CVE-2025-47706 – Drupal Enterprise MFA – TFA Authentication Bypass by Capture-replay Vulnerability

May 14, 2025

CVE ID : CVE-2025-47706

Published : May 14, 2025, 5:15 p.m. | 1 hour, 51 minutes ago

Description : Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA – TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA – TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47707 – Drupal Enterprise MFA – TFA Authentication Bypass

Next Article CVE-2025-47704 – Drupal Klaro Cookie & Consent Management Cross-Site Scripting (XSS)

Highlights

CVE-2025-5130 – Tmall Demo Unrestricted File Upload Vulnerability

May 24, 2025

CVE ID : CVE-2025-5130

Published : May 24, 2025, 8:15 p.m. | 39 minutes ago

Description : A vulnerability was found in Tmall Demo up to 20250505. It has been classified as critical. This affects the function uploadProductImage of the file tmall/admin/uploadProductImage. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

From Line To Layout: How Past Experiences Shape Your Design Career

Hire React.js Developers in the US: How to Choose the Right Team for Your Needs

Google’s coding agent Jules gets critique functionality

The best smartphones without AI features in 2025: Expert tested and recommended

GPT-5 was supposed to simplify ChatGPT but now it has 4 new modes – here’s why

Gemini just got two of ChatGPT’s best features – and they’re free

I found the easiest way to send files between my Android phone and desktop – and it’s free

Laravel Boost is released

Laravel Boost is released

Frontend Standards for Optimizely Configured Commerce: Clean & Scalable Web Best Practices

Live Agent Escalation in Copilot Studio Using D365 Omnichannel – Architecture and Use Case

OpenAI’s Sam Altman: GPT-5 fails to meet AGI standards amid Microsoft’s fading partnership — “it’s still missing something”

OpenAI’s Sam Altman: GPT-5 fails to meet AGI standards amid Microsoft’s fading partnership — “it’s still missing something”

You Think You Need a Monster PC to Run Local AI, Don’t You? — My Seven-Year-Old Mid-range Laptop Says Otherwise

8 Registry Tweaks that will Make File Explorer Faster and Easier to Use on Windows 11

CVE-2025-47706 – Drupal Enterprise MFA – TFA Authentication Bypass by Capture-replay Vulnerability

How the always-on generation can level up its cybersecurity game

Supply-chain dependencies: Check your resilience blind spot

Why DNS Security Is Your First Defense Against Cyber Attacks?

CVE-2025-32793 – Cilium Wireguard Transparent Encryption Race Condition

QLog – amateur radio logbook

CVE-2025-32412 – Fuji Electric Smart Editor Out-of-Bounds Read RCE

CVE-2025-5130 – Tmall Demo Unrestricted File Upload Vulnerability

4 Ways I am Encouraging My 4 Year Old Child to Help Learn Coding and Use Computer

How End-to-End Testing Supports Grid Reliability for Energy Providers

British compute sector surged ahead in 2024, report shows

CVE-2025-47706 – Drupal Enterprise MFA – TFA Authentication Bypass by Capture-replay Vulnerability

Related Posts