Vulnerabilities in elabftw
16 resultsCVE-2022-31007MEDIUMPrivilege escalation from administrator in eLabFTWEPSS 26.1%CVE-2021-41171MEDIUMBypass bruteforce protection on login form in elabftwEPSS 1.9%CVE-2021-43834CRITICALIncorrect Authentication in elabftwEPSS 1.0%CVE-2021-32698MEDIUMBlind Server-Side Request Forgery (SSRF) in eLabFTWEPSS 0.9%CVE-2021-43833HIGHAccount takeover in eLabFTWEPSS 0.8%CVE-2025-25206HIGHIncorrect input validation could allow an authenticated user to read sensitive informationEPSS 0.4%CVE-2022-31178MEDIUMImproper Authorization in eLabFTWEPSS 0.4%CVE-2024-45408HIGHeLabFTW contains a direct and indirect information disclosureEPSS 0.4%CVE-2024-25632HIGHUnauthorised granting of administrator privileges over arbitrary teams under certain circumstancesEPSS 0.4%CVE-2024-28100HIGHStored Cross-site Scripting leading to arbitrary actions taken on behalf of users in elabftwEPSS 0.3%CVE-2024-47826LOWeLabFTW vulnerable to HTML Injection in extended search error messageEPSS 0.3%CVE-2026-28510MEDIUMelabftw allows MFA bypass during loginEPSS 0.3%CVE-2024-25633MEDIUMIn eLabFTW, if administrators can create users, users can tooEPSS 0.2%CVE-2025-62793MEDIUMeLabFTW HTML / CSS Injection via Malicious SVG Upload Leads to Credential Theft / ClickjackingEPSS 0.2%CVE-2024-52586MEDIUMeLabFTW MFA bypassEPSS 0.2%CVE-2026-28511MEDIUMelabftw has entry title leakage through autocompletion searchEPSS 0.2%