Create CVE-2026-32138.md

2026-05-26 19:26:32 +00:00 · 2026-05-01 22:17:26 +05:30
parent adfb5d21fe
commit d9a8f3f1b6
1 changed files with 28 additions and 0 deletions
@@ -0,0 +1,28 @@
+![CVE](https://img.shields.io/badge/CVE-2026--32138-red)
+
+# CVE-2026-32138 — API Key Exposure (Nexulean Website)
+
+**Severity:** High  
+**CWE:** CWE-284, CWE-798  
+
+## Summary
+Exposed Firebase and Web3Forms API keys allowed unauthorized access to backend services.
+
+## Impact
+- Unauthorized database access  
+- Exposure of user data  
+- Abuse of third-party services  
+
+## Affected
+v1.0.0  
+
+## Fixed
+v2.0.0  
+
+## References
+- https://github.com/advisories/GHSA-r7cr-5wcx-x9wm  
+- https://github.com/Stalin-143/website/releases/tag/v2.0.0  
+
+## Credits
+Reporter: rootcrypt  
+Coordinator: Stalin-143