Comparison Overview
OCBC

OCBC
65 Chulia St, Singapore, Singapore, SG, 049513
Last Update: 02/04/2026
OCBC is the longest established Singapore bank, formed in 1932 from the merger of three local banks, the oldest of which was founded in 1912. It is now the second largest financial services group in Southeast Asia by assets and one of the world’s most highly-rated banks...

alinma
King Fahad Road - Alanoud Northern Tower, PO Box 66674, Riyadh, SA, 11586
Last Update: 02/04/2026
Alinma Bank is a Saudi joint stock company formed in accordance with Royal Decree No. M/15 dated 28/2/1427H (28/3/2006) and Ministerial Resolution No. 42 dated 27/2/1427H (27/3/2006). The share capital of Alinma Bank is SAR 20 billion consisting of 1.5 billion shares wi...
Compliance Ranges Comparison

OCBC







alinma






Benchmark & Cyber Underwriting Signals
Incidents vs Banking Industry Avg (This Year)
No incidents recorded for OCBC in 2026.
Incidents vs Banking Industry Avg (This Year)
No incidents recorded for alinma in 2026.
Incident History - OCBC (X = Date, Y = Severity)
OCBC cyber incidents detection timeline including parent company and subsidiaries.
Incident History - alinma (X = Date, Y = Severity)
alinma cyber incidents detection timeline including parent company and subsidiaries.
Notable Incidents

OCBC

alinma
FAQ
Latest Global CVEs
Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fides_description override. This issue has been patched in version 2.84.5.
WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by supplying an arbitrary caller-controlled contact_id in the POST request body without tenant ownership verification. Attackers can exploit the service-role client that bypasses row-level security to modify victim contact fields including name, email, and company across tenant boundaries using only a known contact UUID.
Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.
When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.
Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3.