We don't intentionally hunt for vulnerabilities. The following ones are some of what we came across. Surely enough, we are not the only ones who found such holes. Many security researchers may have found the same holes at the same time or so.
Concerning with our disclosure policy, if a vulnerability is critical, we wait for vendor's released fix within an aceptable time frame before disclosure. If a vulnerability is not critical, we disclosure it to inform users and force vendors of affected applications to fix because vendors do not usually have the willingness to fix minor security flaws.