Accessing unauthorized administration pages and seeing admin password – speakerkit.state.gov
U.S. Department of State disclosed a bug submitted by qualw1n: https://hackerone.com/reports/1806387 [Source]
Chat room member disclosure via autocomplete API
Nextcloud disclosed a bug submitted by lukasreschke: https://hackerone.com/reports/1850407 - Bounty: $150 [Source]