Comparison Overview

Wendy's of Bowling Green, Inc.

VS

China National Travel Service (HK) Group Corporation

Wendy's of Bowling Green, Inc.

2501 Crossings Blvd, Bowling Green, Kentucky, 42104, US
Last Update: 2025-03-07 (UTC)
Between 900 and 1000
http://www.wenbg.com

Excellent

Wendy's of Bowling Green (WBG) is a premier franchisee of the Wendy's family. WBG owns 133 Wendy's locations and manages another 2. WBG has restaurants located in four states (KY, TN, IN, WV & AL). WBG has been and continues to be a leader in the Hospitality Industry within the Wendy's International Organization.

NAICS: 721
NAICS Definition:
Employees: 278
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0

China National Travel Service (HK) Group Corporation

None
Last Update: 2025-03-15 (UTC)

Excellent

Between 900 and 1000
http://www.hkcts.com

The China Travel Service (Holdings) Limited is the backbone of the state-owned enterprise directly supervise by Central government. It is also the largest travel corporation in China and was established in April 1928 by Chinese banker Chen Guangfu. From generation to generation, it is now a large state-owned enterprise under the direction of the State-Owned Assets Supervision and Administration Commission of the State Council, and engages in tourism, industrial investment (iron and steel), real estate development and logistics trade. Travel business is the main business of the group. The China Travel International Investment Hong Kong Ltd. (CTII), held by the HKCTS, was the flagship of the group in tourism industry. The HKCTS is the largest travel agencies in Hong Kong. The travel service has opened 43 branches and offices in Hong Kong and Macao, and 21 overseas branches in 16 countries. Looking forward to the future, HKCTS will adhere to the scientific concept of development and make great efforts to build itself into a tourist conglomeration with international competitiveness and an โ€˜aircraft carrierโ€™ in Chinaโ€™s tourist industry, with a rational structure, advanced management expertise, a large contingent of qualified personnel, best application of high-technologies, as well as No. 1 in terms of market shares, total revenue, net profit and net assets, IT application, and comprehensive economic strength.

NAICS: 721
NAICS Definition:
Employees: 10,001+
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/wendy's-of-bowling-green-inc..jpeg
Wendy's of Bowling Green, Inc.
โ€”
ISO 27001
Not verified
โ€”
SOC 2
Not verified
โ€”
GDPR
No public badge
โ€”
PCI DSS
No public badge
https://images.rankiteo.com/companyimages/china-national-travel-service-hk-group-corporation.jpeg
China National Travel Service (HK) Group Corporation
โ€”
ISO 27001
Not verified
โ€”
SOC 2
Not verified
โ€”
GDPR
No public badge
โ€”
PCI DSS
No public badge
Compliance Summary
Wendy's of Bowling Green, Inc.
100%
Compliance Rate
0/4 Standards Verified
China National Travel Service (HK) Group Corporation
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Hospitality Industry Average (This Year)

No incidents recorded for Wendy's of Bowling Green, Inc. in 2025.

Incidents vs Hospitality Industry Average (This Year)

No incidents recorded for China National Travel Service (HK) Group Corporation in 2025.

Incident History โ€” Wendy's of Bowling Green, Inc. (X = Date, Y = Severity)

Wendy's of Bowling Green, Inc. cyber incidents detection timeline including parent company and subsidiaries

Incident History โ€” China National Travel Service (HK) Group Corporation (X = Date, Y = Severity)

China National Travel Service (HK) Group Corporation cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/wendy's-of-bowling-green-inc..jpeg
Wendy's of Bowling Green, Inc.
Incidents

No Incident

https://images.rankiteo.com/companyimages/china-national-travel-service-hk-group-corporation.jpeg
China National Travel Service (HK) Group Corporation
Incidents

No Incident

FAQ

Both Wendy's of Bowling Green, Inc. company and China National Travel Service (HK) Group Corporation company demonstrate a comparable AI risk posture, with strong governance and monitoring frameworks in place.

Historically, China National Travel Service (HK) Group Corporation company has disclosed a higher number of cyber incidents compared to Wendy's of Bowling Green, Inc. company.

In the current year, China National Travel Service (HK) Group Corporation company and Wendy's of Bowling Green, Inc. company have not reported any cyber incidents.

Neither China National Travel Service (HK) Group Corporation company nor Wendy's of Bowling Green, Inc. company has reported experiencing a ransomware attack publicly.

Neither China National Travel Service (HK) Group Corporation company nor Wendy's of Bowling Green, Inc. company has reported experiencing a data breach publicly.

Neither China National Travel Service (HK) Group Corporation company nor Wendy's of Bowling Green, Inc. company has reported experiencing targeted cyberattacks publicly.

Neither Wendy's of Bowling Green, Inc. company nor China National Travel Service (HK) Group Corporation company has reported experiencing or disclosing vulnerabilities publicly.

Neither Wendy's of Bowling Green, Inc. company nor China National Travel Service (HK) Group Corporation company has publicly disclosed detailed information about the number of their subsidiaries.

Wendy's of Bowling Green, Inc. company employs more people globally than China National Travel Service (HK) Group Corporation company, reflecting its scale as a Hospitality.

Latest Global CVEs (Not Company-Specific)

Description

Formbricks is an open source qualtrics alternative. Prior to version 4.0.1, Formbricks is missing JWT signature verification. This vulnerability stems from a token validation routine that only decodes JWTs (jwt.decode) without verifying their signatures. Both the email verification token login path and the password reset server action use the same validator, which does not check the tokenโ€™s signature, expiration, issuer, or audience. If an attacker learns the victimโ€™s actual user.id, they can craft an arbitrary JWT with an alg: "none" header and use it to authenticate and reset the victimโ€™s password. This issue has been patched in version 4.0.1.

Published
Date
2025-09-26
Updated
Date
2025-09-26
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
References
Description

Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victimโ€™s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victimโ€™s cookies. This issue has been patched in Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3.

Published
Date
2025-09-26
Updated
Date
2025-09-26
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
References
Description

A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Published
Date
2025-09-26
Updated
Date
2025-09-26
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /module/Api/aluno. This manipulation of the argument aluno_id causes improper authorization. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.

Published
Date
2025-09-26
Updated
Date
2025-09-26
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. It is advisable to upgrade the affected component. The vendor responds: "We have confirmed that the issue mentioned in the report does not exist in the latest releases".

Published
Date
2025-09-26
Updated
Date
2025-09-26
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References