Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

143 matches found

CNNVD
CNNVDadded 2022/05/31 12:0 a.m.2 views

eLabFTW 安全漏洞

eLabFTW is an open source platform for hosting experimental data. The platform runs on Linux and supports storing a wide range of objects. A security vulnerability exists in eLabFTW versions prior to 4.3.0, which stems from a problem with the application's permission settings. An authenticated us...

7.2CVSS7AI score0.26098EPSS
Exploits0References5
CNVD
CNVDadded 2021/12/19 12:0 a.m.18 views

eLabFTW Licensing Issue Vulnerability (CNVD-2022-05022)

eLabFTW is an open source platform for hosting experimental data. The platform runs on Linux systems and supports storage of multiple objects. eLabFTW is vulnerable to an authorization issue that stems from a lack of authentication measures or insufficient authentication strength in the network...

9.8CVSS1.7AI score0.00977EPSS
Exploits0References1
OSV
OSVadded 2021/12/16 12:15 a.m.9 views

CVE-2021-43834

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances wher...

9.8CVSS7AI score
Exploits0References2
NVD
NVDadded 2021/12/16 12:15 a.m.13 views

CVE-2021-43833

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows any authenticated user to gain access to arbitrary accounts by setting a specially crafted email address. This vulnerability impacts all instances that have not set a...

8.8CVSS0.00813EPSS
Exploits0References2
NVD
NVDadded 2021/12/16 12:15 a.m.11 views

CVE-2021-43834

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances wher...

9.8CVSS0.00977EPSS
Exploits0References2
OSV
OSVadded 2021/12/16 12:15 a.m.7 views

CVE-2021-43833

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows any authenticated user to gain access to arbitrary accounts by setting a specially crafted email address. This vulnerability impacts all instances that have not set a...

8.8CVSS6.9AI score
Exploits0References2
Prion
Prionadded 2021/12/16 12:15 a.m.15 views

Design/Logic Flaw

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows any authenticated user to gain access to arbitrary accounts by setting a specially crafted email address. This vulnerability impacts all instances that have not set a...

6.5CVSS8.7AI score0.00813EPSS
Exploits0References2Affected Software1
Prion
Prionadded 2021/12/16 12:15 a.m.15 views

Default credentials

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances wher...

6.5CVSS9.3AI score0.00977EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2021/12/16 12:0 a.m.2 views

Elabftw 授权问题漏洞

Elabftw is an open source platform for hosting experimental data. The platform runs on Linux and supports storing a wide range of objects. An authorization issue vulnerability exists in eLabFTW that allows any authenticated user to access arbitrary accounts by setting a specially designed email...

8.8CVSS8.1AI score0.00813EPSS
Exploits0References3
CNNVD
CNNVDadded 2021/12/16 12:0 a.m.3 views

Elabftw 授权问题漏洞

eLabFTW is an open source platform for hosting experimental data. The platform runs on Linux systems and supports storage of multiple objects. eLabFTW is vulnerable to an authorization issue that stems from a lack of authentication measures or insufficient authentication strength in the network...

9.8CVSS5.7AI score0.00977EPSS
Exploits0References3
Cvelist
Cvelistadded 2021/12/15 11:20 p.m.17 views

CVE-2021-43834 Incorrect Authentication in elabftw

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances wher...

9.1CVSS9.6AI score0.00977EPSS
Exploits0References2
CVE
CVEadded 2021/12/15 11:20 p.m.38 views

CVE-2021-43834

CVE-2021-43834 affects eLabFTW. In versions prior to 4.2.0, an attacker can authenticate as an existing user when that user was created via single sign-on options (e.g., LDAP or SAML), impacting deployments that rely on SSO instead of the local password. Root cause: improper handling of SSO-authe...

9.8CVSS9.5AI score0.00977EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2021/12/15 11:20 p.m.33 views

CVE-2021-43833

CVE-2021-43833 affects eLabFTW prior to version 4.2.0, where an authenticated user can gain access to arbitrary accounts by supplying a specially crafted email address. The issue applies to instances lacking an explicit email domain allowlist. Administrators’ and target users’ notifications are n...

8.8CVSS8.5AI score0.00813EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2021/12/15 11:20 p.m.19 views

CVE-2021-43833 Account takeover in eLabFTW

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows any authenticated user to gain access to arbitrary accounts by setting a specially crafted email address. This vulnerability impacts all instances that have not set a...

8.1CVSS8.9AI score0.00813EPSS
Exploits0References2
OSV
OSVadded 2021/10/22 7:15 p.m.6 views

CVE-2021-41171

eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing...

8.8CVSS6.9AI score
Exploits0References5
NVD
NVDadded 2021/10/22 7:15 p.m.11 views

CVE-2021-41171

eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing...

8.8CVSS0.01883EPSS
Exploits1References5
Prion
Prionadded 2021/10/22 7:15 p.m.9 views

Design/Logic Flaw

eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing...

4CVSS8.6AI score0.01883EPSS
Exploits1References5Affected Software1
CVE
CVEadded 2021/10/22 6:55 p.m.52 views

CVE-2021-41171

CVE-2021-41171 affects eLabFTW prior to 4.1.0. The issue allows bypassing brute-force protection by using forged PHPSESSID values in the HTTP Cookie header, enabling login bypass as described in multiple sources. Remediation is to upgrade to version 4.1.0 (upstream rate limiting is a valid option...

8.8CVSS7.2AI score0.01883EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2021/10/22 6:55 p.m.17 views

CVE-2021-41171 Bypass bruteforce protection on login form in elabftw

eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing...

5.9CVSS8.9AI score0.01883EPSS
Exploits1References5
CNNVD
CNNVDadded 2021/10/22 12:0 a.m.4 views

eLabFTW 安全漏洞

Elabftw is an open source platform for hosting experimental data. The platform runs on Linux and supports storing a wide range of objects. A security vulnerability exists in eLabFTW, which originated in versions of eLabFTW prior to 4.1.0, that allows an attacker to bypass the brute-force protecti...

8.8CVSS7.9AI score0.01883EPSS
Exploits1References6
Rows per page
Query Builder