Strong
Leekes has grown from a single store in 1897 into a dynamic family owned chain of home department stores selling furniture and accessories plus conservatories, orangeries, windows, doors, kitchens and bathrooms across South Wales, the South West and the Midlands. https://linktr.ee/leekesltd
Strong
As a leader in the healthcare market, Clicks Group is committed to increasing access to affordable primary healthcare for all South Africans through its Clicks Retail pharmacy, pharmaceutical wholesale and distribution businesses. Founded nearly 55 years ago in 1968, Clicks Group is the country’s leading health, beauty and wellness retailer and the largest retail pharmacy chain, with an expanding network of over 850 stores and 670 pharmacies supported by a growing omni channel presence. UPD is the country’s leading full-range pharmaceutical wholesaler and distributer, providing the distribution capability for the group’s healthcare strategy. Listed on the JSE since 1996, Clicks Group’s sustained financial performance and growth in shareholder value has seen the group included in the FTSE/JSE Top 40 Index for the past six years. We care about and contribute to the wellbeing of people, the environment and communities. We are passionate about leading innovation within the unique attributes of our Group. Our focus on a clear vision and growth strategy provides our people with unlimited opportunities. Our Group’s talent strategy is to employ customer-centric people with a confident, ‘can do’ attitude, who are committed and professional. This strategy is underpinned by our employees and our Group values: ‣ We are truly passionate about our customers. ‣ We believe in integrity, honesty and openness. ‣ We cultivate understanding through respect and dialogue. ‣ We are disciplined in our approach. ‣ We deliver on our goals.
Security & Compliance Standards Overview
No incidents recorded for Leekes in 2025.
No incidents recorded for Clicks Group in 2025.
Leekes cyber incidents detection timeline including parent company and subsidiaries
Clicks Group cyber incidents detection timeline including parent company and subsidiaries
Last 3 Security & Risk Events by Company
Formbricks is an open source qualtrics alternative. Prior to version 4.0.1, Formbricks is missing JWT signature verification. This vulnerability stems from a token validation routine that only decodes JWTs (jwt.decode) without verifying their signatures. Both the email verification token login path and the password reset server action use the same validator, which does not check the token’s signature, expiration, issuer, or audience. If an attacker learns the victim’s actual user.id, they can craft an arbitrary JWT with an alg: "none" header and use it to authenticate and reset the victim’s password. This issue has been patched in version 4.0.1.
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victim’s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victim’s cookies. This issue has been patched in Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3.
A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /module/Api/aluno. This manipulation of the argument aluno_id causes improper authorization. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. It is advisable to upgrade the affected component. The vendor responds: "We have confirmed that the issue mentioned in the report does not exist in the latest releases".
