Search

Find a vulnerability

Search criteria

    2 vulnerabilities by Stalin-143

    CVE-2026-32138 (GCVE-0-2026-32138)

    Vulnerability from nvd – Published: 2026-03-12 18:32 – Updated: 2026-03-12 20:46
    VLAI
    Title
    NEXULEAN API Key Leak
    Summary
    NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services without authentication, potentially leading to unauthorized access to application resources and user data. This vulnerability is fixed in 2.0.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Stalin-143 website Affected: < 2.0.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-12T20:38:48.823995Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T20:46:51.699Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "website",
              "vendor": "Stalin-143",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NEXULEAN is a cybersecurity portfolio \u0026 service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services without authentication, potentially leading to unauthorized access to application resources and user data. This vulnerability is fixed in 2.0.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798: Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-12T18:32:15.489Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/Stalin-143/website/security/advisories/GHSA-r7cr-5wcx-x9wm",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/Stalin-143/website/security/advisories/GHSA-r7cr-5wcx-x9wm"
            },
            {
              "name": "https://github.com/Stalin-143/website/releases/tag/v2.0.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Stalin-143/website/releases/tag/v2.0.0"
            }
          ],
          "source": {
            "advisory": "GHSA-r7cr-5wcx-x9wm",
            "discovery": "UNKNOWN"
          },
          "title": "NEXULEAN API Key Leak"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-32138",
        "datePublished": "2026-03-12T18:32:15.489Z",
        "dateReserved": "2026-03-10T22:19:36.546Z",
        "dateUpdated": "2026-03-12T20:46:51.699Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32138 (GCVE-0-2026-32138)

    Vulnerability from cvelistv5 – Published: 2026-03-12 18:32 – Updated: 2026-03-12 20:46
    VLAI
    Title
    NEXULEAN API Key Leak
    Summary
    NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services without authentication, potentially leading to unauthorized access to application resources and user data. This vulnerability is fixed in 2.0.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Stalin-143 website Affected: < 2.0.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-12T20:38:48.823995Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T20:46:51.699Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "website",
              "vendor": "Stalin-143",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NEXULEAN is a cybersecurity portfolio \u0026 service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services without authentication, potentially leading to unauthorized access to application resources and user data. This vulnerability is fixed in 2.0.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798: Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-12T18:32:15.489Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/Stalin-143/website/security/advisories/GHSA-r7cr-5wcx-x9wm",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/Stalin-143/website/security/advisories/GHSA-r7cr-5wcx-x9wm"
            },
            {
              "name": "https://github.com/Stalin-143/website/releases/tag/v2.0.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Stalin-143/website/releases/tag/v2.0.0"
            }
          ],
          "source": {
            "advisory": "GHSA-r7cr-5wcx-x9wm",
            "discovery": "UNKNOWN"
          },
          "title": "NEXULEAN API Key Leak"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-32138",
        "datePublished": "2026-03-12T18:32:15.489Z",
        "dateReserved": "2026-03-10T22:19:36.546Z",
        "dateUpdated": "2026-03-12T20:46:51.699Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }