The list doesn't really match up with the title.
The content, however, is worth sharing.
Admittedly, Cloudbleed is a bit of a weird one. But I like it for that.
The blog post starts with a few obvious errors. OPcache is parts of PHP since [PHP 5.5](http://php.net/manual/en/opcache.installation.php), not PHP7. And "PHP7 by Rasmus Lerdof" is almost a joke: he was certainly not a top contributor to this iteration. These errors are not important _per se_, but they point to an overall lack of quality, and suggest no one reviewed before publication.
The article is not very clear about the vectors one needs to attack. Here is the list:
1. A non-standard configuration that enables file cache in OPcache. Very improbable.
2. An access to the result of phpinfo() which gives many sensible details about the PHP instance.
3. A security breach allowing the attacker to upload files into the cache path without restriction on the file name.
4. The URL to a PHP file that received no HTTP query since the PHP server started. The alternative is a configuration that disables in-memory caching in OPcache, but that would be far too contrived.
When the server has all these vulnerabilities but uses write-protected PHP files, then you can hack OPcache for remote code execution.
It's clearly not as widespread as Tickettrick or as proven as Advanced Flash Vulnerabilities, which is why it's ranked lower. But it's a neat trick which I suspect is likely to be applicable to similar technologies in the future.
Edge, FF and Chrome don't follow the spec as well as they should, and the result is a lot of minor browser incompatibilities that are very hard to detect and fix.
Each browser is making modifications to the DOM spec, many of whom make introducing XSS and XSRF into a web app very easy.
Deep DOM and JS knowledge is a must have for pen testers these days.
document.cookie = 'secret=123';
const parser = new DOMParser();
const html = parser.parseFromString('', 'text/html');
prints secret=123 because of an improperly implemented inheritance model. other browsers do NOT inherit cookies from main document as a result of following the spec closer