EUVD-2025-9018

Malicious code in bioql PyPI...

CVE-2025-7030

Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication TFA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Two-factor Authentication TFA: from 0.0.0 before 1.11.0...

CVE-2025-7030

CVE-2025-7030 affects Drupal Two-factor Authentication (TFA) module prior to 1.11.0. The root cause is a Privilege Defined With Unsafe Actions vulnerability that hinges on incorrectly configured access controls, allowing bypass of certain privilege checks. Affected versions range from 0.0.0 up to...

GHSA-HF6C-FGP3-JFCH Drupal Two-factor Authentication (TFA) Vulnerable to Forceful Browsing

Incorrect Authorization vulnerability in Drupal Two-factor Authentication TFA allows Forceful Browsing. This issue affects Two-factor Authentication TFA: from 0.0.0 before 1.10.0...

CVE-2025-31694

Incorrect Authorization vulnerability in Drupal Two-factor Authentication TFA allows Forceful Browsing.This issue affects Two-factor Authentication TFA: from 0.0.0 before 1.10.0...

CVE-2025-31694

CVE-2025-31694 concerns the Drupal Two-factor Authentication (TFA) module. The issue is an Incorrect Authorization vulnerability that enables forceful browsing / access bypass on TFA-enabled logins. Affected versions are 0.0.0 through 1.10.0 . Root cause details in connected docs indicate that kn...

PT-2025-13864 · Drupal · Drupal Two-Factor Authentication

Name of the Vulnerable Software and Affected Versions: Drupal Two-factor Authentication TFA versions 0.0.0 through 1.10.0 Description: The issue is related to an Incorrect Authorization vulnerability in the Drupal Two-factor Authentication TFA module, allowing Forceful Browsing. Recommendations:...

Drupal Two-factor Authentication (TFA) module < 1.10.0 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Conrad Lara cmlara in WordPress Module Two-factor Authentication TFA versions 1.10.0...