Use exposed log and configurations files to find credentials and other sensitive information.
Use Broken Link Hijacking to find stored XSS in web applications.
Injection malicious formulas into exported CSV files
Steal AWS credentials via Server Side Request Forgery(SSRF) attacks.
Use SVG images to gain stored XSS via uploading an SVG image.
Open S3 buckets can be used to find sensitive data. Dont forgot about google cloud storage though.
RCE exposed kubernetes API
RCE exposed docker API
Hacking elastic search databases
OWASP top 10 – How to hack sites vulnerable to Xml External Entity attack.