CVE-2026-7107

A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made availabl...

GHSA-5GHQ-42RG-769X CI4MS: Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS

An attacker can acheive Full Account Takeover & Privilege Escalation via Stored DOM Blind XSS on public-facing landing pages through the System Settings Company Information section which allows the injection of XSS payloads...

CVE-2026-0649

A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument companylogo leads to server-side request forgery. It is possible to initiat...

CVE-2026-0649 invoiceninja Migration Import Import.php copy server-side request forgery

A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument companylogo leads to server-side request forgery. It is possible to initiat...

CVE-2026-0649 invoiceninja Migration Import Import.php copy server-side request forgery

A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument companylogo leads to server-side request forgery. It is possible to initiat...

CVE-2026-0649

Invoice Ninja up to 5.12.38 is affected by a server-side request forgery in the Migration Import component. The vulnerability is in the copy function of /app/Jobs/Util/Import.php where manipulation of the company_logo argument can be exploited remotely. Public disclosures exist; exploitation deta...

Malicious Package

Overview company-logo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-34133

Malicious code in company-logo npm...

Malicious code in company-logo (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3356f69fe3ebba321196add643af22e2daaff13de896d2ad82a6d79d9c381709 Any computer that has this package installed or running should be considered...

MAL-2025-48406 Malicious code in company-logo (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3356f69fe3ebba321196add643af22e2daaff13de896d2ad82a6d79d9c381709 Any computer that has this package installed or running should be considered...

EUVD-2018-5354

Malware in sbrugna...

CVE-2024-13428

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the deleteCompanyLogo due to missing validation on a user controlled key. This makes it possibl...

CVE-2024-13428 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Company Logo Deletion

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the deleteCompanyLogo due to missing validation on a user controlled key. This makes it possibl...

CVE-2024-2561

A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.phpsendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricte...

CVE-2024-2561 74CMS Company Logo Index.php#sendCompanyLogo unrestricted upload

A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.phpsendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricte...

74CMS 安全漏洞

74CMS is an online recruitment system based on PHP and MySQL. A file upload vulnerability exists in version 3.28.0 of 74CMS, which stems from the lack of valid validation of the uploaded file by imgBase64, a parameter of the function sendCompanyLogo in file /controller/company/Index.php. The...

Exploit for Code Injection in Craterapp Crater

Crater-CVE-2023-46865-RCE Crater =6.0.6, CVE-2023-46865 Po...

8x8: Stored XSS on Company Logo

The ContactNow application saved the location of the custom company logo without proper encoding considerations...

CVE-2018-13412

An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version...

Harvest: PM can delete the company logo image (Vertical Privilege Escalation )

Hi Team, Description : Only Admin can Delete the Company Logo image In company account on harvestapp.But the Deleting Logo HTTP request doesn't validate the Access of the user properly and a Project managerLimited access to Company Settings can Delete the Logo image of the company. Vulnerable HTT...