Some high impact vulnerabilities this week, CSRF in account deletion, remote code execution as root, and an apache "0day" that discloses PHP source.
Some drama with the VMWare bounty program, and then a few straight forward vulnerabilities and a really cool Azure Container Instances escape and takeover.
Multiple account takeover vulnerabilities in this episode with three cross-origin communication vulnerabilities in Facebook, an odd OTP endpoint in SnapChat and an open redirect in JetBrains leaking your JWT.