Security

Report a vulnerability

We encourage responsible disclosure. Please include:

• A clear description of the issue
• Steps to reproduce
• Impact assessment (what could be accessed or modified)
• Any proof-of-concept material (safe and minimal)

Scope

• Nexora web application and APIs
• Authentication and authorization flows
• Tenant isolation boundaries
• Public marketing site (where relevant)

Out of scope

• Denial-of-service testing (unless explicitly authorized)
• Social engineering and physical attacks
• Issues requiring third-party access you do not own

How we respond

• We acknowledge valid reports and begin triage.
• We prioritize remediation by severity and exploitability.
• We coordinate a fix and disclosure timeline when needed.