Skip to main content

Node View Permissions

2 CVEs product

Monthly

CVE-2026-8491 PHP LOW PATCH Monitor

Forceful browsing in the Drupal Node View Permissions module exposes restricted node content to unauthenticated network attackers under high-complexity conditions. Affected are all installations running versions 0.0.0-1.7.0 (branch 1.x) and 2.0.0-2.0.1 (branch 2.x) of the module. The vulnerability is classified as information disclosure only - no integrity or availability impact - and carries a CVSS 3.7 (Low) score; no public exploit code exists and no confirmed active exploitation has been reported (not in CISA KEV), with EPSS placing exploitation probability at 0.01%.

Information Disclosure Node View Permissions
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2013-5965 MEDIUM PATCH This Month

The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Node View Permissions
NVD
CVSS 2.0
5.0
EPSS
0.3%
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Forceful browsing in the Drupal Node View Permissions module exposes restricted node content to unauthenticated network attackers under high-complexity conditions. Affected are all installations running versions 0.0.0-1.7.0 (branch 1.x) and 2.0.0-2.0.1 (branch 2.x) of the module. The vulnerability is classified as information disclosure only - no integrity or availability impact - and carries a CVSS 3.7 (Low) score; no public exploit code exists and no confirmed active exploitation has been reported (not in CISA KEV), with EPSS placing exploitation probability at 0.01%.

Information Disclosure Node View Permissions
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Node View Permissions
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy