Comparison Overview
Etelä-Karjalan Osuuskauppa

Etelä-Karjalan Osuuskauppa
Puhakankatu 9-11, None, Lappeenranta, None, FI, 53600
Last Update: 11/12/2025
Eekoo – yli 72 000 asiakasomistajan omistama yritys ja Suomen innostavin työpaikka 2023 (keskisuurten yritysten sarja). Etelä-Karjalan Osuuskauppa, Eekoo toimii Etelä-Karjalassa 11 kunnan alueella. Eekoo on voimakkaasti kehittyvä palvelualan yritys, joka tarjoaa asiaka...

TFG (The Foschini Group)
340 Voortrekker Road, Cape Town, 7500, ZA
Last Update: 01/04/2026
TFG holds a diversified portfolio of speciality retail assets across various product categories and consumer segments. The Group has a portfolio of 35 leading retail brands, with over 4600 outlets in 23 countries on five continents, offering customers a variety of speci...
Compliance Ranges Comparison

Etelä-Karjalan Osuuskauppa







TFG (The Foschini Group)






Benchmark & Cyber Underwriting Signals
Incidents vs Retail Industry Avg (This Year)
No incidents recorded for Etelä-Karjalan Osuuskauppa in 2026.
Incidents vs Retail Industry Avg (This Year)
No incidents recorded for TFG (The Foschini Group) in 2026.
Incident History - Etelä-Karjalan Osuuskauppa (X = Date, Y = Severity)
Etelä-Karjalan Osuuskauppa cyber incidents detection timeline including parent company and subsidiaries.
Incident History - TFG (The Foschini Group) (X = Date, Y = Severity)
TFG (The Foschini Group) cyber incidents detection timeline including parent company and subsidiaries.
Notable Incidents

Etelä-Karjalan Osuuskauppa

TFG (The Foschini Group)
FAQ
Latest Global CVEs
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a `ClientPasswordReset` record already exists for a client (from a previous unexpired reset request), subsequent calls to the `reset_password` guest API endpoint reuse the existing token instead of generating a new one. The 15-minute validity window is anchored to the first request's `created_at` timestamp, not the time of the most recent email. An attacker who obtained the original reset link remains able to use it even after the victim requests a new reset, because the original token is never invalidated or rotated. Version 0.8.0 patches the issue. Some workarounds are available. Configure a reverse proxy (e.g., Nginx, Apache, Cloudflare) to apply per-IP rate limiting to the `/client/reset-password` endpoint to minimize the window of opportunity, and/or manually clear expired `client_password_reset` records from the database after a client reports a suspected compromise.
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow a low-privileged staff account to grant arbitrary module permissions to itself through the admin API, resulting in persistent privilege escalation. A staff user that only has `staff.create_and_edit_staff` can call `/api/admin/staff/permissions_update` targeting their own account and write any permission structure, bypassing the intended role-based access control boundary. Version 0.8.0 patches the issue. Some workarounds are available. Restrict the `staff.create_and_edit_staff` permission to only highly trusted staff members and/or use a reverse proxy or WAF to restrict access to `/api/admin/staff/permissions_update` to specific trusted roles.
FOSSBilling is a free, open-source billing and client management system. Versions 0.5.3 through 0.7.2 allow authenticated clients to both read and reset API key service secrets for orders that are no longer in an `active` state (e.g., `suspended`, `canceled`). The root cause is missing order-state validation in two client API endpoints, despite an `isActive()` helper already existing in the `Serviceapikey` module and the frontend UI correctly gating access on `order.status == 'active'`. Version 0.8.0 contains a fix. Some workarounds are available. If the `Serviceapikey` module is not needed, uninstall it to remove the affected endpoints. One may also use a reverse proxy or WAF to restrict access to `/api/client/order/service` and `/api/client/serviceapikey/reset` based on application-level order-state logic.
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the `can_always_access` module flag (which grants all staff access to certain modules) and insufficient permission checks or unsafe parameter handling on individual endpoints. Version 0.8.0 contains a fix. Some workarounds are available. Restrict staff accounts to only those who need access to sensitive settings and/or use a reverse proxy or WAF to restrict access to the affected endpoints to trusted IP addresses or higher-privilege roles.
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when the "Require Email Confirmation" setting is enabled, a logged-in client with an unverified email address (`email_approved = 0`) can access all client-area pages (e.g. `/client/balance`, `/client/order/list`, `/client/invoice`) and read real account data, including wallet balances and transaction history. The API-side enforcement correctly restricts unverified clients to only profile-related endpoints, but the page-side enforcement is overly permissive, allowing any request whose path starts with `/client`. Version 0.8.0 contains a fix. No known workarounds that don't involve modifying the source code are available.