Nothing
Company Details
Linkedin ID:
nothingtech
Website:
Employees number:
28,896
Number of followers:
242,125
NAICS:
513
Industry Type:
Homepage:
nothing.tech
IP Addresses:
0
Company ID:
NOT_9686623
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Nothing Vendor Cyber Rating & Cyber Score
nothing.techNothing exists to make tech feel exciting again. We’re building a different kind of company, one that puts design, emotion, and human creativity at the heart of everything we do. From the way our products look to how they sound, feel, and function, we care about the details that make technology not just useful, but inspiring. This is a place for the curious. The creators. The ones who ask why not and mean it. If you're drawn to bold ideas, fast moves, and work that actually makes you feel something, you’ll fit right in. We're not here to follow the rules. We're here to make better ones. Founded in London in 2020, Nothing is a design-led tech company building an alternative to the industry giants. Our products, from award-winning smartphones to expressive audio and wearables, blend iconic design with intuitive engineering to put people and creativity back at the centre of consumer tech. Backed by GV (Google Ventures), EQT Ventures, C Ventures, and influential investors like Tony Fadell (iPod), Casey Neistat, and Kevin Lin (Twitch), we’ve grown from startup to global challenger in just a few years.
Nothing A.I CyberSecurity Scoring
Nothing Risk Score (AI oriented)Between 750 and 799
Nothing
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Nothing Global Score (TPRM)XXXX
Nothing
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Nothing Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
MediaTekNothing, Kraken Wallet, MediaTek, Tangem and Base: Vulnerability in MediaTek Chips Could Impact 25% Android Smartphones
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Critical Android Vulnerability Exposes Encryption Keys and Crypto Wallet Data Security researchers at Ledger’s Donjon team have uncovered a severe vulnerability in certain Android smartphones, potentially affecting up to 25% of devices worldwide. The flaw, tied to specific MediaTek chipsets using Trustonic’s Trusted Execution Environment (TEE), allows attackers with brief physical access to extract sensitive data including encryption keys and cryptocurrency wallet seed phrases in under a minute. The issue stems from a weakness in the device’s boot chain, a security mechanism that validates system components during startup. Normally, this process protects encryption keys until the OS fully loads. However, researchers demonstrated that by connecting a vulnerable phone to a computer via USB, attackers could bypass security protections before the OS completes booting. In a proof-of-concept test using a Nothing CMF Phone 1, the Donjon team recovered the device’s PIN, decrypted storage, and extracted seed phrases from six crypto wallets Trust Wallet, Base, Kraken Wallet, Rabby, Tangem, and Phantom within 45 seconds. The vulnerability, tracked as CVE-2026-20435 in MediaTek’s security bulletin, affects devices relying on certain MediaTek processors, which are prevalent in budget and midrange Android phones. MediaTek has issued a firmware fix to manufacturers, but users must install pending updates to mitigate the risk. Until then, affected devices remain exposed to offline decryption attacks once root cryptographic keys are extracted. Ledger’s CTO, Charles Guillemet, noted that smartphones were not designed as secure storage for digital assets, emphasizing that their security depends on the integrity of hardware, firmware, and software. The discovery underscores the risks of storing sensitive data on mobile devices without additional safeguards.
Nothing Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Nothing
Incidents vs Technology, Information and Internet Industry Average (This Year)
Nothing has 39.02% fewer incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Nothing has 13.79% fewer incidents than the average of all companies with at least one recorded incident.
Incident Types Nothing vs Technology, Information and Internet Industry Avg (This Year)
Nothing reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 1 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Nothing (X = Date, Y = Severity)
Nothing cyber incidents detection timeline including parent company and subsidiaries
Nothing Company Subsidiaries
Nothing exists to make tech feel exciting again. We’re building a different kind of company, one that puts design, emotion, and human creativity at the heart of everything we do. From the way our products look to how they sound, feel, and function, we care about the details that make technology not just useful, but inspiring. This is a place for the curious. The creators. The ones who ask why not and mean it. If you're drawn to bold ideas, fast moves, and work that actually makes you feel something, you’ll fit right in. We're not here to follow the rules. We're here to make better ones. Founded in London in 2020, Nothing is a design-led tech company building an alternative to the industry giants. Our products, from award-winning smartphones to expressive audio and wearables, blend iconic design with intuitive engineering to put people and creativity back at the centre of consumer tech. Backed by GV (Google Ventures), EQT Ventures, C Ventures, and influential investors like Tony Fadell (iPod), Casey Neistat, and Kevin Lin (Twitch), we’ve grown from startup to global challenger in just a few years.
Loading...
Nothing Similar Companies
Avnet
Avnet is a global electronic components distributor with extensive design, product, marketing and supply chain expertise for customers and suppliers at every stage of the product lifecycle. For the past 100 years, Avnet has helped its customers and suppliers around the world realize the transformati
Jumia (NYSE :JMIA) is a leading e-commerce platform in Africa. It is built around a marketplace, Jumia Logistics, and JumiaPay. The marketplace helps millions of consumers and sellers to connect and transact. Jumia Logistics enables the delivery of millions of packages through our network of local p
eBay
At eBay, we create pathways to connect millions of sellers and buyers in more than 190 markets around the world. Our technology empowers our customers, providing everyone the opportunity to grow and thrive — no matter who they are or where they are in the world. And the ripple effect of our work cre
YouTube is a team-oriented, creative workplace where every single employee has a voice in the choices we make and the features we implement. We work together in small teams to design, develop, and roll out key features and products in very short time frames. Which means something you write today cou
Mynet
Türk internet kullanıcılarının en çok tercih ettiği dijital platform olan Mynet, 1999 yılından bugüne liderliğini koruyor. Kendi alanında sayısız ilki gerçekleştiren öncü internet devi Mynet, Türkiye'nin dijital ekosisteminin kalkınmasına ve gelişmesine destek olmayı sürdürüyor. Her ay ortalama 4
Fanatics
Fanatics is a leading global digital sports platform. We ignite the passions of global sports fans and maximize the presence and reach for our hundreds of sports partners globally by offering products and services across Fanatics Commerce, Fanatics Collectibles, and Fanatics Betting & Gaming, allowi
OYO is a global platform that aims to empower entrepreneurs and small businesses with hotels and homes by providing full-stack technology products and services that aims to increase revenue and ease operations; bringing easy-to-book, affordable, and trusted accommodation to customers around the worl
Peraton
At Peraton, we're at the forefront of delivering the next big thing every day. We're the partner of choice to help solve some of the world's most daunting challenges, delivering bold, new solutions to keep people around the world safer and more secure. How do we do it? By thinking differently. We'r
IndiaMART is India's largest online B2B marketplace, connecting buyers with suppliers across a wide array of industries. IndiaMART provides a platform for Small & Medium Enterprises (SMEs), large enterprises, and individual buyers, helping them access diverse portfolios of quality products. Since 1
.png)
Nothing CyberSecurity News
April 01, 2026 03:48 PM
Business Masterclass: Cybersecurity with David Broadbent – 23 April 2026
X-Forces Enterprise is delighted to extend the training services it offers, within the military community, to a new Masterclass programme...
March 30, 2026 07:38 PM
Murthy v. Missouri Settlement Does Nothing To Combat Illegal Jawboning
The social media lawsuit Murthy v. Missouri, originally filed as Missouri v. Biden, has finally come to an end.
March 30, 2026 01:36 AM
XRP Price Holds as AI Cybersecurity Fears Rise and Pepeto Presale Tops $8M
Pepe exploded from nothing to $11 billion. The people who acted early made the biggest returns of their lives. The correction is creating...
March 29, 2026 12:30 AM
Dealing with silent robocalls? This is why scam callers keep quiet
Answering a silent scam call can mark your number as a high-value target. Here's how to deal with them.
March 24, 2026 07:00 AM
Armor Unveils Dash for unfiltered view of Cybersecurity and AI risk
Armor announced Armor Dash, an executive dashboard that gives boards and the C-suite a continuous, unfiltered view of cybersecurity.
March 20, 2026 07:00 AM
Consumers continue to be victims of cyber crimes; Many individuals do nothing to prevent it
The findings from the cybersecurity nonprofit revealed that 44% of those surveyed were victims of cybercrime in 2025.
March 20, 2026 07:00 AM
Stryker hack impact deepens as Cork facilities struggle to restore systems
Global disruption continues as staff face wiped systems, halted production and slow recovery following major cybersecurity breach.
March 19, 2026 07:00 AM
Intoxalock outage leaves Mass. drivers stranded
Some drivers in Massachusetts are unable to start their cars due to a cybersecurity issue affecting a company that provides in-vehicle...
February 28, 2026 05:47 PM
20VC x SaaStr This Week: Anthropic Wiped $20B Off Cybersecurity, 100K Deca-Millionaires Are Coming, and Why Every B2B Product Feels Dated Now
With Harry Stebbings, Jason Lemkin, and Rory O'Driscoll. Anthropic wiped $20 billion off cybersecurity stocks with a single product release.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Nothing CyberSecurity History Information
Official Website of Nothing
The official website of Nothing is http://nothing.tech.
Nothing’s AI-Generated Cybersecurity Score
According to Rankiteo, Nothing’s AI-generated cybersecurity score is 784, reflecting their Fair security posture.
How many security badges does Nothing’ have ?
According to Rankiteo, Nothing currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Nothing been affected by any supply chain cyber incidents ?
According to Rankiteo, Nothing has been affected by a supply chain cyber incident involving MediaTek, with the incident ID TANKRANOTMEDCOI1773311566.
Does Nothing have SOC 2 Type 1 certification ?
According to Rankiteo, Nothing is not certified under SOC 2 Type 1.
Does Nothing have SOC 2 Type 2 certification ?
According to Rankiteo, Nothing does not hold a SOC 2 Type 2 certification.
Does Nothing comply with GDPR ?
According to Rankiteo, Nothing is not listed as GDPR compliant.
Does Nothing have PCI DSS certification ?
According to Rankiteo, Nothing does not currently maintain PCI DSS compliance.
Does Nothing comply with HIPAA ?
According to Rankiteo, Nothing is not compliant with HIPAA regulations.
Does Nothing have ISO 27001 certification ?
According to Rankiteo,Nothing is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Nothing
Nothing operates primarily in the Technology, Information and Internet industry.
Number of Employees at Nothing
Nothing employs approximately 28,896 people worldwide.
Subsidiaries Owned by Nothing
Nothing presently has no subsidiaries across any sectors.
Nothing’s LinkedIn Followers
Nothing’s official LinkedIn profile has approximately 242,125 followers.
NAICS Classification of Nothing
Nothing is classified under the NAICS code 513, which corresponds to Others.
Nothing’s Presence on Crunchbase
Yes, Nothing has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/nothing-4537.
Nothing’s Presence on LinkedIn
Yes, Nothing maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/nothingtech.
Cybersecurity Incidents Involving Nothing
As of April 03, 2026, Rankiteo reports that Nothing has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Nothing has an estimated 14,204 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Nothing ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
How does Nothing detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with ledger’s donjon team (security researchers), and containment measures with mediatek issued a firmware fix to manufacturers, and remediation measures with users must install pending updates to mitigate the risk..
Incident Details
Can you provide details on each incident ?
Title: Critical Android Vulnerability Exposes Encryption Keys and Crypto Wallet Data
Description: Security researchers at Ledger’s Donjon team uncovered a severe vulnerability in certain Android smartphones with specific MediaTek chipsets using Trustonic’s Trusted Execution Environment (TEE). The flaw allows attackers with brief physical access to extract sensitive data, including encryption keys and cryptocurrency wallet seed phrases, in under a minute by bypassing security protections during the boot process.
Type: Vulnerability Exploitation
Attack Vector: Physical Access
Vulnerability Exploited: CVE-2026-20435 (MediaTek chipset boot chain weakness)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
Impact of the Incidents
What was the impact of each incident ?
Incident : Vulnerability Exploitation TANKRANOTMEDCOI1773311566
Data Compromised: Encryption keys, cryptocurrency wallet seed phrases
Systems Affected: Android smartphones with specific MediaTek chipsets
Brand Reputation Impact: Potential reputational damage to affected manufacturers and crypto wallet providers
Identity Theft Risk: High (due to exposure of encryption keys and seed phrases)
Payment Information Risk: High (cryptocurrency wallet data)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Encryption keys and cryptocurrency wallet seed phrases.
Which entities were affected by each incident ?
Incident : Vulnerability Exploitation TANKRANOTMEDCOI1773311566
Entity Name: MediaTek
Entity Type: Semiconductor Manufacturer
Industry: Technology/Hardware
Customers Affected: Up to 25% of Android devices worldwide
Incident : Vulnerability Exploitation TANKRANOTMEDCOI1773311566
Entity Name: Trustonic
Entity Type: Security Software Provider
Industry: Cybersecurity
Incident : Vulnerability Exploitation TANKRANOTMEDCOI1773311566
Entity Name: Nothing CMF Phone 1
Entity Type: Smartphone Manufacturer
Industry: Consumer Electronics
Incident : Vulnerability Exploitation TANKRANOTMEDCOI1773311566
Entity Name: Trust Wallet
Entity Type: Cryptocurrency Wallet Provider
Industry: FinTech
Incident : Vulnerability Exploitation TANKRANOTMEDCOI1773311566
Entity Name: Base
Entity Type: Cryptocurrency Wallet Provider
Industry: FinTech
Incident : Vulnerability Exploitation TANKRANOTMEDCOI1773311566
Entity Name: Kraken Wallet
Entity Type: Cryptocurrency Wallet Provider
Industry: FinTech
Incident : Vulnerability Exploitation TANKRANOTMEDCOI1773311566
Entity Name: Rabby
Entity Type: Cryptocurrency Wallet Provider
Industry: FinTech
Incident : Vulnerability Exploitation TANKRANOTMEDCOI1773311566
Entity Name: Tangem
Entity Type: Cryptocurrency Wallet Provider
Industry: FinTech
Incident : Vulnerability Exploitation TANKRANOTMEDCOI1773311566
Entity Name: Phantom
Entity Type: Cryptocurrency Wallet Provider
Industry: FinTech
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Vulnerability Exploitation TANKRANOTMEDCOI1773311566
Third Party Assistance: Ledger’s Donjon team (security researchers)
Containment Measures: MediaTek issued a firmware fix to manufacturers
Remediation Measures: Users must install pending updates to mitigate the risk
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Ledger’s Donjon team (security researchers).
Data Breach Information
What type of data was compromised in each breach ?
Incident : Vulnerability Exploitation TANKRANOTMEDCOI1773311566
Type of Data Compromised: Encryption keys, cryptocurrency wallet seed phrases
Sensitivity of Data: High (cryptographic keys, financial data)
Data Exfiltration: Possible (attackers can extract data)
Data Encryption: Weakened (due to vulnerability in boot chain)
Personally Identifiable Information: Cryptocurrency wallet seed phrases (indirect PII risk)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Users must install pending updates to mitigate the risk.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by mediatek issued a firmware fix to manufacturers.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Vulnerability Exploitation TANKRANOTMEDCOI1773311566
Lessons Learned: Smartphones may not be secure enough for storing sensitive digital assets like cryptocurrency wallet seed phrases. Security depends on the integrity of hardware, firmware, and software.
What recommendations were made to prevent future incidents ?
Incident : Vulnerability Exploitation TANKRANOTMEDCOI1773311566
Recommendations: Users should install firmware updates promptly, avoid storing sensitive data on mobile devices without additional safeguards, and consider using dedicated hardware wallets for cryptocurrency storage.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Smartphones may not be secure enough for storing sensitive digital assets like cryptocurrency wallet seed phrases. Security depends on the integrity of hardware, firmware, and software.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Users should install firmware updates promptly, avoid storing sensitive data on mobile devices without additional safeguards and and consider using dedicated hardware wallets for cryptocurrency storage..
References
Where can I find more information about each incident ?
Incident : Vulnerability Exploitation TANKRANOTMEDCOI1773311566
Source: Ledger’s Donjon team
Incident : Vulnerability Exploitation TANKRANOTMEDCOI1773311566
Source: MediaTek Security Bulletin
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Ledger’s Donjon team, and Source: MediaTek Security Bulletin.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Vulnerability Exploitation TANKRANOTMEDCOI1773311566
Investigation Status: Vulnerability disclosed, patch available
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Vulnerability Exploitation TANKRANOTMEDCOI1773311566
Customer Advisories: Users of affected Android devices should install pending updates to mitigate the risk.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Users of affected Android devices should install pending updates to mitigate the risk..
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability Exploitation TANKRANOTMEDCOI1773311566
Root Causes: Weakness in the device’s boot chain security mechanism, allowing bypass of security protections before the OS fully loads.
Corrective Actions: MediaTek issued a firmware fix; users must install updates.
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Ledger’s Donjon team (security researchers).
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: MediaTek issued a firmware fix; users must install updates..
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Encryption keys and cryptocurrency wallet seed phrases.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Ledger’s Donjon team (security researchers).
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was MediaTek issued a firmware fix to manufacturers.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Encryption keys and cryptocurrency wallet seed phrases.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Smartphones may not be secure enough for storing sensitive digital assets like cryptocurrency wallet seed phrases. Security depends on the integrity of hardware, firmware, and software.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Users should install firmware updates promptly, avoid storing sensitive data on mobile devices without additional safeguards and and consider using dedicated hardware wallets for cryptocurrency storage..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Ledger’s Donjon team and MediaTek Security Bulletin.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Vulnerability disclosed, patch available.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Users of affected Android devices should install pending updates to mitigate the risk.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=nothingtech' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
