NVD-CWE-noinfo

A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.

It was possible to download all receipts without authentication. Must first access the API https://XXXX.supersmart.me/services/v4/customer/signin to get a TOKEN. Then you can then access the API that provides invoice images based on the URL https://XXXX.supersmart.me/services/v4/invoiceImg?orderId=XXXXX

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project.

Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page.

In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy.