We would like to thank the following researchers: * (2026-02-03) Hassan Ali Abdullah - Arbitrary email sending * (2026-01-31) Gaurang Maheta - Information Disclosure * (2026-01-22) Sajjad Haqi - Path traversal / LFI * (2026-01-22) Felipe Gabriel Renzi - PHP information disclosure * (2026-01-21) Sajjad Haqi - Debug config leaking information * (2026-01-20) Hassan Ali Abdullah - Web form information disclosure * (2026-01-12) Gaurang Maheta - Inappropriate directory listing * (2026-01-11) Hassan Ali Abdullah - Multiple API vulnerabilities * (2026-01-11) Hassan Ali Abdullah - Reflected XSS * (2026-01-11) Sajjad Haqi - Debug config leaking sensitive information * (2026-01-11) Sajjad Haqi - Inappropriate directory listing * (2026-01-02) Keyur Maheta - Information Disclosure * (2026-01-02) Keyur Maheta - Information Disclosure * (2026-01-02) Keyur Maheta - Reflected Cross-Site Scripting * (2026-01-02) Keyur Maheta - Sensitive File Exposure * (2025-12-29) Maxence Rossin (Raevorin) - RCE via CGI parameters * (2025-11-29) Adrián Tirado García - Path traversal / LFI * (2025-11-02) Ihsan Sencan - Multiple Wordpress vulnerabilities * (2025-11-01) Ihsan Sencan - Cross-Site Scripting * (2025-11-01) Ihsan Sencan - Cross-Site Scripting * (2025-10-30) Ihsan Sencan - Reflected XSS * (2025-10-30) Ihsan Sencan - Path Traversal Vulnerability * (2025-10-30) Ihsan Sencan - Cross-Site Scripting Vulnerability * (2025-10-30) Ihsan Sencan - Cross-Site Scripting Vulnerability * (2025-10-30) Ihsan Sencan - Path traversal / LFI * (2025-10-29) Ihsan Sencan - Unauthenticated service access * (2025-10-28) Ihsan Sencan - RCE via File injection * (2025-10-26) Mansi Karpe - Metrics and config disclosure * (2025-10-26) Ihsan Sencan - SQL injection * (2025-10-26) Yash Jare - Form abuse * (2025-10-20) Abdulhadi Arif Alshammari - Information disclosure * (2025-10-19) Rangga Nugraha - Cross-Site Scripting * (2025-10-17) Ahmet Artuç - CORS misconfiguration * (2025-10-17) Gaurang Maheta - SQL injection * (2025-10-15) Ferry Farhan - Two XSS vulnerabilities * (2025-09-30) Gaurang Maheta - Weak ciphers * (2025-09-23) Mouad Saidi - Open Redirection * (2025-09-22) Gaurang Maheta - Information disclosure * (2025-09-06) Pranav R Wattamwar - Publicly accessible metrics endpoint * (2025-09-04) LAOLAB Cyber Security (https://laolab.org) - Debug config enabled * (2025-08-31) Santosh Bobade - Obsolete social media account * (2025-08-29) Nitesh Singh (singhnitesh21) - Open Redirection * (2025-08-29) Pranav R Wattamwar - Information disclosure * (2025-08-19) Shantanu Bhosale - Information disclosure * (2025-08-11) Paramjeet Singh Rajpurohit {P@¥r0nix} - Publicly Accessible Credentials * (2025-08-09) Shivang Singhal - Clickjacking via Open Redirection * (2025-08-09) Gaurang Maheta - Host Header Injection * (2025-07-26) Parth Narula - Information leakage via API * (2025-07-02) Gaurang Maheta - Default credential vulnerability * (2025-06-26) Gaurang Maheta - Reflected xss * (2025-03-06) Gaurang Maheta - Cypher weakness * (2025-03-05) Andrea Amaddio - Information disclosure * (2025-02-15) PalindromeSec - Information disclosure * (2025-02-17) Pallavi Pandey - Source config information disclosure * (2025-02-07) Pallavi Pandey - PHP error disclosure * (2025-02-06) Vaibhav Jain - Debug info and source config information disclosures * (2025-01-30) Anupam Deori - Cross-Site Scripting Vulnerability * (2025-01-23) Gaurang Maheta - SSH server vulnerability * (2024-12-21) AKHIL C.D. - Exception information disclosure * (2024-12-21) AKHIL C.D. - Open Redirection * (2024-12-17) Gaurang Maheta - Several source config information disclosures * (2024-09-08) Aashutosh Devkota - Cross-Site Scripting Vulnerability * (2024-09-06) Gaurang Maheta - Exposed xmlrpc interfaces * (2024-08-29) Gaurang Maheta - Several Weak Cipher Suite detections * (2024-08-28) Gaurang Maheta - API key disclosures * (2024-08-01) Gaurang Maheta - Several source config information disclosures * (2024-07-22) Gaurang Maheta - Local File Inclusion * (2024-06-06) Gaurang Maheta - Several Sensitive Information disclosures * (2024-05-27) Mayank Mukhi - Reflected xss