mirror of
https://github.com/0x5t4l1n/CVE.git
synced 2026-05-26 11:25:49 +00:00
Stalin
29 lines
602 B
Markdown
29 lines
602 B
Markdown
|
|
|
|
# CVE-2026-32138 — API Key Exposure (Nexulean Website)
|
|
|
|
**Severity:** High
|
|
**CWE:** CWE-284, CWE-798
|
|
|
|
## Summary
|
|
Exposed Firebase and Web3Forms API keys allowed unauthorized access to backend services.
|
|
|
|
## Impact
|
|
- Unauthorized database access
|
|
- Exposure of user data
|
|
- Abuse of third-party services
|
|
|
|
## Affected
|
|
v1.0.0
|
|
|
|
## Fixed
|
|
v2.0.0
|
|
|
|
## References
|
|
- https://github.com/advisories/GHSA-r7cr-5wcx-x9wm
|
|
- https://github.com/Stalin-143/website/releases/tag/v2.0.0
|
|
|
|
## Credits
|
|
Reporter: rootcrypt
|
|
Coordinator: Stalin-143
|