The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions.
https://exchange.xforce.ibmcloud.com/vulnerabilities/43017
http://www.securityfocus.com/bid/29677