We would like to thank the following researchers:


(2020-09-10) RS K - Stored self XSS
(2020-09-02) RS K - Host header injection
(2020-09-01) RS K - Session doesn't expire after logout
(2020-08-29) Deleite - Clickjacking vulnerability
(2020-08-28) Deleite - Google bucket enumeration
(2020-08-27) Deleite - Subdomain takeover
(2020-08-17) Venkat Malla - Flaws in password policy 
(2020-08-14) RS K - Mail spoofing
(2020-07-29) Yogeshwaran Chandrasekaran - SPF, MX, DMARC records not set correctly
(2020-07-24) Nitin Gavhane - Missing text field limit
(2020-07-19) Freaking Rollings - Spf record not found
(2020-07-19) Yassine Nafiai - Bypass rate limit
(2020-07-15) Nitin Gavhane - Clickjacking vulnerability
(2020-07-13) Yogeshwaran Chandrasekaran - Stored self XSS due to Server Side Template Injection
(2020-07-10) Yassine Nafiai - User email enumeration
(2020-07-09) Venkat Malla - Session token lean in URL
(2020-07-08) Venkat Malla - Lack of Security Headers
(2020-07-07) Roy Niss - Bug in authentication session managment
(2020-07-07) Roy Niss - No email confirmation after signup
(2020-07-07) Roy Niss - User email enumeration
(2020-07-06) Yassine Nafiai - No rate limit in login form
(2020-07-06) Venkat Malla - Session doesn't expire after logout
(2020-07-06) Venkat Malla - Old session doesn't expire after password change
(2020-07-06) Roy Niss - Improved password policy
(2020-07-06) Yogeshwaran Chandrasekaran - Blind SSRF
(2020-02-07) Rodrigo Peña - Bug in referral program
(2019-09-03) Hussein Daher - Bug in email tracking configuration
(2019-06-02) Hussein Daher - Bug in DNS configuration
(2019-06-02) Samuel <twitter.com/@saamux> - Bug in CSRF token implementation
(2019-05-31) Samuel <twitter.com/@saamux> - Bad CORS implementation
(2022-03-02) Esteban Fuentealba - Cross Site Scripting
(2022-08-10) Marcelo Clavel - Cache Poisoning