CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 3 days ago•2 views

CVE-2026-28511 elabftw has entry title leakage through autocompletion search

4.3CVSS5.8AI score0.00027EPSS

Cvelist•added 3 days ago•24 views

CVE-2026-28511 elabftw has entry title leakage through autocompletion search

4.3CVSS0.00027EPSS

CNNVD•added 3 days ago•3 views

eLabFTW information leakage vulnerability

eLabFTW is an open-source experimental data hosting platform developed by eLabFTW. This platform runs on the Linux system and supports the storage of various types of objects. Versions of eLabFTW prior to 5.4.2 contained a vulnerability related to information leakage. This vulnerability occurred...

4.3CVSS5.9AI score0.00027EPSS

RedhatCVE•added 2026/05/06 8:21 p.m.•1 views

CVE-2026-28510

eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...

Vulnrichment•added 2026/05/05 12:28 p.m.•2 views

CVE-2026-28510 elabftw allows MFA bypass during login

ATTACKERKB•added 2026/05/05 12:28 p.m.•1 views

CVE-2026-28510

EUVD•added 2026/05/05 12:28 p.m.•0 views

Exploits0References3

EUVD-2026-27311

Cvelist•added 2026/05/05 12:28 p.m.•32 views

CVE-2026-28510 elabftw allows MFA bypass during login

5.9CVSS0.00066EPSS

CVE•added 2026/05/05 12:28 p.m.•6 views

CVE-2026-28510

Vulnerability summary (CVE-2026-28510): elabftw versions up to 5.4.1 fail to reliably preserve MFA state during login, allowing an attacker with valid primary credentials to complete authentication using an attacker-controlled TOTP secret and bypass the additional factor. This can lead to unautho...

Exploits0References2Affected Software1

Positive Technologies•added 2026/05/05 12:0 a.m.•1 views

PT-2026-37035

Name of the Vulnerable Software and Affected Versions eLabFTW versions prior to 5.4.2 Description The login flow in this open source electronic lab notebook does not reliably preserve the multi-factor authentication state across authentication steps. An attacker possessing valid primary credentia...

RedhatCVE•added 2026/01/09 9:21 a.m.•0 views

Exploits0References6

CVE-2021-41171

eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing...

8.8CVSS6.7AI score0.00227EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:13 a.m.•3 views

CVE-2022-31178

eLabFTW is an electronic lab notebook manager for research teams. A vulnerability was discovered which allows a logged in user to read a template without being authorized to do so. This vulnerability has been patched in 4.3.4. Users are advised to upgrade. There are no known workarounds for this...

4.3CVSS6.7AI score0.0016EPSS

RedhatCVE•added 2026/01/07 9:29 a.m.•6 views

CVE-2019-12185

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the we...

9CVSS7.8AI score0.26432EPSS

Exploits3References1

NVD•added 2025/10/27 10:15 p.m.•1 views

CVE-2025-62793

eLabFTW is an open source electronic lab notebook for research labs. The application served uploaded SVG files inline. Because SVG supports active content, an attacker could upload a crafted SVG that executes script when viewed, resulting in stored XSS under the application origin. A victim who...

6.8CVSS0.00029EPSS

Vulnrichment•added 2025/10/27 9:25 p.m.•1 views

CVE-2025-62793 eLabFTW HTML / CSS Injection via Malicious SVG Upload Leads to Credential Theft / Clickjacking

6.8CVSS5.8AI score0.00029EPSS

Cvelist•added 2025/10/27 9:25 p.m.•3 views

CVE-2025-62793 eLabFTW HTML / CSS Injection via Malicious SVG Upload Leads to Credential Theft / Clickjacking

6.8CVSS0.00029EPSS

CVE•added 2025/10/27 9:25 p.m.•7 views

CVE-2025-62793

Summary: CVE-2025-62793 affects eLabFTW, an open-source electronic lab notebook. The root cause is that the application served uploaded SVG files inline, allowing SVGs with active content to execute scripts when viewed. This enables stored XSS under the application origin, potentially leading to ...

6.8CVSS5.8AI score0.00029EPSS