Elabftw
Monthly
Information disclosure in eLabFTW prior to version 5.4.2 allows authenticated users to enumerate resource titles outside their authorization scope via numeric reference/search queries. Affected deployments in regulated environments - such as clinical labs or research institutions embedding patient identifiers, project names, or regulated data in resource titles - face elevated sensitivity risk despite the limited scope of exposure. Content-level access controls remain intact; only titles leak. No public exploit identified at time of analysis, and CVSS rates this Medium (4.3), consistent with authenticated, low-impact disclosure.
Multi-factor authentication bypass in eLabFTW through version 5.4.1 allows attackers with valid primary credentials to complete login using an attacker-controlled TOTP secret, circumventing the second factor requirement and gaining unauthorized account access. The vulnerability stems from inconsistent MFA state preservation across authentication steps. This issue is patched in version 5.4.2.
eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
eLabFTW is an electronic lab notebook manager for research teams. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
eLabFTW is an electronic lab notebook manager for research teams. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
eLabFTW is an electronic lab notebook manager for research teams. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
eLabFTW is an electronic lab notebook manager for research teams. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
eLabFTW is an open source electronic lab notebook manager for research teams. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Information disclosure in eLabFTW prior to version 5.4.2 allows authenticated users to enumerate resource titles outside their authorization scope via numeric reference/search queries. Affected deployments in regulated environments - such as clinical labs or research institutions embedding patient identifiers, project names, or regulated data in resource titles - face elevated sensitivity risk despite the limited scope of exposure. Content-level access controls remain intact; only titles leak. No public exploit identified at time of analysis, and CVSS rates this Medium (4.3), consistent with authenticated, low-impact disclosure.
Multi-factor authentication bypass in eLabFTW through version 5.4.1 allows attackers with valid primary credentials to complete login using an attacker-controlled TOTP secret, circumventing the second factor requirement and gaining unauthorized account access. The vulnerability stems from inconsistent MFA state preservation across authentication steps. This issue is patched in version 5.4.2.
eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
eLabFTW is an electronic lab notebook manager for research teams. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
eLabFTW is an electronic lab notebook manager for research teams. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
eLabFTW is an electronic lab notebook manager for research teams. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
eLabFTW is an electronic lab notebook manager for research teams. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
eLabFTW is an open source electronic lab notebook manager for research teams. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.