| S.No | Title | Bounty |
|---|---|---|
| 1 | Spoof Email with Hyperlink Injection via Invites functionality | $0.0 |
| 2 | htaccess file is accesible | $0.0 |
| 3 | Nginx server version disclosure | $0.0 |
| 4 | Stored XSS in Filters | $0.0 |
| 5 | Unsecured Grafana instance | $0.0 |
| 6 | Password Forgot/Password Reset Request Bug | $0.0 |
| 7 | Administrator Access To Management Console | $0.0 |
| 8 | Cross-Site Scripting Stored On Rich Media | $0.0 |
| 9 | Nginx version disclosure via response header | $0.0 |
| 10 | Spam Some one using (user.saveInvite) system | $0.0 |
| 11 | Bypass the resend limit in Send Invites | $0.0 |
| 12 | Read Application Name , Subscribers Count | $0.0 |
| 13 | Reflected Xss on | $0.0 |
| 14 | Clickjacking | $0.0 |
| 15 | Publicy accessible IDRAC instance at api-m.inapp.pushwoosh.com | $0.0 |
| 16 | Development configuration file | $0.0 |
| 17 | Cleartext Password returned in JSON response | $0.0 |