Description
NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services without authentication, potentially leading to unauthorized access to application resources and user data. This vulnerability is fixed in 2.0.0.
Published: 2026-03-12
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized API Access
Action: Upgrade
AI Analysis

Impact

The vulnerability allows an attacker to obtain exposed Firebase and Web3Forms API keys due to improper handling of sensitive credentials. With these keys, an adversary can make unauthenticated requests to backend services, potentially accessing or modifying application resources and user data. This represents a significant breach of confidentiality and integrity and is classified as a high‑severity issue (CVSS 8.2).

Affected Systems

The issue is present in the Stalin‑143 website project before version 2.0.0, which was released in the public GitHub repository. Any deployment using a pre‑2.0.0 release is vulnerable. The affected components include Firebase services and Web3Forms integration points where API keys were inadvertently exposed.

Risk and Exploitability

The CVSS score of 8.2 indicates a high risk of successful exploitation. EPSS is below 1%, suggesting that active exploitation is currently rare, and it is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector involves an attacker making direct HTTP or HTTPS requests to backend endpoints using the leaked keys, bypassing authentication, and accessing protected resources. The vulnerability is local to the web application’s configuration; an attacker only needs to obtain the keys, which are publicly exposed in the repository.

Generated by OpenCVE AI on March 18, 2026 at 14:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to version 2.0.0 or later to remove exposed keys
  • Verify that no API keys are present in configuration or code after the upgrade
  • Harden backend services to require proper authentication before allowing access
  • Monitor application logs for unauthorized access attempts

Generated by OpenCVE AI on March 18, 2026 at 14:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Stalin-143
Stalin-143 website
Vendors & Products Stalin-143
Stalin-143 website

Thu, 12 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
Description NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services without authentication, potentially leading to unauthorized access to application resources and user data. This vulnerability is fixed in 2.0.0.
Title NEXULEAN API Key Leak
Weaknesses CWE-284
CWE-798
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

Subscriptions

Stalin-143 Website
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-12T20:46:51.699Z

Reserved: 2026-03-10T22:19:36.546Z

Link: CVE-2026-32138

cve-icon Vulnrichment

Updated: 2026-03-12T20:38:56.285Z

cve-icon NVD

Status : Deferred

Published: 2026-03-12T19:16:16.427

Modified: 2026-04-16T14:47:16.733

Link: CVE-2026-32138

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:55:04Z

Weaknesses