CVE-2025-66223 OpenObserve's Invite Token Lifecycle Misconfiguration

OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issue...

Ubiquiti UniFi Protect Cameras 安全漏洞

The Ubiquiti UniFi Protect Application is an enterprise-grade security monitoring platform that supports both home and business users. A security vulnerability exists in Ubiquiti UniFi Protect Application, which stems from a misconfigured access token mechanism that can be exploited by an attacke...

Chaturbate: Forget password link not expiring after email change.

I found a token miss configuration flaw in chaturbate.com, When we reset password for a user a link is sent to the registered email address but incase it remain unused and email is updated by user from setting panel then too that old token reset link sent at old email address remains valid. A...

Nextcloud: Password reset link remains valid after email change

Hey! I found a token miss configuration flaw in Nextcloud 9.0.50 Latest version, When we reset password for a user a link is sent to the registered email address but incase it remain unused and email is updated by user from control panel then too that old token reset link sent at old email addres...