Vulnerabilities (CVE)

Filtered by vendor Miniorange Subscribe

Filtered by product Miniorange 2fa

Total 6 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2025-6675	1 Miniorange	1 Miniorange 2fa	2025-07-14	N/A	4.8 MEDIUM
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0., from 0.0.0 before 5.1..
CVE-2025-47706	1 Miniorange	1 Miniorange 2fa	2025-06-10	N/A	4.8 MEDIUM
Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
CVE-2025-47707	1 Miniorange	1 Miniorange 2fa	2025-06-10	N/A	7.5 HIGH
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
CVE-2025-47708	1 Miniorange	1 Miniorange 2fa	2025-06-10	N/A	8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
CVE-2025-47709	1 Miniorange	1 Miniorange 2fa	2025-06-10	N/A	6.5 MEDIUM
Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
CVE-2025-47710	1 Miniorange	1 Miniorange 2fa	2025-06-10	N/A	7.4 HIGH
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.