ISO 27001 Certificate
SOC 1 Type I Certificate
SOC 2 Type II Certificate
PCI DSS
HIPAA
RGPD
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions

Kuaishou Technology Company CyberSecurity Posture

kuaishou.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Kuaishou Technology is a technology company that develops content sharing platforms and makes content production, distribution, and consumption fast and easy. Kuaishou content recommendation system is built on a deep understanding of our users and the content being shared on the platforms every day. Globally, Kuaishou is the second-largest short video platform by average Daily Active Users (DAUs), and the second-largest live streaming e-commerce platform by Gross Merchandise Volume (GMV). It also launched Kwai, a similar platform for users outside China. Founded in 2011, Kuaishou Technology is headquartered in Beijing, China with more than 20,000 employees.

Kuaishou Technology A.I CyberSecurity Scoring

Kuaishou Technology

Company Details

Linkedin ID:

kuaishou

Website:

https://www.kuaishou.com/en

Employees number:

5,959

Number of followers:

141,797

NAICS:

5112

Industry Type:

Software Development

Homepage:

kuaishou.com

IP Addresses:

0

Company ID:

KUA_3047980

Scan Status:

In-progress

AI scoreKuaishou Technology Risk Score (AI oriented)

Between 750 and 799

https://images.rankiteo.com/companyimages/kuaishou.jpeg
Kuaishou Technology Software Development
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreKuaishou Technology Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/kuaishou.jpeg
Kuaishou Technology Software Development
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Kuaishou Technology Company CyberSecurity News & History

Past Incidents
1
Attack Types
1
EntityTypeSeverityImpactSeenBlog DetailsIncident DetailsView
Kuaishou Technology: Kuaishou Cyberattack Disrupts Livestreaming, Triggers Sharp Stock DeclineCyber Attack60212/2025
KUA1766476471
Rankiteo Explanation :
Attack limited on finance or reputation

Description: **Kuaishou Cyberattack Disrupts Livestreaming, Triggers Stock Decline** On December 22, 2025, Chinese short-video platform Kuaishou Technology suffered a cyberattack targeting its livestreaming services, leading to service disruptions and exposure of users to inappropriate content. The attack, detected at approximately 10:00 p.m. local time (14:00 GMT), prompted an immediate emergency response from the company, though some functions remained partially disrupted during recovery. Kuaishou confirmed the incident in a December 23 announcement, stating that the attack temporarily interrupted livestreaming and allowed explicit or violent content to surface. Other app services remained unaffected. The company reported the breach to authorities and is pursuing legal action against the perpetrators, condemning illegal activities linked to underground cybercrime networks. The attack had an immediate financial impact, with Kuaishou’s Hong Kong-listed shares (HK:1024) plunging as much as 6% on December 23—the steepest single-day decline since October 14—closing at HK$62.70 ($8.06), its lowest level since November 21. The stock also led declines on the Hang Seng Tech Index, which fell 0.5% that day. The incident follows earlier cybersecurity concerns involving Kuaishou. In September 2025, a threat actor claimed to have leaked order data allegedly stolen from the platform, including usernames, phone numbers, and addresses, after compromising a livestream room to place fraudulent orders for virtual goods. The breach underscores the growing risks for social video and live-commerce platforms, where attacks can escalate from service disruptions to content manipulation, financial fraud, and data exposure, with lasting operational and reputational consequences.

Kuaishou Technology: Kuaishou Cyberattack Disrupts Livestreaming, Triggers Sharp Stock Decline
Cyber Attack
Severity: 60
Impact: 2
Seen: 12/2025
Blog:
KUA1766476471
Rankiteo Explanation
Attack limited on finance or reputation

Description: **Kuaishou Cyberattack Disrupts Livestreaming, Triggers Stock Decline** On December 22, 2025, Chinese short-video platform Kuaishou Technology suffered a cyberattack targeting its livestreaming services, leading to service disruptions and exposure of users to inappropriate content. The attack, detected at approximately 10:00 p.m. local time (14:00 GMT), prompted an immediate emergency response from the company, though some functions remained partially disrupted during recovery. Kuaishou confirmed the incident in a December 23 announcement, stating that the attack temporarily interrupted livestreaming and allowed explicit or violent content to surface. Other app services remained unaffected. The company reported the breach to authorities and is pursuing legal action against the perpetrators, condemning illegal activities linked to underground cybercrime networks. The attack had an immediate financial impact, with Kuaishou’s Hong Kong-listed shares (HK:1024) plunging as much as 6% on December 23—the steepest single-day decline since October 14—closing at HK$62.70 ($8.06), its lowest level since November 21. The stock also led declines on the Hang Seng Tech Index, which fell 0.5% that day. The incident follows earlier cybersecurity concerns involving Kuaishou. In September 2025, a threat actor claimed to have leaked order data allegedly stolen from the platform, including usernames, phone numbers, and addresses, after compromising a livestream room to place fraudulent orders for virtual goods. The breach underscores the growing risks for social video and live-commerce platforms, where attacks can escalate from service disruptions to content manipulation, financial fraud, and data exposure, with lasting operational and reputational consequences.

Ailogo

Kuaishou Technology Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

🔒
Incident Predictions locked
Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

🔒
A.I. Risk Score Predictions locked
Access Monitoring Plan
statics

Underwriter Stats for Kuaishou Technology

Incidents vs Software Development Industry Average (This Year)

Kuaishou Technology has 69.49% more incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

Kuaishou Technology has 28.21% more incidents than the average of all companies with at least one recorded incident.

Incident Types Kuaishou Technology vs Software Development Industry Avg (This Year)

Kuaishou Technology reported 1 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.

Incident History — Kuaishou Technology (X = Date, Y = Severity)

Kuaishou Technology cyber incidents detection timeline including parent company and subsidiaries

Kuaishou Technology Company Subsidiaries

SubsidiaryImage

Kuaishou Technology is a technology company that develops content sharing platforms and makes content production, distribution, and consumption fast and easy. Kuaishou content recommendation system is built on a deep understanding of our users and the content being shared on the platforms every day. Globally, Kuaishou is the second-largest short video platform by average Daily Active Users (DAUs), and the second-largest live streaming e-commerce platform by Gross Merchandise Volume (GMV). It also launched Kwai, a similar platform for users outside China. Founded in 2011, Kuaishou Technology is headquartered in Beijing, China with more than 20,000 employees.

similarCompanies

Kuaishou Technology Similar Companies

About KPIT KPIT is reimagining the future of mobility, forging ahead with group companies and partners to shape a world that is cleaner, smarter, and safer. With over 25 years of specialized expertise in Mobility, KPIT is accelerating the transformation towards Software and AI-Defined Vehicles thr

Security Report Compare
Atlassian
atlassian.com

Atlassian powers the collaboration that helps teams accomplish what would otherwise be impossible alone. From space missions and motor racing to bugs in code and IT requests, no task is too large or too small with the right team, the right tools, and the right practices. Over 300,000 global compa

Security Report Compare

Grab is Southeast Asia’s leading superapp, offering a suite of services consisting of deliveries, mobility, financial services, enterprise and others. Grabbers come from all over the world, and we are united by a common mission: to drive Southeast Asia forward by creating economic empowerment for ev

Security Report Compare
Baidu, Inc.
baidu.com

Baidu is a leading AI company with strong Internet foundation, driven by our mission to “make the complicated world simpler through technology”. Founded in 2000 as a search engine platform, we were an early adopter of artificial intelligence in 2010. Since then, we have established a full AI stack,

Security Report Compare

UKG is the Workforce Operating Platform that puts workforce understanding to work. With the world's largest collection of workforce insights, and people-first AI, our ability to reveal unseen ways to build trust, amplify productivity, and empower talent, is unmatched. It's this expertise that equips

Security Report Compare
bigbasket
bigbasket.com

Starting our journey in 2011, today, bigbasket - a Tata Enterprise is India’s largest online supermarket with over 13 million customers and a presence in 60+ cities & towns. With our presence spanning the entire spectrum of consumer needs, we operate through a range of business lines - bigbasket, bb

Security Report Compare
Bosch
bosch.com

The Bosch Group is a leading global supplier of technology and services. It employs roughly 417,900 associates worldwide (as of December 31, 2024). According to preliminary figures, the company generated sales of 90.5 billion euros in 2024. Its operations are divided into four business sectors: Mobi

Security Report Compare
Alibaba Group
alibabagroup.com

🌍Alibaba Group is on a mission to make it easy to do business anywhere! Guided by our passion and imagination, we’re leading the way in AI, cloud computing and e-commerce. We aim to build the future infrastructure of commerce, and we aspire to be a good company that lasts for 102 years.

Security Report Compare
Booking.com
booking.com

A career at Booking.com is all about the journey, helping you explore new challenges in a place where you can be your best self. With plenty of exciting twists, turns and opportunities along the way. We’ve always been pioneers, on a mission to shape the future of travel through cutting edge techno

Security Report Compare
newsone

Kuaishou Technology CyberSecurity News

December 23, 2025 07:06 AM
Kuaishou Cyberattack Sends Shares To One-Month Low

Chinese short-video platform Kuaishou Technology saw its shares fall sharply after the company confirmed a cyberattack that briefly...

Read Article
December 23, 2025 05:46 AM
China’s Kuaishou slumps to five-week low following livestreaming cyberattack

A surprising drop in Kuaishou Technology shares occurred after the Chinese short-video platform suffered a massive cybersecurity breach that...

Read Article
December 23, 2025 04:42 AM
Cybersecurity in Fintech: A Shield for Crypto Stability

Cybersecurity threats pose risks to cryptocurrency stability. Explore Kuaishou's cyberattack impact and best practices for fintech startups...

Read Article
December 23, 2025 04:24 AM
Kuaishou shares plunge 6% after reported cyberattack

Kuaishou Technology shares fell as much as 6% on December 23, hitting HK$62.70 (US$806.1), the lowest level in nearly five weeks,...

Read Article
December 23, 2025 04:12 AM
Kuaishou reports to police after a surge in explicit livestream content, expert points to possible impact of automated attacks

Kuaishou, one of China's popular short-video platforms, reported the issue to police after explicit content appeared in its livestream...

Read Article
December 23, 2025 03:58 AM
China's Kuaishou shares fall to near five-week low after livestreaming cyberattack

Shares of Kuaishou dropped by as much as 6% on Tuesday to HK$62.70 ($8.06), their lowest since November 21, after the Chinese short video...

Read Article
December 23, 2025 03:25 AM
China's Kuaishou falls to near five-week low on report of cyberattack

Shares of Kuaishou Technology dropped by as much as 6% on Tuesday to HK$62.70 ($8.06), their lowest since November 21, after media reported...

Read Article
December 20, 2025 06:07 AM
Assessing Kuaishou Technology’s Valuation After a 63.5% Year to Date Rally

If you are wondering whether Kuaishou Technology still offers good value after its recent run up, or if you may be late to the party,...

Read Article
December 18, 2025 11:22 PM
BlackBerry lifts lower end of annual revenue forecast on cybersecurity demand

BlackBerry on Thursday raised the lower end of its fiscal 2026 revenue forecast, signalling strong demand for its cybersecurity software as...

Read Article
faq

Frequently Asked Questions

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.

Kuaishou Technology CyberSecurity History Information

Official Website of Kuaishou Technology

The official website of Kuaishou Technology is https://www.kuaishou.com/en.

Kuaishou Technology’s AI-Generated Cybersecurity Score

According to Rankiteo, Kuaishou Technology’s AI-generated cybersecurity score is 792, reflecting their Fair security posture.

How many security badges does Kuaishou Technology’ have ?

According to Rankiteo, Kuaishou Technology currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Does Kuaishou Technology have SOC 2 Type 1 certification ?

According to Rankiteo, Kuaishou Technology is not certified under SOC 2 Type 1.

Does Kuaishou Technology have SOC 2 Type 2 certification ?

According to Rankiteo, Kuaishou Technology does not hold a SOC 2 Type 2 certification.

Does Kuaishou Technology comply with GDPR ?

According to Rankiteo, Kuaishou Technology is not listed as GDPR compliant.

Does Kuaishou Technology have PCI DSS certification ?

According to Rankiteo, Kuaishou Technology does not currently maintain PCI DSS compliance.

Does Kuaishou Technology comply with HIPAA ?

According to Rankiteo, Kuaishou Technology is not compliant with HIPAA regulations.

Does Kuaishou Technology have ISO 27001 certification ?

According to Rankiteo,Kuaishou Technology is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Industry Classification of Kuaishou Technology

Kuaishou Technology operates primarily in the Software Development industry.

Number of Employees at Kuaishou Technology

Kuaishou Technology employs approximately 5,959 people worldwide.

Subsidiaries Owned by Kuaishou Technology

Kuaishou Technology presently has no subsidiaries across any sectors.

Kuaishou Technology’s LinkedIn Followers

Kuaishou Technology’s official LinkedIn profile has approximately 141,797 followers.

NAICS Classification of Kuaishou Technology

Kuaishou Technology is classified under the NAICS code 5112, which corresponds to Software Publishers.

Kuaishou Technology’s Presence on Crunchbase

No, Kuaishou Technology does not have a profile on Crunchbase.

Kuaishou Technology’s Presence on LinkedIn

Yes, Kuaishou Technology maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/kuaishou.

Cybersecurity Incidents Involving Kuaishou Technology

As of December 23, 2025, Rankiteo reports that Kuaishou Technology has experienced 1 cybersecurity incidents.

Number of Peer and Competitor Companies

Kuaishou Technology has an estimated 27,848 peer or competitor companies worldwide.

What types of cybersecurity incidents have occurred at Kuaishou Technology ?

Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.

How does Kuaishou Technology detect and respond to cybersecurity incidents ?

Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes, and law enforcement notified with yes, and containment measures with system repairs and restoration efforts, and recovery measures with gradual resumption of livestreaming services, and communication strategy with press release issued on december 23, 2025..

Incident Details

Can you provide details on each incident ?

Incident : Cyberattack

measurementExposure impactImpact

Title: Kuaishou Cyberattack Disrupts Livestreaming Services and Exposes Users to Inappropriate Content

Description: Chinese short-video platform Kuaishou Technology confirmed a cyberattack that disrupted its livestreaming services, exposed users to inappropriate content, and led to a sharp decline in its stock price. The attack targeted the live-streaming function of the Kuaishou app, causing temporary service interruptions and exposing users to explicit and violent content.

Date Detected: 2025-12-22T22:00:00+08:00

Date Publicly Disclosed: 2025-12-23

Type: Cyberattack

Attack Vector: Live-streaming function exploitation

What are the most common types of attacks the company has faced ?

Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.

How does the company identify the attack vectors used in incidents ?

Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Live broadcast room (prior incident).

Impact of the Incidents

What was the impact of each incident ?

Incident : Cyberattack KUA1766476471

Data Compromised: Potential exposure of usernames, phone numbers, addresses, and order details

Systems Affected: Livestreaming services

Downtime: Temporary interruption with gradual recovery

Operational Impact: Disruption of livestreaming services, limited functionality during recovery

Brand Reputation Impact: Rattled investor confidence, stock price decline, reputational risks

Identity Theft Risk: Potential risk due to exposure of personally identifiable information

What types of data are most commonly compromised in incidents ?

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally identifiable information (usernames, phone numbers, addresses and order details).

Which entities were affected by each incident ?

Incident : Cyberattack KUA1766476471

Entity Name: Kuaishou Technology

Entity Type: Company

Industry: Social Media / Short-Video Platform

Location: China

Response to the Incidents

What measures were taken in response to each incident ?

Incident : Cyberattack KUA1766476471

Incident Response Plan Activated: Yes

Law Enforcement Notified: Yes

Containment Measures: System repairs and restoration efforts

Recovery Measures: Gradual resumption of livestreaming services

Communication Strategy: Press release issued on December 23, 2025

What is the company's incident response plan?

Incident Response Plan: The company's incident response plan is described as Yes.

Data Breach Information

What type of data was compromised in each breach ?

Incident : Cyberattack KUA1766476471

Type of Data Compromised: Personally identifiable information (usernames, phone numbers, addresses, order details)

Number of Records Exposed: Allegedly around 10,000 (from prior incident)

Sensitivity of Data: High

Personally Identifiable Information: Yes

How does the company handle incidents involving personally identifiable information (PII) ?

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by system repairs and restoration efforts.

Ransomware Information

How does the company recover data encrypted by ransomware ?

Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Gradual resumption of livestreaming services.

Regulatory Compliance

Were there any regulatory violations and fines imposed for each incident ?

Incident : Cyberattack KUA1766476471

Legal Actions: Pursuing legal remedies

Regulatory Notifications: Reported to relevant authorities

How does the company ensure compliance with regulatory requirements ?

Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Pursuing legal remedies.

Lessons Learned and Recommendations

What lessons were learned from each incident ?

Incident : Cyberattack KUA1766476471

Lessons Learned: The incident highlights the need for early threat detection, rapid investigation, and continuous monitoring of underground activity to mitigate operational and reputational risks.

What recommendations were made to prevent future incidents ?

Incident : Cyberattack KUA1766476471

Recommendations: Enhance security measures for live-streaming functions, improve threat intelligence capabilities, and strengthen compliance with applicable laws and regulations.

What are the key lessons learned from past incidents ?

Key Lessons Learned: The key lessons learned from past incidents are The incident highlights the need for early threat detection, rapid investigation, and continuous monitoring of underground activity to mitigate operational and reputational risks.

What recommendations has the company implemented to improve cybersecurity ?

Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Enhance security measures for live-streaming functions, improve threat intelligence capabilities and and strengthen compliance with applicable laws and regulations..

References

Where can I find more information about each incident ?

Incident : Cyberattack KUA1766476471

Source: Kuaishou Technology Press Release

Date Accessed: 2025-12-23

Incident : Cyberattack KUA1766476471

Source: Cyble Threat Intelligence

Where can stakeholders find additional resources on cybersecurity best practices ?

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Kuaishou Technology Press ReleaseDate Accessed: 2025-12-23, and Source: Cyble Threat Intelligence.

Investigation Status

What is the current status of the investigation for each incident ?

Incident : Cyberattack KUA1766476471

Investigation Status: Ongoing

How does the company communicate the status of incident investigations to stakeholders ?

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Press release issued on December 23 and 2025.

Initial Access Broker

How did the initial access broker gain entry for each incident ?

Incident : Cyberattack KUA1766476471

Entry Point: Live broadcast room (prior incident)

Additional Questions

Incident Details

What was the most recent incident detected ?

Most Recent Incident Detected: The most recent incident detected was on 2025-12-22T22:00:00+08:00.

What was the most recent incident publicly disclosed ?

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-12-23.

Impact of the Incidents

What was the most significant data compromised in an incident ?

Most Significant Data Compromised: The most significant data compromised in an incident were Potential exposure of usernames, phone numbers, addresses and and order details.

Response to the Incidents

What containment measures were taken in the most recent incident ?

Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was System repairs and restoration efforts.

Data Breach Information

What was the most sensitive data compromised in a breach ?

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Potential exposure of usernames, phone numbers, addresses and and order details.

What was the number of records exposed in the most significant breach ?

Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 10.0K.

Regulatory Compliance

What was the most significant legal action taken for a regulatory violation ?

Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Pursuing legal remedies.

Lessons Learned and Recommendations

What was the most significant lesson learned from past incidents ?

Most Significant Lesson Learned: The most significant lesson learned from past incidents was The incident highlights the need for early threat detection, rapid investigation, and continuous monitoring of underground activity to mitigate operational and reputational risks.

What was the most significant recommendation implemented to improve cybersecurity ?

Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Enhance security measures for live-streaming functions, improve threat intelligence capabilities and and strengthen compliance with applicable laws and regulations..

References

What is the most recent source of information about an incident ?

Most Recent Source: The most recent source of information about an incident are Cyble Threat Intelligence and Kuaishou Technology Press Release.

Investigation Status

What is the current status of the most recent investigation ?

Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.

Initial Access Broker

What was the most recent entry point used by an initial access broker ?

Most Recent Entry Point: The most recent entry point used by an initial access broker was an Live broadcast room (prior incident).

cve

Latest Global CVEs (Not Company-Specific)

Description

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time. This issue has been patched in version 3.26.2 and 4.1.2.

Published
Date
2025-12-22
Updated
Date
2025-12-22
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References
Description

KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The vulnerability stems from an incorrect or insufficient path validation when loading the Service Account Token specified in spec.hashiCorpVault.credential.serviceAccount. An attacker with permissions to create or modify a TriggerAuthentication resource can exfiltrate the content of any file from the node's filesystem (where the KEDA pod resides) by directing the file's content to a server under their control, as part of the Vault authentication request. The potential impact includes the exfiltration of sensitive system information, such as secrets, keys, or the content of files like /etc/passwd. This issue has been patched in versions 2.17.3 and 2.18.3.

Published
Date
2025-12-22
Updated
Date
2025-12-22
Risk Information
cvss4
Base: 8.2
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Fedify's document loader. The HTML parsing regex at packages/fedify/src/runtime/docloader.ts:259 contains nested quantifiers that cause catastrophic backtracking when processing maliciously crafted HTML responses. This issue has been patched in versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2.

Published
Date
2025-12-22
Updated
Date
2025-12-22
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
Description

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).

Published
Date
2025-12-22
Updated
Date
2025-12-22
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
References
Description

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.

Published
Date
2025-12-22
Updated
Date
2025-12-22
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References

Access Data Using Our API

SubsidiaryImage

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=kuaishou' -H 'apikey: YOUR_API_KEY_HERE'
Try It API Documentation rapidRapid

What Do We Measure ?

revertimgrevertimgrevertimgrevertimg
Incident
revertimgrevertimgrevertimgrevertimg
Finding
revertimgrevertimgrevertimgrevertimg
Grade
revertimgrevertimgrevertimgrevertimg
Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network Security

Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)

Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)

Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat Intelligence

Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Top LeftTop RightBottom LeftBottom Right
Rankiteo
By Rankiteo
View on G2.com
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
View latest reports → View all security reports →
Users Love Us Badge