Vendor Products CVEs KEV Avg EPSS Worst Severity 1 4 0 33.1% CRITICAL
CVE ID Description Severity CVSS KEV EPSS Published CVE-2025-7030 Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication (TFA) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.11.0. MEDIUM 6.5 — 28.3% Jul 8, 2025 CVE-2025-31694 Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0. HIGH 8.1 — 27.5% Mar 31, 2025 CVE-2024-13279 Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.8.0. CRITICAL 9.8 — 35.3% Jan 9, 2025 CVE-2024-13239 Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0. CRITICAL 9.8 — 41.3% Jan 9, 2025