CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31694 – Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2025-023
https://notcve.org/view.php?id=CVE-2025-31694
31 Mar 2025 — Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0. • https://www.drupal.org/sa-contrib-2025-023 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13279 – Two-factor Authentication (TFA) - Critical - Access bypass - SA-CONTRIB-2024-043
https://notcve.org/view.php?id=CVE-2024-13279
09 Jan 2025 — Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.8.0. • https://www.drupal.org/sa-contrib-2024-043 • CWE-384: Session Fixation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13239 – Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2024-003
https://notcve.org/view.php?id=CVE-2024-13239
09 Jan 2025 — Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0. • https://www.drupal.org/sa-contrib-2024-003 • CWE-1390: Weak Authentication •