Gen
Company Details
Linkedin ID:
gendigitalinc
Website:
Employees number:
3,306
Number of followers:
69,319
NAICS:
541514
Industry Type:
Homepage:
gendigital.com
IP Addresses:
0
Company ID:
GEN_1894867
Scan Status:
In-progress
Gen Company CyberSecurity Posture
gendigital.com
Gen (NASDAQ: GEN) is a global company dedicated to Powering Digital Freedom through its trusted Cyber Safety brands, Norton, Avast, LifeLock, MoneyLion and more. The Gen family of consumer brands is rooted in providing empowerment and safety for the first digital generations. Now, Gen empowers people to live their digital lives confidently today and for generations to come. Gen brings award-winning products and services in cybersecurity, online privacy, identity protection and financial wellness to nearly 500 million users in more than 150 countries. Norton.com Avast.com LifeLock.com MoneyLion.com Avira.com AVG.com CCleaner.com GOBankingRates.com ReputationDefender.com
Gen A.I CyberSecurity Scoring
Gen Risk Score (AI oriented)Between 750 and 799
Gen
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Gen Global Score (TPRM)XXXX
Gen
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Gen Company CyberSecurity News & History
Past Incidents
7
Attack Types
4
Avast
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: In May 2014, the Avast anti-virus forum was hacked and 423k member records were exposed online. The Simple Machines Based forum included usernames, email addresses and password hashes of about 422,959 individuals.
Avast
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Avast successfully developed a decryptor for the DoNex ransomware family, identifying a flaw that allowed victims to recover their files without charge. Previously known as Muse and DarkRace, DoNex, which emerged in April 2022, targeted individuals and organizations, causing disruptions mainly in the US, Italy, and Belgium. By encrypting files with a ChaCha20 symmetric key and further securing the symmetric file key with RSA-4096 encryption, the ransomware demanded a ransom for file decryption. Avast’s decryptor has been distributed in secrecy since March 2024, in collaboration with law enforcement, to avoid alerting the ransomware authors. The company also provided the public with Indicators of Compromise to help identify and mitigate this security threat.
Avast
Vulnerability
Rankiteo Explanation
Attack threatening the organization’s existence
Description: A malware campaign has been discovered targeting systems using a vulnerable Avast Anti-Rootkit driver. This driver allowed malware to disable security tools and assume control over the system. The compromise affected various security products from multiple companies, with the malware utilizing kernel-level access to terminate security processes. Organizations were advised to instate protections against BYOVD (Bring Your Own Vulnerable Driver) tactics, which use legitimate but compromised drivers to evade detection. Indicators of compromise have been provided to assist in thwarting such attacks, highlighting the importance of protecting systems against kernel-level threats posed by flawed security drivers.
Gen™
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Gen Digital claimed to have been a victim of a cyberattack, and threat actors had taken advantage of the recently discovered MOVEit Transfer vulnerability CVE-2023-34362. The business acknowledged that threat actors had access to employee personal data. Names, residences, dates of birth, and corporate email addresses are among the data that have been exposed. The business informed the concerned third parties as well as the data protection authorities.
NortonLifeLock Inc.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Vermont Office of the Attorney General reported on January 9, 2023, that NortonLifeLock Gen Digital experienced a data breach, where unauthorized third parties likely accessed customer usernames and passwords for accounts created before December 1, 2022. The breach began around December 1, 2022, and potentially exposed customer first names, last names, phone numbers, and mailing addresses. The number of affected individuals is currently unknown.
NortonLifeLock
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Gen Digital, previously Symantec Corporation, and NortonLifeLock, alerted its clients to the fact that threat actors had compromised Norton Password Manager accounts through credential-stuffing assaults. The company stated that while none of its systems had been penetrated, the attack may have utilized credentials that came from another source. NortonLifeLock has not yet made public how many customers are affected. Threat actors could have accessed Password Manager accounts and seen information such as first and last names, phone numbers, and mailing addresses. NortonLifeLock has announced the adoption of additional security measures for the affected accounts and reset Norton passwords on those accounts in response to the incident.
NortonLifeLock
Vulnerability
Rankiteo Explanation
Attack limited on finance or reputation
Description: Identity theft protection firm LifeLock have exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company.
Gen Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Gen
Incidents vs Computer and Network Security Industry Average (This Year)
No incidents recorded for Gen in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Gen in 2025.
Incident Types Gen vs Computer and Network Security Industry Avg (This Year)
No incidents recorded for Gen in 2025.
Incident History — Gen (X = Date, Y = Severity)
Gen cyber incidents detection timeline including parent company and subsidiaries
Gen Company Subsidiaries
Gen (NASDAQ: GEN) is a global company dedicated to Powering Digital Freedom through its trusted Cyber Safety brands, Norton, Avast, LifeLock, MoneyLion and more. The Gen family of consumer brands is rooted in providing empowerment and safety for the first digital generations. Now, Gen empowers people to live their digital lives confidently today and for generations to come. Gen brings award-winning products and services in cybersecurity, online privacy, identity protection and financial wellness to nearly 500 million users in more than 150 countries. Norton.com Avast.com LifeLock.com MoneyLion.com Avira.com AVG.com CCleaner.com GOBankingRates.com ReputationDefender.com
Loading...
Gen Similar Companies
CrowdStrike
CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk — endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and world-clas
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest s
.png)
Gen CyberSecurity News
November 25, 2025 04:58 PM
As Gen Z Enters Cybersecurity, Jury Is Out on AI's Impact
Despite possibly supplanting some young analysts, one Gen Z cybersecurity specialist sees AI helping teach those willing to learn,...
November 24, 2025 08:00 AM
AmiViz to show next gen cybersecurity innovations at Black Hat MEA 2025
AmiViz to showcase Next Generation Cybersecurity with AI Innovations at Black Hat MEA.
November 10, 2025 08:00 AM
Gen Digital Raises FY26 Revenue Outlook to US$4.97 billion
Gen Digital raises its annual revenue forecast again, driven by strong cybersecurity demand and MoneyLion fintech integration.
November 07, 2025 08:00 AM
Gen Digital raises annual revenue forecast on MoneyLion integration, cybersecurity demand
Since January this year the company has blocked more than 140,000 AI-generated scam websites, which is roughly 580 new malicious sites every day...
November 06, 2025 08:00 AM
77% of Chief Product Officers Use Gen AI for Cybersecurity
77% of Chief Product Officers Use Gen AI for Cybersecurity · That subtle shift · The study, based on a March 2025 survey of 60 U.S. product...
November 06, 2025 08:00 AM
Inside India and Israel’s push for AI, cybersecurity, and next-gen warfare tech - ET Edge Insights
Artificial intelligence is rapidly becoming the new strategic enabler for armed forces worldwide. Under the MoU, India and Israel plan to...
November 06, 2025 08:00 AM
Gen Digital raises annual revenue forecast on MoneyLion integration, cybersecurity demand
Gen Digital raised its annual revenue forecast for a second consecutive quarter on Thursday, helped by robust demand for its cybersecurity...
November 03, 2025 08:00 AM
EY Selects CrowdStrike Falcon Next-Gen SIEM to Power Global Cybersecurity Managed Services
AUSTIN, Texas--(BUSINESS WIRE)--CrowdStrike (NASDAQ: CRWD) and Ernst & Young LLP (EY US) today announced that EY US has selected CrowdStrike...
November 03, 2025 08:00 AM
Check Point equipping partners to deliver next-gen cybersecurity innovations
Check Point equipping partners to deliver next-gen cybersecurity innovations ... “At Check Point Software, our channel strategy is built on a...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Gen CyberSecurity History Information
Official Website of Gen
The official website of Gen is http://GenDigital.com.
Gen’s AI-Generated Cybersecurity Score
According to Rankiteo, Gen’s AI-generated cybersecurity score is 762, reflecting their Fair security posture.
How many security badges does Gen’ have ?
According to Rankiteo, Gen currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Gen have SOC 2 Type 1 certification ?
According to Rankiteo, Gen is not certified under SOC 2 Type 1.
Does Gen have SOC 2 Type 2 certification ?
According to Rankiteo, Gen does not hold a SOC 2 Type 2 certification.
Does Gen comply with GDPR ?
According to Rankiteo, Gen is not listed as GDPR compliant.
Does Gen have PCI DSS certification ?
According to Rankiteo, Gen does not currently maintain PCI DSS compliance.
Does Gen comply with HIPAA ?
According to Rankiteo, Gen is not compliant with HIPAA regulations.
Does Gen have ISO 27001 certification ?
According to Rankiteo,Gen is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Gen
Gen operates primarily in the Computer and Network Security industry.
Number of Employees at Gen
Gen employs approximately 3,306 people worldwide.
Subsidiaries Owned by Gen
Gen presently has no subsidiaries across any sectors.
Gen’s LinkedIn Followers
Gen’s official LinkedIn profile has approximately 69,319 followers.
NAICS Classification of Gen
Gen is classified under the NAICS code 541514, which corresponds to Others.
Gen’s Presence on Crunchbase
Yes, Gen has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/gen-499c.
Gen’s Presence on LinkedIn
Yes, Gen maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/gendigitalinc.
Cybersecurity Incidents Involving Gen
As of December 02, 2025, Rankiteo reports that Gen has experienced 7 cybersecurity incidents.
Number of Peer and Competitor Companies
Gen has an estimated 2,899 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Gen ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability, Data Leak, Ransomware and Breach.
How does Gen detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with fixed vulnerability, and communication strategy with informed concerned third parties and data protection authorities, and containment measures with adoption of additional security measures, containment measures with password resets, and communication strategy with customer alerts, and third party assistance with avast, and and remediation measures with protections against byovd tactics..
Incident Details
Can you provide details on each incident ?
Title: LifeLock Vulnerability Exposes Customer Emails and Communication Preferences
Description: Identity theft protection firm LifeLock have exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company.
Type: Data Exposure
Attack Vector: Web Application Vulnerability
Vulnerability Exploited: Email Indexing and Unsubscribe Vulnerability
Title: Avast Anti-Virus Forum Hack
Description: In May 2014, the Avast anti-virus forum was hacked and 423k member records were exposed online.
Date Detected: 2014-05-01
Type: Data Breach
Title: Gen Digital Cyberattack
Description: Gen Digital claimed to have been a victim of a cyberattack, and threat actors had taken advantage of the recently discovered MOVEit Transfer vulnerability CVE-2023-34362. The business acknowledged that threat actors had access to employee personal data. Names, residences, dates of birth, and corporate email addresses are among the data that have been exposed. The business informed the concerned third parties as well as the data protection authorities.
Type: Data Breach
Attack Vector: Exploiting software vulnerability
Vulnerability Exploited: CVE-2023-34362
Title: Norton Password Manager Accounts Compromised by Credential-Stuffing Attacks
Description: Gen Digital, previously Symantec Corporation, and NortonLifeLock, alerted its clients to the fact that threat actors had compromised Norton Password Manager accounts through credential-stuffing assaults. The company stated that while none of its systems had been penetrated, the attack may have utilized credentials that came from another source. NortonLifeLock has not yet made public how many customers are affected. Threat actors could have accessed Password Manager accounts and seen information such as first and last names, phone numbers, and mailing addresses. NortonLifeLock has announced the adoption of additional security measures for the affected accounts and reset Norton passwords on those accounts in response to the incident.
Type: Credential-Stuffing Attack
Attack Vector: Credential-Stuffing
Motivation: Unauthorized Access
Title: DoNex Ransomware Incident
Description: Avast developed a decryptor for the DoNex ransomware, allowing victims to recover files without charge. Known as Muse and DarkRace, DoNex targeted individuals and organizations, causing disruptions mainly in the US, Italy, and Belgium. The ransomware encrypted files with ChaCha20 symmetric key and RSA-4096 encryption, demanding a ransom for decryption. Avast's decryptor, distributed since March 2024, was kept secret to avoid alerting the authors. Indicators of Compromise were provided to help identify and mitigate the threat.
Date Detected: April 2022
Type: Ransomware
Threat Actor: DoNex Ransomware
Motivation: Financial gain
Title: Malware Campaign Exploiting Avast Anti-Rootkit Driver
Description: A malware campaign has been discovered targeting systems using a vulnerable Avast Anti-Rootkit driver. This driver allowed malware to disable security tools and assume control over the system. The compromise affected various security products from multiple companies, with the malware utilizing kernel-level access to terminate security processes. Organizations were advised to instate protections against BYOVD (Bring Your Own Vulnerable Driver) tactics, which use legitimate but compromised drivers to evade detection. Indicators of compromise have been provided to assist in thwarting such attacks, highlighting the importance of protecting systems against kernel-level threats posed by flawed security drivers.
Type: Malware Campaign
Attack Vector: Vulnerable Driver Exploit
Vulnerability Exploited: Avast Anti-Rootkit driver
Title: NortonLifeLock Gen Digital Data Breach
Description: Unauthorized third parties likely accessed customer usernames and passwords for accounts created before December 1, 2022. The breach potentially exposed customer first names, last names, phone numbers, and mailing addresses.
Date Detected: 2023-01-09
Date Publicly Disclosed: 2023-01-09
Type: Data Breach
Threat Actor: Unauthorized third parties
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Data Leak.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Compromised Credentials from Another Source and Vulnerable Avast Anti-Rootkit driver.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Exposure NOR013101122
Data Compromised: Email addresses, Communication preferences
Systems Affected: Web Application
Identity Theft Risk: High
Incident : Data Breach AVA221624123
Data Compromised: Usernames, Email addresses, Password hashes
Systems Affected: Forum
Incident : Data Breach GEN111718923
Data Compromised: Names, Residences, Dates of birth, Corporate email addresses
Incident : Credential-Stuffing Attack NOR225881023
Data Compromised: First and last names, Phone numbers, Mailing addresses
Systems Affected: Norton Password Manager
Incident : Malware Campaign AVA000112624
Systems Affected: Various security products from multiple companies
Incident : Data Breach NOR153072525
Data Compromised: Usernames, Passwords, First names, Last names, Phone numbers, Mailing addresses
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Email Addresses, Communication Preferences, , Usernames, Email Addresses, Password Hashes, , Personal Information, , Personally Identifiable Information, , Usernames, Passwords, First Names, Last Names, Phone Numbers, Mailing Addresses and .
Which entities were affected by each incident ?
Incident : Data Exposure NOR013101122
Entity Name: LifeLock
Entity Type: Company
Industry: Identity Theft Protection
Customers Affected: Millions
Incident : Data Breach AVA221624123
Entity Name: Avast
Entity Type: Company
Industry: Cybersecurity
Customers Affected: 422959
Incident : Credential-Stuffing Attack NOR225881023
Entity Name: Gen Digital (previously Symantec Corporation, and NortonLifeLock)
Entity Type: Company
Industry: Cybersecurity
Incident : Ransomware AVA915071024
Location: USItalyBelgium
Incident : Data Breach NOR153072525
Entity Name: NortonLifeLock Gen Digital
Entity Type: Company
Industry: Cybersecurity
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Exposure NOR013101122
Containment Measures: Fixed Vulnerability
Incident : Data Breach GEN111718923
Communication Strategy: Informed concerned third parties and data protection authorities
Incident : Credential-Stuffing Attack NOR225881023
Containment Measures: Adoption of Additional Security MeasuresPassword Resets
Communication Strategy: Customer Alerts
Incident : Ransomware AVA915071024
Third Party Assistance: Avast
Incident : Malware Campaign AVA000112624
Remediation Measures: Protections against BYOVD tactics
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Avast.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Exposure NOR013101122
Type of Data Compromised: Email addresses, Communication preferences
Number of Records Exposed: Millions
Personally Identifiable Information: Email Addresses
Incident : Data Breach AVA221624123
Type of Data Compromised: Usernames, Email addresses, Password hashes
Number of Records Exposed: 422959
Incident : Data Breach GEN111718923
Type of Data Compromised: Personal information
Sensitivity of Data: High
Personally Identifiable Information: NamesResidencesDates of birthCorporate email addresses
Incident : Credential-Stuffing Attack NOR225881023
Type of Data Compromised: Personally identifiable information
Sensitivity of Data: Medium
Personally Identifiable Information: First and Last NamesPhone NumbersMailing Addresses
Incident : Ransomware AVA915071024
Data Encryption: ChaCha20 symmetric key and RSA-4096 encryption
Incident : Data Breach NOR153072525
Type of Data Compromised: Usernames, Passwords, First names, Last names, Phone numbers, Mailing addresses
Personally Identifiable Information: first nameslast namesphone numbersmailing addresses
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Protections against BYOVD tactics, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by fixed vulnerability, , adoption of additional security measures, password resets and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware AVA915071024
Ransomware Strain: DoNex
Data Encryption: ChaCha20 symmetric key and RSA-4096 encryption
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach GEN111718923
Regulatory Notifications: Informed data protection authorities
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Malware Campaign AVA000112624
Lessons Learned: Importance of protecting systems against kernel-level threats posed by flawed security drivers.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Importance of protecting systems against kernel-level threats posed by flawed security drivers.
References
Where can I find more information about each incident ?
Incident : Data Breach NOR153072525
Source: Vermont Office of the Attorney General
Date Accessed: 2023-01-09
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Vermont Office of the Attorney GeneralDate Accessed: 2023-01-09.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Informed Concerned Third Parties And Data Protection Authorities and Customer Alerts.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Credential-Stuffing Attack NOR225881023
Entry Point: Compromised Credentials from Another Source
Incident : Malware Campaign AVA000112624
Entry Point: Vulnerable Avast Anti-Rootkit driver
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Malware Campaign AVA000112624
Root Causes: Vulnerable Avast Anti-Rootkit driver
Corrective Actions: Protections against BYOVD tactics
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Avast.
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Protections against BYOVD tactics.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an DoNex Ransomware and Unauthorized third parties.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2014-05-01.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-01-09.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Email Addresses, Communication Preferences, , usernames, email addresses, password hashes, , Names, Residences, Dates of birth, Corporate email addresses, , First and Last Names, Phone Numbers, Mailing Addresses, , usernames, passwords, first names, last names, phone numbers, mailing addresses and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Web Application and Forum and Norton Password Manager and Various security products from multiple companies.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Avast.
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Fixed Vulnerability and Adoption of Additional Security MeasuresPassword Resets.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were usernames, Phone Numbers, Names, Email Addresses, First and Last Names, Dates of birth, last names, mailing addresses, password hashes, passwords, Residences, Mailing Addresses, phone numbers, email addresses, first names, Corporate email addresses and Communication Preferences.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.4K.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Importance of protecting systems against kernel-level threats posed by flawed security drivers.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Vermont Office of the Attorney General.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Compromised Credentials from Another Source and Vulnerable Avast Anti-Rootkit driver.
.png)
Latest Global CVEs (Not Company-Specific)
Description
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with get_class_from_dynamic_module(...) and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the auto_map string. Crucially, this happens even when the caller explicitly sets trust_remote_code=False in vllm.transformers_utils.config.get_config. In practice, an attacker can publish a benign-looking frontend repo whose config.json points via auto_map to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host. This vulnerability is fixed in 0.11.1.
Risk Information
cvss3
Base: 7.1
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Description
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.
Risk Information
cvss4
Base: 8.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=gendigitalinc' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
