Strong
Plumbase is a national Plumber's merchant supplying heating, plumbing, bathrooms, renewables and boiler spares to professional trade installers.
Excellent
Builders FirstSource is the nationโs largest supplier of structural building products, value-added components and services to the professional market for new residential construction and repair and remodeling. Our focus is on providing unparalleled service to both large and small customers. Through investments in innovation and an unmatched portfolio of value-added products and manufacturing capabilities, weโre revolutionizing the homebuilding industry โ outperforming today and transforming tomorrow. Builders FirstSource and the Builders FirstSource logo are trademarks of Builders FirstSource, Inc. and/or its subsidiaries. ยฉ 2022 Builders FirstSource, Inc. All rights reserved. JOB SEEKERS: Beware of job scams and fake employment offers. It has come to our attention that fraudulent employment offers have been sent to job seekers by people who claim to be employees of Builders FirstSource (BFS). These scammers use a variety of tactics to engage with job seekers to commit identity theft, financial fraud, and other crimes. They can be very convincing, going as far as to steal the profile pictures of our actual recruiters from their LinkedIn profiles and using email addresses that contain words such as โ@BuildersFirstSourceโ or '@BFS.' The scammers will typically ask you to send money at some point (for equipment, training, or a uniform, etc.). A LEGITIMATE BFS RECRUITER OR HIRING MANAGER WILL NEVER ASK YOU TO SEND US MONEY. Also, you will never receive a job offer from us if we have not verbally interviewed you. If you ever receive an unsolicited or suspicious communication that demands any form of payment in connection with employment at BFS, you should consider it to be fraudulent and cease all contact with the sender. You can report US job scams to the FTC (www.ReportFraud.ftc.gov), your state attorney general, or econsumer.gov for international scams. You can also report any fraudulent activity to LinkedIn.
Security & Compliance Standards Overview
No incidents recorded for Plumbase in 2025.
No incidents recorded for Builders FirstSource in 2025.
Plumbase cyber incidents detection timeline including parent company and subsidiaries
Builders FirstSource cyber incidents detection timeline including parent company and subsidiaries
Last 3 Security & Risk Events by Company
Formbricks is an open source qualtrics alternative. Prior to version 4.0.1, Formbricks is missing JWT signature verification. This vulnerability stems from a token validation routine that only decodes JWTs (jwt.decode) without verifying their signatures. Both the email verification token login path and the password reset server action use the same validator, which does not check the tokenโs signature, expiration, issuer, or audience. If an attacker learns the victimโs actual user.id, they can craft an arbitrary JWT with an alg: "none" header and use it to authenticate and reset the victimโs password. This issue has been patched in version 4.0.1.
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victimโs browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victimโs cookies. This issue has been patched in Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3.
A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /module/Api/aluno. This manipulation of the argument aluno_id causes improper authorization. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. It is advisable to upgrade the affected component. The vendor responds: "We have confirmed that the issue mentioned in the report does not exist in the latest releases".
