CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7030 – Two-factor Authentication (TFA) - Less critical - Access bypass - SA-CONTRIB-2025-085
https://notcve.org/view.php?id=CVE-2025-7030
08 Jul 2025 — Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication (TFA) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.11.0. La vulnerabilidad de privilegio definido con acciones inseguras en Drupal Two-factor Authentication (TFA) permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a la autenticación de dos factores (TFA): desde la v... • https://www.drupal.org/sa-contrib-2025-085 • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31694 – Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2025-023
https://notcve.org/view.php?id=CVE-2025-31694
31 Mar 2025 — Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0. • https://www.drupal.org/sa-contrib-2025-023 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13279 – Two-factor Authentication (TFA) - Critical - Access bypass - SA-CONTRIB-2024-043
https://notcve.org/view.php?id=CVE-2024-13279
09 Jan 2025 — Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.8.0. • https://www.drupal.org/sa-contrib-2024-043 • CWE-384: Session Fixation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13239 – Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2024-003
https://notcve.org/view.php?id=CVE-2024-13239
09 Jan 2025 — Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0. • https://www.drupal.org/sa-contrib-2024-003 • CWE-1390: Weak Authentication •