NiftyKitV3 and NiftyKitAppRegistry initialize can be frontrun

Low Risk

The functions are public which means anybody can run them (and take ownership).

   function initialize() public initializer {
        __Ownable_init();
    }

    function initialize(address appRegistry_) public initializer {
        _appRegistry = appRegistry_;
        _treasury = _msgSender();
        __Ownable_init();
    }

It is not really bad, as these functions are called during deployment, but deployer has to make sure nobody frontrun these calls during deployment. If initialize is frontrun, the deployer will have to redeploy because the frontrunner will get the ownership of the contracts.