1694 matches found
CVE-2025-67282
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profi...
CVE-2025-67282
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profi...
CVE-2023-31698
Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting XSS via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content users cannot create their own accounts through self-registration...
CVE-2023-40932
A Cross-site scripting XSS vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means t...
CVE-2022-31854
Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel...
CVE-2020-7589
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions. The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from affected devices. The security vulnerability could be exploited by an unauthenticated...
CVE-2020-7593
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants V1.81.01 - V1.81.03, LOGO! 8 BM incl. SIPLUS variants V1.82.01, LOGO! 8 BM incl. SIPLUS variants V1.82.02. A buffer overflow vulnerability exists in the Web Server functionality of the device. A remote unauthenticated attacke...
CVE-2020-12131
The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter shown next to the UI logo...
CVE-2024-39922
A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA1 All versions, LOGO! 12/24RCEo 6ED1052-2MD08-0BA1 All versions, LOGO! 230RCE 6ED1052-1FB08-0BA1 All versions, LOGO! 230RCEo 6ED1052-2FB08-0BA1 All versions, LOGO! 24CE 6ED1052-1CC08-0BA1 All versions, LOGO! 24CEo...
CVE-2025-40817
A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA2 All versions, LOGO! 12/24RCEo 6ED1052-2MD08-0BA2 All versions, LOGO! 230RCE 6ED1052-1FB08-0BA2 All versions, LOGO! 230RCEo 6ED1052-2FB08-0BA2 All versions, LOGO! 24CE 6ED1052-1CC08-0BA2 All versions, LOGO! 24CEo...
CVE-2025-40816
A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA2 All versions, LOGO! 12/24RCEo 6ED1052-2MD08-0BA2 All versions, LOGO! 230RCE 6ED1052-1FB08-0BA2 All versions, LOGO! 230RCEo 6ED1052-2FB08-0BA2 All versions, LOGO! 24CE 6ED1052-1CC08-0BA2 All versions, LOGO! 24CEo...
CVE-2025-67282
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profi...
PT-2026-1878
Name of the Vulnerable Software and Affected Versions TIM BPM Suite/TIM FLOW versions through 9.1.2 Description The software contains multiple authorization bypass issues. A user with low privileges can download password hashes belonging to other users, access work items owned by other users,...
CVE-2025-67282
TIM BPM Suite/TIM FLOW (through version 9.1.2) contains multiple Authorization Bypass vulnerabilities that permit a low-privilege user to: download other users’ password hashes, access other users’ work items, modify restricted workflow content, alter the application logo, and manipulate other us...
CVE-2025-67282
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profi...
CVE-2026-0649
A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument companylogo leads to server-side request forgery. It is possible to initiat...
CVE-2026-0649 invoiceninja Migration Import Import.php copy server-side request forgery
A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument companylogo leads to server-side request forgery. It is possible to initiat...
CVE-2026-0649 invoiceninja Migration Import Import.php copy server-side request forgery
A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument companylogo leads to server-side request forgery. It is possible to initiat...
CVE-2026-0649
Invoice Ninja up to 5.12.38 is affected by a server-side request forgery in the Migration Import component. The vulnerability is in the copy function of /app/Jobs/Util/Import.php where manipulation of the company_logo argument can be exploited remotely. Public disclosures exist; exploitation deta...
CVE-2025-13153
The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...