Andre Groendijk

**Name of the Vulnerable Software and Affected Versions** Drupal versions prior to 1.7.0 **Description** An incorrect authorization issue exists in Drupal’s Unpublished Node Permissions, allowing forceful browsing. The problem relates to inconsistent access control for unpublished translated nodes. The module, designed to manage permissions for unpublished nodes per content type, does not consistently enforce these controls. **Recommendations** Update to version 1.7.0 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal Advanced PWA inc Push Notifications versions 0.0.0 through 1.5.0 **Description** The issue is related to an incorrect authorization vulnerability in the Drupal Advanced PWA inc Push Notifications module, which allows for forceful browsing. This means that an attacker can bypass security restrictions and perform unauthorized actions. The vulnerability can be exploited remotely. **Recommendations** For versions 0.0.0 through 1.5.0, update to version 1.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the module to minimize the risk of exploitation.