Excellent
Go to website for current description of our scope of work.
Strong
As the leader in circular services at work, Elis ensures its clients achieve optimal hygiene, well-being and protection – everywhere, every day, in a sustainable way. We employ 54,000 people locally in 30 countries. We work for public and private organizations of all sizes, in all sectors of activity offering solutions for flat linen, workwear, facility, beverage, pest control, mats, wipers, cleanroom and medical waste. Our circular services help clients stay focused on their core business and allow them to reduce their environmental footprint. Our circular services inspire our commitment: they create a bond between us, our clients and our planet and they unite our people around the world. Elis is listed on Euronext Paris. --- Leader des services circulaires au travail, Elis veille à ce que ses clients bénéficient d'une hygiène, d'un bien-être et d'une protection optimale – partout dans le monde, tous les jours et de manière durable. Nous employons localement 54 000 collaborateurs dans 29 pays. Nous travaillons pour des organismes publics et privés de toutes tailles, dans tous les secteurs d’activité en leur offrant des solutions en vêtement de travail, linge plat, sanitaires, boisson, prévention nuisibles, tapis, essuyage industriel, salles propres et DASRI. Nos services circulaires aident nos clients à concentrer leurs efforts sur leur cœur de métier et leur permettent de réduire leur empreinte environnementale. Nos services circulaires inspirent notre engagement : ils créent un lien entre nous, nos clients et notre planète et unissent nos collaborateurs dans le monde entier. Elis est côté sur Euronext Paris et fait partie du SBF 120.
Security & Compliance Standards Overview
No incidents recorded for Hayman Consulting Group in 2025.
No incidents recorded for ELIS in 2025.
Hayman Consulting Group cyber incidents detection timeline including parent company and subsidiaries
ELIS cyber incidents detection timeline including parent company and subsidiaries
Last 3 Security & Risk Events by Company
Formbricks is an open source qualtrics alternative. Prior to version 4.0.1, Formbricks is missing JWT signature verification. This vulnerability stems from a token validation routine that only decodes JWTs (jwt.decode) without verifying their signatures. Both the email verification token login path and the password reset server action use the same validator, which does not check the token’s signature, expiration, issuer, or audience. If an attacker learns the victim’s actual user.id, they can craft an arbitrary JWT with an alg: "none" header and use it to authenticate and reset the victim’s password. This issue has been patched in version 4.0.1.
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victim’s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victim’s cookies. This issue has been patched in Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3.
A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /module/Api/aluno. This manipulation of the argument aluno_id causes improper authorization. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. It is advisable to upgrade the affected component. The vendor responds: "We have confirmed that the issue mentioned in the report does not exist in the latest releases".
