📦 Elabftw

This vulnerability allows attackers to authenticate as existing users in eLabFTW instances configured with LDAP or SAML single sign-on authentication. It affects eLabFTW versions before 4.2.0 where LD...

This SQL injection vulnerability in eLabFTW allows authenticated users to read sensitive database information, potentially including login tokens. This could lead to privilege escalation and unauthori...

CVE-2024-45408 is an incorrect permission check vulnerability in eLabFTW that allows authenticated users to access restricted information. If anonymous access is enabled (disabled by default), unauthe...

This vulnerability in eLabFTW allows regular users to escalate privileges to administrator within teams where they are members. In versions after v5.0.0, it may also allow unauthenticated users to gai...

CVE-2024-28100 is a cross-site scripting (XSS) vulnerability in eLabFTW that allows authenticated users to upload malicious files that execute JavaScript in visitors' browsers. This enables attackers ...

This vulnerability allows any authenticated user in eLabFTW to gain access to arbitrary accounts by setting a specially crafted email address. It affects all eLabFTW instances prior to version 4.2.0 t...