling hackers to obtain client information such as credit card numbers, expiration dates, security codes, and names of credit card holders. In certain point-of-sale systems, unauthorised malware that targeted credit card information has been found and removed by Hilton Worldwide. It was discovered that the data breach did not expose the customer's addresses or personal identification numbers.
Hilton Worldwide, Inc.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In November 2015, the California Office of the Attorney General disclosed that Hilton Worldwide suffered a **malware-driven data breach** targeting its **point-of-sale (POS) systems**. The attack compromised **payment card data** of customers who made transactions at Hilton hotels during two distinct periods: **November 18–December 5, 2014**, and **April 21–July 27, 2015**. The exposed information included **cardholder names, payment card numbers, security codes, and expiration dates**, though **addresses and PINs remained unaffected**. The breach stemmed from unauthorized malware infiltrating Hilton’s POS environment, enabling attackers to harvest sensitive financial details during transactions. While the exact number of affected customers was not specified, the prolonged exposure window heightened risks of **fraudulent card activity, identity theft, and financial losses** for victims. Hilton took remedial actions, including **enhancing payment security protocols** and collaborating with law enforcement. However, the incident underscored vulnerabilities in hospitality sector cybersecurity, particularly in safeguarding **customer financial data** against evolving malware threats. The breach did not involve ransomware or broader systemic disruptions but focused solely on **payment card exploitation** during the specified timeframes.
Hilton Hotels & Resorts
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The Hilton hotel chain was accused of improperly handling two distinct cyberattacks that resulted in the exposure of its customers' financial information, and as a result, it agreed to pay Vermont and New York $700,000. According to the inquiry, thieves put denial-of-service malware on Hilton's payment systems, which would have exposed cardholders' personal information. The business is held accountable for the customers' delayed notice and is charged with having a payment method with inadequate security. Hilton will improve the security of its payment systems and internal incident response protocols as part of the settlement.
Hilton Hotels & Resorts
Breach
Rankiteo Explanation
Attack threatening the economy of a geographical region
Description: The credit card details of numerous customers were leaked after common point-of-sale registers in gift shops and restaurants at a large number of Hilton Hotel was compromised. Hilton hotel apologized to all the customers and investigated the incident with the data security team. The hotel was also fined $700K for the breach.
DH Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for DH
Incidents vs Hospitality Industry Average (This Year)
No incidents recorded for DoubleTree by Hilton in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for DoubleTree by Hilton in 2025.
Incident Types DH vs Hospitality Industry Avg (This Year)
No incidents recorded for DoubleTree by Hilton in 2025.
Incident History — DH (X = Date, Y = Severity)
DH cyber incidents detection timeline including parent company and subsidiaries
DH Company Subsidiaries
DoubleTree by Hilton hotels are distinctively designed properties that provide true comfort to today’s business and leisure travelers. From the millions of delighted hotel guests who are welcomed with the brand’s legendary, warm chocolate chip cookies at check-in to the advantages of the award-winning Hilton HHonors® guest reward program, each DoubleTree by Hilton guest receives a satisfying stay wherever their travels take them. With a growing collection of contemporary, upscale accommodations in more than 375+ gateway cities, metropolitan areas and vacation destinations worldwide. DoubleTree by Hilton is part of Hilton Worldwide (NYSE: HLT), a leading global hospitality company spanning the lodging sector from luxury and full-service hotels and resorts to extended-stay suites and focused-service hotels. For 95 years, Hilton Worldwide has been dedicated to continuing its tradition of providing exceptional guest experiences. The company’s portfolio of eleven world-class global brands is comprised of more than 4,100 managed, franchised, owned and leased hotels and timeshare properties, with more than 685,000 rooms in 92 countries and territories, including Hilton Hotels & Resorts, Waldorf Astoria Hotels & Resorts, Conrad Hotels & Resorts, Curio – A Collection by Hilton, DoubleTree by Hilton, Embassy Suites Hotels, Hilton Garden Inn, Hampton Hotels, Homewood Suites by Hilton, Home2 Suites by Hilton and Hilton Grand Vacations. The company also manages an award-winning customer loyalty program, Hilton Honors.
Loading...
DH Similar Companies
The Country Club India Ltd
CCIL - Country Club India Ltd is one of the fastest growing entertainment and leisure conglomerate in India. A Multi-Million dollar entity and a listed company on BSE (Bombay Stock Exchange), CCIL is a pioneer in the concept of family clubbing in the country. CCIL has established 205 properties of w
Four Seasons Hotels and Resorts opened its first hotel in 1961, and since that time has been dedicated to perfecting the travel experience through continual innovation and the highest standards of hospitality. Currently operating more than 120 hotels and resorts, and more than 50 residential propert
Jumeirah
Jumeirah, a global leader in luxury hospitality and a member of Dubai Holding, operates an exceptional portfolio of 31 properties, including 33 signature F&B restaurants, across the Middle East, Europe, Asia and Africa. In 1999, Jumeirah changed the face of luxury hospitality with the opening of t
We are Accor We are more than 290,000 hospitality experts placing people at the heart of what we do, creating emotion for our guests, and nurturing passion for service and achievement beyond limits. Building on the strength of our teams and of our fully integrated ecosystem of leading brands, perso
TUI
We’re adventure seekers. Smile givers. Impact makers. We believe in the power of travel. It broadens horizons for our customers, and for our people too. New places to live, new roles to explore, new communities to join. It’s yours for the taking. We’re TUI, a leading global travel and leisure exp
Travel + Leisure Co., the world's leading vacation ownership and membership travel company, provides more than six million vacations to travelers every year. The company’s extensive Vacation Ownership portfolio includes trusted and iconic vacation club brands with a combined 270+ resorts worldwide,
JW Marriott
No loud pretense. No excess formalities. Just understated elegance you’ll feel the moment you walk into one of over 80 worldwide destinations. JW Marriott is part of Marriott International’s luxury portfolio and consists of beautiful properties in gateway cities and distinctive resort locations in
Rotana Hotels
Since inception, Rotana has grown to be the region’s largest hospitality management company, and a brand that is widely recognized and admired. Rotana currently manages a portfolio of over 100 properties throughout the Middle East, Africa, Eastern Europe and Türkiye offering a wide range of servic
Shangri-La Group
Headquartered in Hong Kong SAR, the Shangri-La Group has grown from a single hotel business to a diverse and integrated global portfolio comprising quality real estate and investment properties, wellness and lifestyle facilities. Today, the Group owns, operates and manages 100+ hotels under our fami
.png)
DH CyberSecurity News
November 24, 2025 08:00 AM
Cybersecurity issue forces closure of Jackson County schools
SYLVA, N.C. (828newsNOW) — Jackson County Public Schools shut down its districtwide network and canceled classes for students Tuesday after...
November 10, 2025 08:00 AM
Compromised Credit Cards Point to Hilton Hotel Data Breach
If you stayed with the Hilton or one of its franchises earlier this year, your card may be subject to fraudulent activity.
November 08, 2025 08:00 AM
MANNA FoodBank's annual 'Empty Bowls' event returns Monday
An Asheville-based nonprofit organization is bringing back a beloved annual event that celebrates the artists, chefs and community members...
October 27, 2025 07:00 AM
World AI Show Malaysia 2025 Kicks Off Tomorrow - A Global Convergence of AI Leaders and Investors
The 46th global edition of Trescon's flagship AI series begins tomorrow at DoubleTree by Hilton, Kuala Lumpur, bringing together 1000+...
October 14, 2025 07:00 AM
World AI Show Welcomes MIDA as Strategic Investment Partner, Strengthening Malaysia’s Position as AI & Investment Hub
Kuala Lumpur, Malaysia (14 October 2025) – The World AI Show is gearing up for its 46th global edition, set for 28–29 October 2025 at...
September 25, 2025 07:00 AM
Top Security Executives Recognized at the 2025 BayAreaCISO ORBIE Awards
Leading CISOs honored for leadership, security, and business impact. ...
August 23, 2025 07:00 AM
FutureCon Cybersecurity Conference Rumbles Through The Midwest
Global chief information and product security officer for GE Aviation on security operations.
August 14, 2025 07:00 AM
Cybersecurity conference in Rochester highlights crucial ways to stay safe from threats
Cybersecurity is at the forefront of today's world, and some of the best defenses were discussed during an annual event Wednesday at the...
July 03, 2025 07:00 AM
Taunton's only hotel sold to Hilton after temporary housing for immigrants ends
The Clarion has been sold to the Hilton brand, it's going to be a DoubleTree now. We're excited about that because the Clarion is usually a 3-star hotel and...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
DH CyberSecurity History Information
Official Website of DoubleTree by Hilton
The official website of DoubleTree by Hilton is http://www.doubletree.com.
DoubleTree by Hilton’s AI-Generated Cybersecurity Score
According to Rankiteo, DoubleTree by Hilton’s AI-generated cybersecurity score is 797, reflecting their Fair security posture.
How many security badges does DoubleTree by Hilton’ have ?
According to Rankiteo, DoubleTree by Hilton currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does DoubleTree by Hilton have SOC 2 Type 1 certification ?
According to Rankiteo, DoubleTree by Hilton is not certified under SOC 2 Type 1.
Does DoubleTree by Hilton have SOC 2 Type 2 certification ?
According to Rankiteo, DoubleTree by Hilton does not hold a SOC 2 Type 2 certification.
Does DoubleTree by Hilton comply with GDPR ?
According to Rankiteo, DoubleTree by Hilton is not listed as GDPR compliant.
Does DoubleTree by Hilton have PCI DSS certification ?
According to Rankiteo, DoubleTree by Hilton does not currently maintain PCI DSS compliance.
Does DoubleTree by Hilton comply with HIPAA ?
According to Rankiteo, DoubleTree by Hilton is not compliant with HIPAA regulations.
Does DoubleTree by Hilton have ISO 27001 certification ?
According to Rankiteo,DoubleTree by Hilton is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of DoubleTree by Hilton
DoubleTree by Hilton operates primarily in the Hospitality industry.
Number of Employees at DoubleTree by Hilton
DoubleTree by Hilton employs approximately 15,099 people worldwide.
Subsidiaries Owned by DoubleTree by Hilton
DoubleTree by Hilton presently has no subsidiaries across any sectors.
DoubleTree by Hilton’s LinkedIn Followers
DoubleTree by Hilton’s official LinkedIn profile has approximately 131,691 followers.
NAICS Classification of DoubleTree by Hilton
DoubleTree by Hilton is classified under the NAICS code 7211, which corresponds to Traveler Accommodation.
DoubleTree by Hilton’s Presence on Crunchbase
No, DoubleTree by Hilton does not have a profile on Crunchbase.
DoubleTree by Hilton’s Presence on LinkedIn
Yes, DoubleTree by Hilton maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/doubletree-hilton.
Cybersecurity Incidents Involving DoubleTree by Hilton
As of December 03, 2025, Rankiteo reports that DoubleTree by Hilton has experienced 4 cybersecurity incidents.
Number of Peer and Competitor Companies
DoubleTree by Hilton has an estimated 13,715 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at DoubleTree by Hilton ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
What was the total financial impact of these incidents on DoubleTree by Hilton ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $700 thousand.
How does DoubleTree by Hilton detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with apologized to customers, and containment measures with malware removed from point-of-sale systems, and remediation measures with improve the security of payment systems, remediation measures with enhance internal incident response protocols..
Incident Details
Can you provide details on each incident ?
Title: Hilton Hotel Credit Card Data Breach
Description: The credit card details of numerous customers were leaked after common point-of-sale registers in gift shops and restaurants at a large number of Hilton Hotels were compromised.
Type: Data Breach
Attack Vector: Point-of-Sale System
Title: Hilton Worldwide Credit Card Data Breach
Description: Credit card information was stolen by cybercriminals from a few of Hilton Worldwide Holdings' point-of-sale systems due to malware.
Type: Data Breach
Attack Vector: Malware
Vulnerability Exploited: Point-of-Sale Systems
Threat Actor: Cybercriminals
Motivation: Financial Gain
Title: Hilton Hotel Chain Data Breach and Malware Attack
Description: The Hilton hotel chain was accused of improperly handling two distinct cyberattacks that resulted in the exposure of its customers' financial information, and as a result, it agreed to pay Vermont and New York $700,000.
Type: data breach
Attack Vector: denial-of-service malware
Vulnerability Exploited: inadequate security of payment systems
Threat Actor: thieves
Title: Hilton Worldwide Payment Card Data Breach (2014-2015)
Description: The California Office of the Attorney General reported that Hilton Worldwide experienced a data breach due to unauthorized malware targeting payment card information in point-of-sale systems. The breach affected customers who used payment cards at Hilton hotels between November 18, 2014, and December 5, 2014, and between April 21, 2015, and July 27, 2015. The compromised information included cardholder names, payment card numbers, security codes, and expiration dates, but not addresses or PINs.
Date Publicly Disclosed: 2015-11-24
Type: Data Breach
Attack Vector: Malware (Point-of-Sale Systems)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Point-of-Sale Registers and Point-of-Sale Systems.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach HIL15823422
Data Compromised: Credit Card Details
Systems Affected: Point-of-Sale Registers
Legal Liabilities: Fined $700K
Payment Information Risk: High
Incident : Data Breach HIL1733261023
Data Compromised: Credit card numbers, Expiration dates, Security codes, Names of credit card holders
Systems Affected: Point-of-Sale Systems
Payment Information Risk: True
Incident : data breach HIL2335171223
Financial Loss: $700,000 in fines
Data Compromised: Customers' financial information
Systems Affected: payment systems
Legal Liabilities: charged with delayed notice and inadequate security
Payment Information Risk: high
Incident : Data Breach HIL038090625
Data Compromised: Cardholder names, Payment card numbers, Security codes, Expiration dates
Systems Affected: Point-of-Sale (PoS) systems
Identity Theft Risk: High (payment card details exposed)
Payment Information Risk: High (card numbers, security codes, expiration dates compromised)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $175.00 thousand.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Credit Card Details, Credit Card Numbers, Expiration Dates, Security Codes, Names Of Credit Card Holders, , financial information, Payment Card Data, Personally Identifiable Information (Pii) and .
Which entities were affected by each incident ?
Incident : Data Breach HIL1733261023
Entity Name: Hilton Worldwide Holdings
Entity Type: Hotel Group
Industry: Hospitality
Incident : data breach HIL2335171223
Entity Name: Hilton
Entity Type: corporation
Industry: hospitality
Incident : Data Breach HIL038090625
Entity Name: Hilton Worldwide
Entity Type: Hospitality
Industry: Hotel and Resort
Location: Global (primarily U.S. properties)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach HIL15823422
Communication Strategy: Apologized to customers
Incident : Data Breach HIL1733261023
Containment Measures: Malware removed from point-of-sale systems
Incident : data breach HIL2335171223
Remediation Measures: improve the security of payment systemsenhance internal incident response protocols
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach HIL15823422
Type of Data Compromised: Credit Card Details
Sensitivity of Data: High
Incident : Data Breach HIL1733261023
Type of Data Compromised: Credit card numbers, Expiration dates, Security codes, Names of credit card holders
Sensitivity of Data: High
Incident : data breach HIL2335171223
Type of Data Compromised: financial information
Sensitivity of Data: high
Incident : Data Breach HIL038090625
Type of Data Compromised: Payment card data, Personally identifiable information (pii)
Sensitivity of Data: High
Data Exfiltration: Yes (malware exfiltrated card data)
Personally Identifiable Information: Cardholder names
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: improve the security of payment systems, enhance internal incident response protocols, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by malware removed from point-of-sale systems.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach HIL15823422
Fines Imposed: $700K
Incident : data breach HIL2335171223
Fines Imposed: $700,000
Incident : Data Breach HIL038090625
Regulatory Notifications: California Office of the Attorney General
References
Where can I find more information about each incident ?
Incident : Data Breach HIL038090625
Source: California Office of the Attorney General
Date Accessed: 2015-11-24
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2015-11-24.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach HIL15823422
Investigation Status: Investigated by data security team
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Apologized to customers.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach HIL15823422
Entry Point: Point-of-Sale Registers
Incident : Data Breach HIL1733261023
Entry Point: Point-of-Sale Systems
Incident : Data Breach HIL038090625
High Value Targets: Payment Card Data,
Data Sold on Dark Web: Payment Card Data,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach HIL1733261023
Root Causes: Malware compromised PoS systems
Corrective Actions: Malware removed from point-of-sale systems
Incident : data breach HIL2335171223
Root Causes: Inadequate Security Of Payment Systems, Delayed Notice To Customers,
Corrective Actions: Improve The Security Of Payment Systems, Enhance Internal Incident Response Protocols,
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Malware removed from point-of-sale systems, Improve The Security Of Payment Systems, Enhance Internal Incident Response Protocols, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Cybercriminals and thieves.
Incident Details
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2015-11-24.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $700,000 in fines.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Credit Card Details, Credit card numbers, Expiration dates, Security codes, Names of credit card holders, , customers' financial information, , Cardholder names, Payment card numbers, Security codes, Expiration dates and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Point-of-Sale (PoS) systems.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Malware removed from point-of-sale systems.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Names of credit card holders, Cardholder names, Security codes, customers' financial information, Credit Card Details, Expiration dates, Payment card numbers and Credit card numbers.
Regulatory Compliance
What was the highest fine imposed for a regulatory violation ?
Highest Fine Imposed: The highest fine imposed for a regulatory violation was $700K, $700,000.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Investigated by data security team.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Point-of-Sale Registers and Point-of-Sale Systems.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Malware compromised PoS systems, inadequate security of payment systemsdelayed notice to customers.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Malware removed from point-of-sale systems, improve the security of payment systemsenhance internal incident response protocols.
.png)
Latest Global CVEs (Not Company-Specific)
Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. This vulnerability is fixed in 7.1.2-9 and 6.9.13-34.
Risk Information
cvss3
Base: 4.9
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Description
FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the application or web server to execute it, resulting in remote code execution (RCE).
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Description
PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Description
NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database.
Risk Information
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.
Risk Information
cvss3
Base: 8.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
cvss4
Base: 7.1
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=doubletree-hilton' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
