CVE-2025-48444

Drupal Quick Node Block contains a Missing Authorization vulnerability that allows forceful browsing. Affected: versions 0.0.0 through 1.9.9; fixed in 2.0.0+. Impact: unauthorized access (information disclosure via listing node labels) as described in SA-CONTRIB-2025-064. CVSS v3.1 base score 5.3...

CVE-2025-48013

CVE-2025-48013 affects the Drupal Quick Node Block. It is a Missing Authorization vulnerability that enables forceful browsing of rendered nodes for versions 0.0.0 through 1.9.9 (affected up to before 2.0.0). Root cause: lack of authorization checks in the Quick Node Block module. Impact: unautho...