| st0rm_ | Deserialization of Untrusted Data (CWE-502) | | Sat, 2 Aug 2025 |
| jowojerman | Cleartext Storage of Sensitive Information (CWE-312) | | Sat, 2 Aug 2025 |
| AzothSTN | Information Exposure Through an Error Message (CWE-209) | | Sat, 2 Aug 2025 |
| Lapasec | Improper Access Control - Generic (CWE-284) | | Sat, 2 Aug 2025 |
| S0ufm3l | Business Logic Errors (CWE-840) | | Sat, 2 Aug 2025 |
| grandpa | HTML Injection (CWE-79) | | Sat, 2 Aug 2025 |
| S100WIN | Improper Access Control - Generic (CWE-284) | | Sat, 2 Aug 2025 |
| eblindudaniel | Server-Side Request Forgery (SSRF) (CWE-918) | | Sat, 2 Aug 2025 |
| Skilldev31 | Permissive Cross-domain Policy with Untrusted Domains (CORS) (CWE-942) | | Sat, 2 Aug 2025 |
| Zeeebox55 | Business Logic Errors (CWE-840) | | Sat, 2 Aug 2025 |
| johnwick2026 | Business Logic Errors (CWE-840) | | Fri, 1 Aug 2025 |
| kazisaimasadia | Improper Access Control - Generic (CWE-284) | | Fri, 1 Aug 2025 |
| fouad73 | Improper Access Control - Generic (CWE-284) | | Fri, 1 Aug 2025 |
| 0x88 | Improper Access Control - Generic (CWE-284) | | Fri, 1 Aug 2025 |
| seeu | Information Disclosure (CWE-200) | | Fri, 1 Aug 2025 |
| itach1 | Improper Access Control - Generic (CWE-284) | | Fri, 1 Aug 2025 |
| 0x88 | Information Disclosure (CWE-200) | | Fri, 1 Aug 2025 |
| AzothSTN | Brute Force (CWE-307) | | Fri, 1 Aug 2025 |
| Amier | Cross-site Scripting (XSS) - Reflected (CWE-79) | | Fri, 1 Aug 2025 |
| HannanHaseeb | HTML Injection (CWE-79) | | Fri, 1 Aug 2025 |
| cyb3r4rch3r | Cross-site Scripting (XSS) - Stored (CWE-79) | | Fri, 1 Aug 2025 |
| backbencher01 | Information Disclosure (CWE-200) | | Fri, 1 Aug 2025 |
| Sajathnissar | Use of Hard-coded Credentials (CWE-798) | | Fri, 1 Aug 2025 |
| 3M0oo0ry | Improper Access Control - Generic (CWE-284) | | Fri, 1 Aug 2025 |
| hassan239 | Business Logic Errors (CWE-840) | | Fri, 1 Aug 2025 |
| GingerCat | Use of Hard-coded Credentials (CWE-798) | | Fri, 1 Aug 2025 |
| rabhi | Insecure Direct Object Reference (IDOR) (CWE-639) | | Fri, 1 Aug 2025 |
| sushicomabacate | Insecure Direct Object Reference (IDOR) (CWE-639) | | Fri, 1 Aug 2025 |
| d0xing | Server Misconfiguration - Subdomain Takeover (CWE-16) | | Fri, 1 Aug 2025 |
| sushicomabacate | Improper Access Control - Generic (CWE-284) | | Fri, 1 Aug 2025 |
| hakupiku | Cross-site Scripting (XSS) - DOM (CWE-79) | | Fri, 1 Aug 2025 |
| FuzzingBoy | Information Exposure Through Directory Listing (CWE-548) | | Fri, 1 Aug 2025 |
| rabhi | Open Redirect (CWE-601) | | Fri, 1 Aug 2025 |
| rabhi | Cross-site Scripting (XSS) - Reflected (CWE-79) | | Fri, 1 Aug 2025 |
| Kix29 | Cross-site Scripting (XSS) - Stored (CWE-79) | | Fri, 1 Aug 2025 |
| Kix29 | Cross-site Scripting (XSS) - Stored (CWE-79) | | Fri, 1 Aug 2025 |
| zeropoison | Cross-site Scripting (XSS) - Reflected (CWE-79) | | Fri, 1 Aug 2025 |
| milikr0kas | Permissive Cross-domain Policy with Untrusted Domains (CORS) (CWE-942) | | Fri, 1 Aug 2025 |
| Kix29 | HTML Injection (CWE-79) | | Fri, 1 Aug 2025 |
| GoDiego | Cross-site Scripting (XSS) - Reflected (CWE-79) | | Fri, 1 Aug 2025 |
| Ric0s | Improper Access Control - Generic (CWE-284) | | Fri, 1 Aug 2025 |
| HugoBond | Business Logic Errors (CWE-840) | | Fri, 1 Aug 2025 |
| Czeppo | Improper Handling of Extra Parameters (CWE-235) | | Fri, 1 Aug 2025 |
| Xiety | Privacy Violation (CWE-359) | | Fri, 1 Aug 2025 |
| ncrcs | Improper Access Control - Generic (CWE-284) | | Fri, 1 Aug 2025 |
| hakupiku | Improper Authentication - Generic (CWE-287) | | Fri, 1 Aug 2025 |
| schlecky | HTML Injection (CWE-79) | | Fri, 1 Aug 2025 |
| m3ntor | Violation of Secure Design Principles (CWE-657) | | Fri, 1 Aug 2025 |
| Ric0s | Improper Access Control - Generic (CWE-284) | | Fri, 1 Aug 2025 |
| Al7eX | Cross-site Scripting (XSS) - Generic (CWE-79) | | Fri, 1 Aug 2025 |
