CVE-2025-31694

CVE-2025-31694 concerns the Drupal Two-factor Authentication (TFA) module. The issue is an Incorrect Authorization vulnerability that enables forceful browsing / access bypass on TFA-enabled logins. Affected versions are 0.0.0 through 1.10.0 . Root cause details in connected docs indicate that kn...

CVE-2024-13239

CVE-2024-13239 affects the Drupal Two-factor Authentication (TFA) module. The vulnerability arises from a weak authentication mechanism in TFA that enables authentication abuse and bypass of access controls. Affected are TFA versions from 0.0.0 up to but not including 1.5.0. The underlying root c...

CVE-2024-13279

Drupal Two-factor Authentication (TFA) module suffers a Session Fixation vulnerability due to improper session handling. Affected versions are 0.0.0 up to but not including 1.8.0; CVSS 3.1 base score 9.8 (CRITICAL). Exploitation details are not provided in the documents; no in-the-wild exploit in...

CVE-2025-7030

CVE-2025-7030 affects Drupal Two-factor Authentication (TFA) module prior to 1.11.0. The root cause is a Privilege Defined With Unsafe Actions vulnerability that hinges on incorrectly configured access controls, allowing bypass of certain privilege checks. Affected versions range from 0.0.0 up to...