CVE-2025-45731
- EPSS 0.06%
- Published 24.07.2025 00:00:00
- Last modified 28.07.2025 14:38:37
A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending.
CVE-2024-52598
- EPSS 0.57%
- Published 20.11.2024 15:15:11
- Last modified 04.08.2025 15:24:02
2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/prev...
CVE-2024-52597
- EPSS 0.25%
- Published 20.11.2024 14:15:17
- Last modified 04.08.2025 16:57:38
2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Versions prior to 5.4.1 are vulnerable to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. The application...
CVE-2023-36816
- EPSS 0.56%
- Published 03.07.2023 17:15:09
- Last modified 21.11.2024 08:10:39
2FA is a Web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Cross site scripting (XSS) injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability h...