The results are in! After 51 nominations whittled down to 15 finalists by a community vote, an expert panel consisting have conferred, voted, and selected the PortSwigger Research Top 10 new web hacking techniques of 2019:

10. Exploiting Null Byte Buffer Overflow for a $40,000 bounty
9. Microsoft Edge (Chromium) - EoP to Potential RCE
8. Infiltrating Corporate Intranet Like NSA: Pre-Auth RCE On Leading SSL VPNs
7. Exploring CI Services as a Bug Bounty Hunter
6. All is XSS that comes to the .NET
5. Google Search XSS
4. Abusing Meta Programming for Unauthenticated RCE
3. Owning The Clout Through Server Side Request Forgery
2. Cross-Site Leaks
1. Cached and Confused: Web Cache Deception in the Wild

You can also find past year's top 10 lists here:

2018, 2017, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006.