VYPR
Vendor

Elabftw

Products
1
CVEs
18
Across products
18
Status
Private

Products

1

Recent CVEs

18
  • CVE-2025-62793MedOct 27, 2025
    risk 0.44cvss 6.8epss 0.00

    eLabFTW is an open source electronic lab notebook for research labs. The application served uploaded SVG files inline. Because SVG supports active content, an attacker could upload a crafted SVG that executes script when viewed, resulting in stored XSS under the application…

  • CVE-2017-1000478MedJan 3, 2018
    risk 0.35cvss 5.4epss 0.01

    ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service.

  • CVE-2026-28510MedMay 5, 2026
    risk 0.31cvss 5.9epss 0.00

    eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete…

  • CVE-2026-28511MedJun 1, 2026
    risk 0.21cvss 4.3epss 0.00

    eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the requesting user is not authorized to view. The exposed information is limited…

  • CVE-2019-12185May 19, 2019
    risk 0.05cvss epss 0.18

    eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be…

  • CVE-2022-31007May 31, 2022
    risk 0.01cvss epss 0.26

    eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system administrator privileges within the application, or create a new system…

  • CVE-2025-25206Feb 14, 2025
    risk 0.00cvss epss 0.00

    eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. This could lead to…

  • CVE-2024-52586Dec 9, 2024
    risk 0.00cvss epss 0.00

    eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker who can authenticate…

  • CVE-2024-47826Oct 14, 2024
    risk 0.00cvss epss 0.00

    eLabFTW is an open source electronic lab notebook for research labs. A vulnerability in versions prior to 5.1.5 allows an attacker to inject arbitrary HTML tags in the pages: "experiments.php" (show mode), "database.php" (show mode) or "search.php". It works by providing HTML…

  • CVE-2024-45408Oct 1, 2024
    risk 0.00cvss epss 0.00

    eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed (something disabled by default),…

  • CVE-2024-25632Oct 1, 2024
    risk 0.00cvss epss 0.00

    eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in…

  • CVE-2024-28100Sep 2, 2024
    risk 0.00cvss epss 0.00

    eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the…

  • CVE-2024-25633Aug 15, 2024
    risk 0.00cvss epss 0.00

    eLabFTW is an open source electronic lab notebook for research labs. In an eLabFTW system, one can configure who is allowed to create new user accounts. A vulnerability has been found starting in version 4.4.0 and prior to version 5.0.0 that allows regular users to create new,…

  • CVE-2022-31178Aug 1, 2022
    risk 0.00cvss epss 0.00

    eLabFTW is an electronic lab notebook manager for research teams. A vulnerability was discovered which allows a logged in user to read a template without being authorized to do so. This vulnerability has been patched in 4.3.4. Users are advised to upgrade. There are no known…

  • CVE-2021-43834Dec 15, 2021
    risk 0.00cvss epss 0.01

    eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It…

  • CVE-2021-43833Dec 15, 2021
    risk 0.00cvss epss 0.01

    eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows any authenticated user to gain access to arbitrary accounts by setting a specially crafted email address. This vulnerability impacts all instances…

  • CVE-2021-41171Oct 22, 2021
    risk 0.00cvss epss 0.02

    eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been…

  • CVE-2021-32698Jun 21, 2021
    risk 0.00cvss epss 0.01

    eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0.