FKIE_CVE-2026-32138

Vulnerability from fkie_nvd - Published: 2026-03-12 19:16 - Updated: 2026-04-16 14:47
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Summary
NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services without authentication, potentially leading to unauthorized access to application resources and user data. This vulnerability is fixed in 2.0.0.
References
security-advisories@github.comhttps://github.com/Stalin-143/website/releases/tag/v2.0.0
security-advisories@github.comhttps://github.com/Stalin-143/website/security/advisories/GHSA-r7cr-5wcx-x9wm
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NEXULEAN is a cybersecurity portfolio \u0026 service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services without authentication, potentially leading to unauthorized access to application resources and user data. This vulnerability is fixed in 2.0.0."
    },
    {
      "lang": "es",
      "value": "NEXULEAN es una plataforma de cartera y servicios de ciberseguridad para un Hacker \u00c9tico, Entusiasta de la IA y Probador de Penetraci\u00f3n. Antes de la versi\u00f3n 2.0.0, se identific\u00f3 una vulnerabilidad de seguridad donde las claves API de Firebase y Web3Forms estaban expuestas. Un atacante podr\u00eda usar estas claves para interactuar con los servicios de backend sin autenticaci\u00f3n, lo que podr\u00eda llevar a un acceso no autorizado a los recursos de la aplicaci\u00f3n y a los datos del usuario. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 2.0.0."
    }
  ],
  "id": "CVE-2026-32138",
  "lastModified": "2026-04-16T14:47:16.733",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-12T19:16:16.427",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/Stalin-143/website/releases/tag/v2.0.0"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/Stalin-143/website/security/advisories/GHSA-r7cr-5wcx-x9wm"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        },
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.