CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47710 – Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-056
https://notcve.org/view.php?id=CVE-2025-47710
14 May 2025 — Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. • https://www.drupal.org/sa-contrib-2025-056 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47709 – Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-055
https://notcve.org/view.php?id=CVE-2025-47709
14 May 2025 — Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. • https://www.drupal.org/sa-contrib-2025-055 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47708 – Enterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054
https://notcve.org/view.php?id=CVE-2025-47708
14 May 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. • https://www.drupal.org/sa-contrib-2025-054 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47707 – Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-053
https://notcve.org/view.php?id=CVE-2025-47707
14 May 2025 — Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. • https://www.drupal.org/sa-contrib-2025-053 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47706 – Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-052
https://notcve.org/view.php?id=CVE-2025-47706
14 May 2025 — Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. • https://www.drupal.org/sa-contrib-2025-052 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47705 – IFrame Remove Filter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-051
https://notcve.org/view.php?id=CVE-2025-47705
14 May 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting (XSS).This issue affects IFrame Remove Filter: from 0.0.0 before 2.0.5. • https://www.drupal.org/sa-contrib-2025-051 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47704 – Klaro Cookie & Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-050
https://notcve.org/view.php?id=CVE-2025-47704
14 May 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.5. • https://www.drupal.org/sa-contrib-2025-050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47703 – COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-049
https://notcve.org/view.php?id=CVE-2025-47703
14 May 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.14. • https://www.drupal.org/sa-contrib-2025-049 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47702 – oEmbed Providers - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-048
https://notcve.org/view.php?id=CVE-2025-47702
14 May 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting (XSS).This issue affects oEmbed Providers: from 0.0.0 before 2.2.2. • https://www.drupal.org/sa-contrib-2025-048 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47701 – Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047
https://notcve.org/view.php?id=CVE-2025-47701
14 May 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0. • https://www.drupal.org/sa-contrib-2025-047 • CWE-352: Cross-Site Request Forgery (CSRF) •