CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-6675 – Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-082
https://notcve.org/view.php?id=CVE-2025-6675
26 Jun 2025 — Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0 before 5.1.*. • https://www.drupal.org/sa-contrib-2025-082 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47710 – Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-056
https://notcve.org/view.php?id=CVE-2025-47710
14 May 2025 — Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. • https://www.drupal.org/sa-contrib-2025-056 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47709 – Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-055
https://notcve.org/view.php?id=CVE-2025-47709
14 May 2025 — Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. • https://www.drupal.org/sa-contrib-2025-055 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47708 – Enterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054
https://notcve.org/view.php?id=CVE-2025-47708
14 May 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. • https://www.drupal.org/sa-contrib-2025-054 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47707 – Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-053
https://notcve.org/view.php?id=CVE-2025-47707
14 May 2025 — Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. • https://www.drupal.org/sa-contrib-2025-053 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47706 – Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-052
https://notcve.org/view.php?id=CVE-2025-47706
14 May 2025 — Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. • https://www.drupal.org/sa-contrib-2025-052 • CWE-294: Authentication Bypass by Capture-replay •