Adam Shepherd

**Name of the Vulnerable Software and Affected Versions** Node View Permissions versions 0.0.0 through 1.6.x Node View Permissions versions 2.0.0 through 2.0.0 **Description** An improper check for unusual or exceptional conditions in the Node View Permissions module allows forceful browsing. The module provides "View own content" and "View any content" permissions for each content type. The issue occurs when a user is cancelled and their content is reassigned to the anonymous user, as the module does not sufficiently handle this scenario. This affects private content that should not be accessible to anonymous users but was reassigned to them. **Recommendations** Update versions 0.0.0 through 1.6.x to version 1.7.0. Update version 2.0.0 to version 2.0.1.

**Name of the Vulnerable Software and Affected Versions** Drupal Private content versions 0.0.0 through 2.1.0 **Description** The issue is related to an incorrect privilege assignment in the Private content module of the Drupal CMS, allowing a remote attacker to bypass security restrictions and gain unauthorized access to protected information. This can be achieved through framing, which enables target influence. **Recommendations** For versions 0.0.0 through 2.1.0, update to version 2.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Private content module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Drupal Swift Mailer versions *.* **Description** The issue is related to an Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer, which allows Resource Location Spoofing. This can be exploited by a remote attacker to perform spoofing attacks. **Recommendations** For Drupal Swift Mailer versions *.*: At the moment, there is no information about a newer version that contains a fix for this vulnerability.