Onefly A.I CyberSecurity Scoring
09/03/2026
Access Monitoring Plan
Access Monitoring Plan
No incidents recorded for Onefly in 2026.
No incidents recorded for Onefly in 2026.
No incidents recorded for Onefly in 2026.
Technology, Information and Internet
At Flipkart, we're driven by our purpose of empowering every Indian's dream by delivering value through innovation in technology and commerce. With a customer base of over 350 million, product coverage of over 150 million across 80+ categories, a focus on generating direct and indirect employment and a commitment to empowering generations of entrepreneurs and MSMEs, all driven by a sustainable growth strategy – Flipkart is maximising for customers, stakeholders, and the planet at large! At Flipkart, our promise to every Flipster is - getting an opportunity to leave a mark and create their own legacy, the freedom to experiment, learn and grow, work with the industry’s brightest minds as part of a diverse team and we will extend our culture of care to them to ensure that they can focus on doing their best work. Driven by audacity, bias for action, customer first, integrity and inclusion – Flipsters have pioneered solutions that have transformed digital commerce in India. From the industry-first introduction of cash-on-delivery in 2010 to the launch of voice search and multiple vernacular interfaces in 2021 that have made e-commerce a very inclusive experience, Flipkart continues the exciting journey of solving for the Indian customer. We understand that your own aspirations and journeys are unique. So you choose what you want to maximise, and we provide you the platform for it - because when you maximise, we maximise. Flipkart is a part of the Walmart-owned Flipkart Group, which also includes group companies Flipkart Wholesale, Flipkart Health+, Cleartrip, and Myntra. Get in touch with our experts for support with your orders here: https://www.flipkart.com/helpcentre
Meesho is India’s e-commerce marketplace, on a mission to democratise internet commerce. Our multi-sided technology platform connects four key stakeholders — consumers, sellers, logistics partners, and content creators — to power inclusive growth at scale. We enable individuals and small businesses to sell online with ease, offering access to a wide customer base, integrated logistics, payment solutions, and platform support. For customers, Meesho offers a broad and affordable selection, tailored for diverse needs across Bharat. We also empower creators to build commerce-driven content that drives discovery and engagement. Our logistics operations are powered by Valmo, Meesho’s asset-light logistics platform that works entirely through partner-led infrastructure to ensure cost-efficient and scalable deliveries.
More people find jobs on Indeed than anywhere else. Indeed is the #1 job site in the world (Comscore, Total Visits, March 2024) and allows job seekers to search millions of jobs in more than 60 countries and 28 languages. Indeed has more than 580 million Job Seeker Profiles. Every day, job seekers use Indeed to search for jobs, post resumes, research companies and more. For more information, visit indeed.com. **Indeed data (worldwide), job seeker accounts that have a unique, verified email address.
Zomato’s mission statement is “better food for more people.” Since our inception in 2010, we have grown tremendously, both in scope and scale - and emerged as India’s most trusted brand during the pandemic, along with being one of the largest hyperlocal delivery networks in the country. Today, Zomato represents a wide range of cultures through its diversified 5000+ team members, 3.5 lakh+ delivery partners, and our biggest collective of the finest restaurant partners. We are grateful that our business is able to provide upward social and economic movement for millions of households – of our delivery partners, as well as restaurant staff. We think of all of us as one big family! Our passion is driven by purpose and we take immense pride in our initiative ‘Feeding India’, one of India’s largest not-for-profits working to ensure that nobody in India goes to bed hungry. As of now, Feeding India provides over 150,000 nutritious meals to the underprivileged every day. In April 2020, Feeding India ran one of the largest food distribution drives in the world during the first wave of COVID, and distributed 78 million meals to daily wagers across the length and breadth of the country. During the second wave of COVID-19, Feeding India was again the first to act. We were able to source over 9,000 oxygen concentrators and distributed them for free to government hospitals across the country. This helped save millions of lives during one of the worst humanitarian crises faced by India in the recent times. We’re innovating hard to make last-mile delivery carbon neutral, to eliminate the use of plastic packaging, create meaningful opportunities in the gig economy, and to feed our country’s ever-growing appetite for high-quality, affordable, and hygienic food, one delivery at a time!
IndiaMART is India's largest online B2B marketplace, connecting buyers with suppliers across a wide array of industries. IndiaMART provides a platform for Small & Medium Enterprises (SMEs), large enterprises, and individual buyers, helping them access diverse portfolios of quality products. Since 1999, IndiaMART’s mission has been to make doing business easy. Today, over 21.9 Crore buyers can explore and choose from 12.4 Crore products, sourced from 86 Lakh suppliers, creating a one-stop platform for all business needs. IndiaMART offers enhanced business visibility and credibility for suppliers, with tools designed to support business growth and operational efficiency. With a dedicated workforce of over 5000 employees across India, IndiaMART continues to facilitate seamless connections and provide a trusted marketplace for businesses to thrive.
Booking Holdings is the world’s leading provider of online travel & related services, provided to consumers and local partners in more than 220 countries and territories through six primary consumer-facing brands: Booking.com, Priceline, Agoda, Rentalcars.com, KAYAK and OpenTable. Collectively, Booking Holdings operates in more than 40 languages across Europe, North America, South America, the Asia-Pacific region, the Middle East and Africa. The mission of Booking Holdings is to make it easier for everyone to experience the world.
At Lenskart, we believe that clear vision is fundamental to the personal development and well-being of an individual, and our aim is to build tech-enabled solutions that improve access to affordable and quality ‘Eyewear for All’. We commenced our operations in India as an online business in 2010 and opened our first retail store in New Delhi in 2013. Since then, we have scaled through both the online and offline channels and have established a presence through our retail stores, websites, mobile applications, and other channels.
Cimpress plc (Nasdaq: CMPR) invests in and builds customer-focused, entrepreneurial, mass-customization businesses for the long term. Mass customization is a competitive strategy which seeks to produce goods and services to meet individual customer needs with near mass production efficiency. Cimpress is a strategically-focused group of more than a dozen businesses, each operating in a largely autonomous manner other than as it relates to the select few shared strategic and corporate activities that we maintain centrally. Cimpress businesses include Drukwerkdeal, Exaprint, National Pen, Pixartprinting, Printi, Vistaprint and WIRmachenDRUCK. Founded by Robert Keane, who remains President & CEO today, the company has been passionate about empowering people to make an impression through individually meaningful, personalized physical products for more than 20 years. To learn more, visit http://www.cimpress.com.
Prosus is the power behind the world’s leading lifestyle e-commerce brands. Bringing together bold ideas and the power of AI, Prosus builds technology ecosystems where lifestyle ecommerce brands can become global success stories. These ecosystems span three core geographies – Europe, Latin America and India. In these geographies, Prosus simplifies the often-fragmented experience for consumer buyers and sellers, providing an integrated and frictionless approach that helps billions of consumers to buy, sell and transact through food, Fintech, experiences and commerce platforms
Latest updates, reports, and threat intel affecting the global network.
Travel technology and flight content company OneFly has apparently leaked thousands of sensitive customer records, including unedited...
Business-to-business travel consolidator OneFly has left thousands of sensitive passenger records exposed to the open web.
HedgeDoc is an open source, real-time collaborative markdown notes application. Prior to 1.11.0, the GitHub Gist export flow created an OAuth2 state value but only checked that it was present rather than validating it against the value expected for the user's session. Because the state was not properly validated, an attacker could forge a callback URL containing their own valid GitHub OAuth code. When processing the callback, HedgeDoc used the victim's logged-in session to select which note to export, but the attacker's authorization code to determine which GitHub account received it. As a result, a logged-in victim who clicked a crafted link could export their own private, protected, or limited note directly into a Gist controlled by the attacker. This issue has been fixed in version 1.11.0.
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, HedgeDoc was vulnerable to a YAML alias bomb due to unsafe processing of the note frontmatter. HedgeDoc parsed frontmatter with js-yaml.load (js-yaml v3) via @hedgedoc/meta-marked, which resolved YAML anchor aliases. A compact malicious payload could therefore expand into a huge object structure, consuming excessive CPU. This expansion ran on every request to the publish view (/s/<shortid>) and, when placed under the opengraph key, the editor view (/<noteId>). A ten-level alias bomb could block the single Node.js event loop for roughly 235 seconds per request, causing concurrent requests to hang or drop and rendering the instance unavailable (DoS). Because the note was stored in the database, the impact survived process restarts until the note was removed. toobusy-js did not reliably mitigate the worst cases, as the event loop was saturated before the middleware could respond. This issue was fixed in version 1.11.0.
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts. When building the extension hash (via extensions(), extensions_by_long_name(), extensions_by_oid(), or has_extension_oid()), the code passes OBJ_obj2txt()'s return value as the hash-key length; because that value is the OID's full text length rather than the bytes written to the fixed-size buffer (129 bytes), an OID whose text is longer than the 129-byte buffer causes a read past the allocation, exposing adjacent heap memory as the returned hash key. extensions_by_name() uses the static shortname path and is not affected.
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3_EXT_d2i(ext) returns NULL when an extension's DER value fails to parse. basicC, ia5string, and auth_att dereference its result without a NULL check. keyid_data also dereferences akid->keyid, which is NULL for an empty AKI SEQUENCE (DER 30 00) even when the parse succeeds. A caller invoking an affected helper on an extension from an untrusted certificate triggers a SIGSEGV that crashes the Perl process.
Cockpit CMS contains a path traversal vulnerability in the Bucket file storage API (/system/buckets/api). The api() method in modules/System/Controller/Buckets.php sanitizes the bucket name with preg_replace('/[^a-zA-Z0-9-_\\.]/','', $bucket), which permits '..' and '../' sequences. The sanitized value is interpolated into a Flysystem path as uploads://buckets/{bucket}. Flysystem's WhitespacePathNormalizer resolves 'buckets/..' to the empty string (the uploads storage root) without raising PathTraversalDetected because the '..' has a preceding component to consume. An authenticated low-privileged user can send a crafted request with a '../' bucket name to list, upload, and delete files across all buckets, including those belonging to other users or roles
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.