程序:Google 漏洞类型:CSRF 赏金:$6,000 作者:David Schütz (@xdavidhu)

程序:Apple 漏洞类型:RCE, Insecure storage, Man-in-the-Disk attack 作者:Razvan Sima (@0xraaz)

漏洞类型:Cloud storage misconfiguration 赏金:$7,500 作者:Mikey (@mikey96_bh)

程序:Github 漏洞类型:XSS, CRLF, Web cache poisoning 赏金:$35,000 作者:Robert Chen (@NotDeGhost) & Philip

漏洞类型:Insecure deserialization, RCE 作者:Sjoerd Langkemper

漏洞类型:XSS 赏金:$250 作者:Bend Theory (@bendtheory)

程序:Starbucks 漏洞类型:RCE, Unrestricted file upload 赏金:$5,600 作者:Kamil Onur Özkaleli (@ko2sec)

漏洞类型:Web cache poisoning, Stored XSS 赏金:$1,500 作者:Mohamed Elbadry (@_melbadry9)

程序:Apple 漏洞类型:MacOS bug, HTML injection 作者:Paulos Yibelo (@PaulosYibelo)

漏洞类型:XSS, IDOR, 2FA bypass 赏金:$951 作者:Manas Harsh (@ManasH4rsh)

漏洞类型:XSS, HTLML injection 作者:Lauritz (@lauritz)

漏洞类型:Clickjacking 赏金:$100 作者:GoogleLauritz (@lauritz)

程序:Microsoft 漏洞类型:Local privilege escalation 作者:James Forshaw (@tiraniddo)

程序:Facebook 漏洞类型:Account takeover 赏金:$30,000 作者:Samm0uda (@samm0uda)

程序:Facebook 漏洞类型:Account takeover, OAuth flaw, Open redirect 赏金:$12,000 作者:Samm0uda (@samm0uda)

程序:Apple 漏洞类型:Account takeover, Information disclosure, RCE 作者:Mikko Kenttälä (@Turmio_)

漏洞类型:Reflected XSS 作者:gato the wizard

漏洞类型:Missing CORS, CSRF, Account takeover 作者:Niraj Modi (@nirajmodi51)

漏洞类型:Broken Access Control, IDOR 赏金:€2750 作者:Thexssrat (@theXSSrat)

漏洞类型:CSRF, Account takeover 作者:Ashraf Harb (@ashrafharb97)

漏洞类型:LFI 作者:أنس روبي (@xhzeem)

程序:Paypal 漏洞类型:Open Redirect 赏金:$750 作者:Pethuraj (@Pethuraj)

程序:CloudFlare 漏洞类型:Logic flaw 赏金:$0 作者:jychp (@jychp_fr)

漏洞类型:Information disclosure, Password reset flaw 赏金:$0 (OOS) 作者:Abhisek R (@abh1sek_r)

漏洞类型:Stored XSS 赏金:$600 作者:Shrirang Diwakar

漏洞类型:Logic flaw 赏金:€125 作者:Thexssrat (@theXSSrat)

漏洞类型:Information disclosure 作者:Saddam Hussain (@wisdomfreak1)

漏洞类型:XSS, Privilege escalation 作者:Asem Eleraky (@melotover)

程序:Google 漏洞类型:Authorization flaw 赏金:$6,000 作者:Zohar Shachar

程序:Google 漏洞类型:Rate limiting bypass 赏金:$0 (Won’t fix) 作者:Abdullah Mohamed (@3bodymo_)

漏洞类型:Logic flaw 赏金:$600+ 作者:Adam (@whitechaitai)

程序:Google 漏洞类型:IDOR 赏金:$1,000 作者:Sudhanshu Rajbhar (@sudhanshur705)

漏洞类型:Information disclosure 赏金:$250 作者:Thexssrat (@theXSSrat)

漏洞类型:Bruteforce, Lack of rate limiting, OTP bypass 作者:Bilal Muqeet (@blmqt)

漏洞类型:XSPA 作者:Shrey Shah (@ShreySh43332033)

漏洞类型:OAuth misconfiguration 赏金:$300 作者:Muhammad Aamir (@Muhammad__Aamir)

程序:IBM 漏洞类型:Logic flaw, Exposed registration page 作者:Clark Voss (@clark_voss)

漏洞类型:HTTP request smuggling 作者:Sean Yeoh (@seanyeoh)

程序:TikTok 漏洞类型:RCE, XSS, Insecure intents 作者:Sayed Abdelhafiz (@dPhoeniixx)

程序:Facebook 漏洞类型:SSRF, Account takeover, Cookie manipulation 赏金:$54,580 作者:Alaa Abdulridha (@alaa0x2)

程序:GitHub 漏洞类型:Logic bug 赏金:$25,000 作者:Teddy Katz (@not_aardvark)

漏洞类型:Dangling DNS records, Subdomain takeover 作者:Mohamed Elbadry (@_melbadry9)

漏洞类型:SSTI, Account takeover 作者:Hx01 (@Hxzeroone)

程序:Microsoft 漏洞类型:Insecure deserialization, RCE 作者:Simon Zuckerbraun (@HexKitchen)

漏洞类型:SSRF, Command injection 作者:secureITmania (@secureitmania)

漏洞类型:IDOR, Account takeover, Weak encryption, Password reset flaw 作者:Mayank Pandey (@mayank_pandey01)

程序:Facebook 漏洞类型:Information disclosure 赏金:$1,000 作者:Prakash Panta (@prakashpanta268)

程序:Facebook 漏洞类型:Information disclosure 赏金:$9,000 作者:Baibhav Anand (@SpongeBhav)

漏洞类型:IDOR 作者:Rahul Varale

程序:Automattic, IBM, 8x8 漏洞类型:SQL injection 作者:Ahmad A Abdulla (@lu3ky13)

程序:Paytm 漏洞类型:Stored XSS, Unrestricted file upload 作者:Naveen Prakaasham K S V

漏洞类型:Password reset flaw, Account takeover 赏金:$2,000 作者:Ashutosh mishra (@ashutoshmish_ra)

程序:Google 漏洞类型:Blind XSS 赏金:$3,133.70 作者:Rio Mulyadi (@riomulyadi_)

程序:GitHub 漏洞类型:Broken Access Control 赏金:$30,000 作者:Teddy Katz (@not_aardvark)

漏洞类型:2FA bypass 作者:pleorqy (@pleorqy)

漏洞类型:Reflected XSS, Clickjacking, Account takeover 作者:pleorqy (@pleorqy)