2 matches found
CVE-2025-69207
CVE-2025-69207 concerns Khoj, a self-hosted AI app. Pre-2.0.0-beta.23, an IDOR in the Notion OAuth callback lets an attacker hijack a user’s Notion integration by manipulating the OAuth callback’s state parameter. The endpoint accepts any user UUID without verifying the initiated OAuth flow, enab...
Nextcloud 安全漏洞
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that can be exploited by an attacker to send a user ID to a lookup server when the user is not set to a...