resolved
Information Disclosure of metrics fax.wavecell.com/metrics
Bug reported by kaue navarro was disclosed at May 30, 2025, 6:53 am | Information Disclosure
The fax.wavecell.com/metrics endpoint was found to disclose sensitive information. The information disclosure vulnerability was discovered and reported on the HackerOne platform.
resolved
Facebook Username Takeover via Broken Link in Footer
Bug reported by Try_the_hack was disclosed at May 30, 2025, 5:22 am | Improper Access Control - Generic
The Facebook username "Opnglobal" was available for takeover due to a broken link in the footer of the target URL. The vulnerability allowed an attacker to create a fake Facebook page that could mislead users and negatively impact the organization's social media presence.
resolved
Apache Airflow Fab Provider: Application does not invalidate session after password change via Airflow cli
Bug reported by Saurabh was disclosed at May 29, 2025, 12:43 pm | Insufficient Session Expiration
The Apache Airflow Fab Provider before version 1.5.2 was affected by an insufficient session expiration vulnerability. When a user's password was changed using the admin CLI, the existing user sessions were not cleared, allowing logged-in users to continue accessing the system even after the password change. This issue was addressed in version 1.5.2 of the Apache Airflow Fab Provider.