Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

elabftw — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting elabftw. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products elabftw:elabftw
CVE IDTitleCVSSSeverityPaused
CVE-2025-62793 eLabFTW HTML / CSS Injection via Malicious SVG Upload Leads to Credential Theft / Clickjacking — elabftwCWE-79 6.8 Medium2025-10-27
CVE-2025-25206 Incorrect input validation could allow an authenticated user to read sensitive information — elabftwCWE-89 8.3 High2025-02-14
CVE-2024-52586 eLabFTW MFA bypass — elabftwCWE-288 5.4 Medium2024-12-09
CVE-2024-47826 eLabFTW vulnerable to HTML Injection in extended search error message — elabftwCWE-79 3.5 Low2024-10-14
CVE-2024-45408 eLabFTW contains a direct and indirect information disclosure — elabftwCWE-284 7.5 High2024-10-01
CVE-2024-25632 Unauthorised granting of administrator privileges over arbitrary teams under certain circumstances — elabftwCWE-266 8.6 High2024-10-01
CVE-2024-28100 Stored Cross-site Scripting leading to arbitrary actions taken on behalf of users in elabftw — elabftwCWE-79 8.9 High2024-09-02
CVE-2024-25633 In eLabFTW, if administrators can create users, users can too — elabftwCWE-266 5.4 Medium2024-08-15
CVE-2022-31178 Improper Authorization in eLabFTW — elabftwCWE-863 4.3 Medium2022-08-01
CVE-2022-31007 Privilege escalation from administrator in eLabFTW — elabftwCWE-842 4.9 Medium2022-05-31
CVE-2021-43834 Incorrect Authentication in elabftw — elabftwCWE-287 9.1 Critical2021-12-15
CVE-2021-43833 Account takeover in eLabFTW — elabftwCWE-287 8.1 High2021-12-15
CVE-2021-41171 Bypass bruteforce protection on login form in elabftw — elabftwCWE-307 5.9 Medium2021-10-22
CVE-2021-32698 Blind Server-Side Request Forgery (SSRF) in eLabFTW — elabftwCWE-918 6.8 Medium2021-06-21

This page lists every published CVE security advisory associated with elabftw. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.