Reports in enjin program: S.No Title Bounty 1 Revocation API Token by Bypassing The XSRF Token $1500.0 2 Authentication token and CSRF token bypass $300.0 3 Weak Email Verification: Newly Registered Users Can Bypass Email Verification Step and Log In $150.0 4 Unrestricted Upload of File with Dangerous Type $0.0 5 Reset password policy isn't consistent with registration / change password policy. $0.0 6 Race condition via project team member invitation system. $0.0 7 CSRF Bypassed on Logout Endpoint $0.0 8 Lack of Tenant Scoping Enables Limited Cross-Tenant Data Querying and Mutation $0.0 9 Cloudflare /cdn-cgi/ path allows resizing images from unauthorised sources on enjinusercontent.com $0.0