VYPR

Twilio

by Twilio Project

CVEs (4)

  • CVE-2018-17388CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.02

    SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php, or the id parameter to add_email.php or edit_content.php.

  • CVE-2020-24655MedSep 10, 2020
    risk 0.33cvss 5.1epss 0.00

    A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices (effectively bypassing the PIN requirement).

  • CVE-2024-39891KEVJul 2, 2024
    risk 0.13cvss epss 0.01

    In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing…

  • CVE-2014-9023Nov 20, 2014
    risk 0.00cvss epss 0.01

    The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the "access administration pages" Drupal permission.