
Theoretical vulnerabilities without POC

Any Dos/DDoS activities

Invalid or missing SPF records (incomplete or missing SPF/DKIM/DMARC)

Clickjacking/UI with minimal security impact

Phishing

Tab-nabbing

Content spoofing

Cache-control related issues

Exposure of internal IP address or domains

Vulnerabilities affecting outdated or unpatched browsers.

Bugs already known or already reported by someone else (reward goes to first reporter).

Issues that aren't reproducible.

Email/SMS bomb