CVE-2026-28511 elabftw has entry title leakage through autocompletion search

eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the requesting user is not authorized to view. The exposed information is limited only the title...

CVE-2026-28510

eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...

EUVD-2026-27311

eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...

PT-2026-37035

Name of the Vulnerable Software and Affected Versions eLabFTW versions prior to 5.4.2 Description The login flow in this open source electronic lab notebook does not reliably preserve the multi-factor authentication state across authentication steps. An attacker possessing valid primary credentia...

CVE-2025-50001

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through = 5.4.2...

EUVD-2020-17974

Malware in sbrugna...

EUVD-2018-8003

Malware in sbrugna...

EUVD-2018-8002

Malware in sbrugna...

EUVD-2016-9341

Malware in sbrugna...

EUVD-2019-9367

Malware in sbrugna...

EUVD-2022-32556

Malicious code in bioql PyPI...

EUVD-2022-32555

Malicious code in bioql PyPI...

SUSE-SU-2025:20805-1 Security update for podman

This update for podman fixes the following issues: - CVE-2025-6032: Fixed machine init command failing to verify TLS certificate bsc1245320 - Fix conditional Requires remove deprecated sleversion macro - Update to version 5.4.2: Add release notes for v5.4.2 Fix a potential deadlock during podman ...

CVE-2022-28073

A use after free in rregsetvalue function in radare2 5.4.2 and 5.4.0...

CVE-2022-28068

A heap buffer overflow in rsleb128 function in radare2 5.4.2 and 5.4.0...

JVN#87710540: Assimp vulnerable to heap-based buffer overflow

Assimp provided by Open Asset Import Library contains a heap-based buffer overflow vulnerability CWE-122. Impact An attacker may execute arbitrary code by inputting a specially crafted file into the product. Solution Update the Software Update the software to the latest version according to the...

CVE-2024-2785

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin The Plus Addons for Elementor 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerabilit...

PT-2024-15566 · WordPress · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor plugin for WordPress versions up to, and including, 5.4.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the plugin's element...

CVE-2024-34373

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.4.2...