Miniorange Miniorange 2fa — known CVE vulnerabilities
Every CVE whose affected-product data names Miniorange Miniorange 2fa, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2025-47708 — CVSS 8.8 (high): Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue…
CVE-2025-47707 — CVSS 7.5 (high): Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication…
CVE-2025-47710 — CVSS 7.4 (high): Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication…
CVE-2025-47706 — CVSS 4.8 (medium): Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen…
CVE-2025-6675 — CVSS 4.8 (medium): Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication…