hello team

I am 0xredfox29 an independent security researcher. I found a security vulnerability in the getmerlin.in the feature, where should I report this finding?