$5K Misconfigured Reset password that leads to Account Takeover (No user Interaction ATO)

RCE via LFI Log Poisoning - The Death Potion

Password reset poisoning to ATO and OTP bypass