Comparison Overview
Fubon Financial Holding Co., Ltd. 富邦金控

Fubon Financial Holding Co., Ltd. 富邦金控
No.237, Sec. 1, Jianguo S. Rd., Da’an Dist.,, Taipei City, 10657, TW
Last Update: 05/04/2026
以「成為亞洲一流的金融機構」為發展願景的富邦金控,旗下主要子公司包括富邦人壽、台北富邦銀行、富邦銀行(香港)、富邦華一銀行、富邦產險、富邦證券及富邦投信等,擁有最完整多元的金融產品與服務,經營績效耀眼,位居市場領導地位。富邦金控深耕台灣逾60年,以「正向力量 成就可能™」為品牌理念,致力以正向的力量及全方位的金融服務,支持人們追尋美好未來。 截至2025年6月底,富邦金控總資產達11兆9,021億元,為台灣總資產第二大、市值第一大金融控股公司,2025年上半年稅後淨利為513.84億元,每股盈餘(EPS) 3.49元。富邦金控已連續...

Equitas Small Finance Bank
Spencer Plaza 4th floor , Phase II , no .769, Chennai, 600002, IN
Last Update: 02/04/2026
Equitas Small Finance Bank is an active member of the communities where we live and work, and a strong philanthropic partner enabling individuals, families, businesses, and entire communities in their financial aspirations with seamless banking services. We take the res...
Compliance Ranges Comparison

Fubon Financial Holding Co., Ltd. 富邦金控







Equitas Small Finance Bank






Benchmark & Cyber Underwriting Signals
Incidents vs Banking Industry Avg (This Year)
No incidents recorded for Fubon Financial Holding Co., Ltd. 富邦金控 in 2026.
Incidents vs Banking Industry Avg (This Year)
No incidents recorded for Equitas Small Finance Bank in 2026.
Incident History - Fubon Financial Holding Co., Ltd. 富邦金控 (X = Date, Y = Severity)
Fubon Financial Holding Co., Ltd. 富邦金控 cyber incidents detection timeline including parent company and subsidiaries.
Incident History - Equitas Small Finance Bank (X = Date, Y = Severity)
Equitas Small Finance Bank cyber incidents detection timeline including parent company and subsidiaries.
Notable Incidents

Fubon Financial Holding Co., Ltd. 富邦金控

Equitas Small Finance Bank
FAQ
Latest Global CVEs
mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or directly access memory retrieval endpoints to expose private memory content, or invoke pause endpoints with global_pause=true to cause denial-of-service across all users.
Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generation that consumes the video owner's credits without consent.
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.17.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `POST /api/v2/files` converts zip uploads to tar in memory via `CreateTarFromZip`, which enforced a per-entry size limit but no aggregate limit on total decompressed output, writing to an unbounded in-memory buffer. Exploitation requires authenticated file-upload access and the impact is limited to availability (denial of service). The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 adds a metadata preflight check that sums projected entry sizes and a streaming writer that enforces the aggregate limit during decompression. As a workaround, restrict file-upload permissions to trusted users or place a reverse proxy with request-body size limits in front of `coderd`.
- https://github.com/coder/coder/pull/25877
- https://github.com/coder/coder/releases/tag/v2.29.17
- https://github.com/coder/coder/releases/tag/v2.32.7
- https://github.com/coder/coder/releases/tag/v2.33.8
- https://github.com/coder/coder/releases/tag/v2.34.2
- https://github.com/coder/coder/security/advisories/GHSA-2mg2-p7r7-g27f
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the `PUT /api/v2/users/{user}/password` endpoint authorized only `ActionUpdatePersonal` and did not prevent a `user-admin` from resetting an `owner` account's password. It also did not require the current password when an admin reset another user's password. Exploitation requires the privileged `user-admin` role so practical risk is limited to deployments that grant `user-admin` to less trusted operators. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 prevents non-owner users from resetting the password of an account that holds the `owner` role. As a workaround, restrict the `user-admin` role to trusted administrators.
- https://github.com/coder/coder/pull/25709
- https://github.com/coder/coder/releases/tag/v2.29.17
- https://github.com/coder/coder/releases/tag/v2.32.7
- https://github.com/coder/coder/releases/tag/v2.33.8
- https://github.com/coder/coder/releases/tag/v2.34.2
- https://github.com/coder/coder/security/advisories/GHSA-29xf-69gq-m9jx
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, Coder's OIDC callback checked `email_verified` with a direct Go `bool` type assertion. When an IdP returned the claim as a non-boolean (for example the string `"false"`) or omitted it, the assertion failed open and the email was treated as verified. Combined with an unconditional email-based account fallback, this enabled account takeover. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 coerces `email_verified` across bool, string and numeric types (fail-closed) and blocks the email fallback when the matched user already has a different linked IdP subject. As a workaround, ensure the IdP returns `email_verified` as a native JSON boolean. The email-fallback linking issue has no configuration workaround; upgrading is required.
- https://github.com/coder/coder/pull/25712
- https://github.com/coder/coder/pull/25713
- https://github.com/coder/coder/releases/tag/v2.29.17
- https://github.com/coder/coder/releases/tag/v2.32.7
- https://github.com/coder/coder/releases/tag/v2.33.8
- https://github.com/coder/coder/releases/tag/v2.34.2
- https://github.com/coder/coder/security/advisories/GHSA-75vm-6w67-gwvp