Information Disclosure of metrics fax.wavecell.com/metrics

Bug reported by kaue navarro was disclosed at May 30, 2025, 6:53 am   |   Information Disclosure

The fax.wavecell.com/metrics endpoint was found to disclose sensitive information. The information disclosure vulnerability was discovered and reported on the HackerOne platform.

Facebook Username Takeover via Broken Link in Footer

Bug reported by Try_the_hack was disclosed at May 30, 2025, 5:22 am   |   Improper Access Control - Generic

The Facebook username "Opnglobal" was available for takeover due to a broken link in the footer of the target URL. The vulnerability allowed an attacker to create a fake Facebook page that could mislead users and negatively impact the organization's social media presence.

Apache Airflow Fab Provider: Application does not invalidate session after password change via Airflow cli

Bug reported by Saurabh was disclosed at May 29, 2025, 12:43 pm   |   Insufficient Session Expiration

The Apache Airflow Fab Provider before version 1.5.2 was affected by an insufficient session expiration vulnerability. When a user's password was changed using the admin CLI, the existing user sessions were not cleared, allowing logged-in users to continue accessing the system even after the password change. This issue was addressed in version 1.5.2 of the Apache Airflow Fab Provider.