Submit form — Mockup

About the issue

Be specific. We score severity using CVSS 4.0 and pay only for issues we can reproduce.

Title

Affected asset

Vulnerability class

Summary

Reproduction steps

A triager will verify with a CVSS 4.0 vector. Your guess does not bind the final payout.

Critical

Full chain to internal data or accounts

High

Significant exposure with prerequisites

Medium

Limited impact, real-world plausible

Low

Edge case or hardening improvement

Informational

Not directly exploitable

PoC videos, request/response captures, screenshots. Up to 5 files · 50 MB each. We scan everything.

Drop files here or choose from your computer

Supported: .png .jpg .mp4 .pdf .txt .har — no executables

poc-ssrf.mp4 — 2.4 MB scanned · clean

validator-response.txt — 6 KB scanned · clean

We never share your contact details outside the triage team.

Handle (public) Shown on the hall of fame and on disclosure pages.

Contact email Only used for report-related communication.

I have read and agree to the program rules of engagement and disclosure policy.

I have not tested any out-of-scope asset and did not access data beyond what was required to prove impact.

Add me to the public hall of fame if this report is validated.