600 matches found
CVE-2026-32138
NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services...
CVE-2026-32138
CVE-2026-32138 affects the NEXULEAN platform prior to version 2.0.0, where Firebase and Web3Forms API keys were exposed, allowing an attacker to interact with backend services without authentication and potentially access application resources and user data. The issue is rated CVSS v3.1 base scor...
EUVD-2026-11661
NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services...
CVE-2026-32138 NEXULEAN API Key Leak
NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services...
CVE-2026-32138
NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services...
CVE-2026-32138 NEXULEAN API Key Leak
NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services...
CVE-2026-32138 NEXULEAN API Key Leak
NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services...
NEXULEAN 信任管理问题漏洞
NEXULEAN is a personal work collection and service display platform created by Stalin, a cybersecurity professional. Versions of NEXULEAN prior to 2.0.0 had vulnerabilities related to trust management. These vulnerabilities stemmed from the exposure of Firebase and Web3Forms API keys, allowing...
PT-2026-25050
NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services...
Firebase Misconfiguration Exposes 300M Messages From Chat & Ask AI Users
A technical mistake in the popular Chat & Ask AI app has left 300 million private messages from 25 million users exposed online. Discover what happened and how you can protect your personal data when using AI chatbots...
AI chat app leak exposes 300 million messages tied to 25 million users
An independent security researcher uncovered a major data breach affecting Chat & Ask AI, one of the most popular AI chat apps on Google Play and Apple App Store, with more than 50 million users. The researcher claims to have accessed 300 million messages from over 25 million users due to an...
WordPress Integrate Firebase plugin <= 0.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin Integrate Firebase versions = 0.9.3...
Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities
Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft. The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025. "While...
NoSQL-Injection-2025
NoSQL-Injection-2025 NoSQL Injection exploitation toolkit &...
MAL-2025-191413 Malicious code in ra-auth-firebase (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ddebb70a73861543e5a68b94eb70a9b3e2fa3726a977ef776f8ef3fc75f0e76 The package ra-auth-firebase was found to contain malicious code. Source: ghsa-malware d4c20e629d2ccf83a4cc1a771392c0f879de71df77471d5e822fc511e415cb...
EUVD-2025-199268
Malicious code in ra-auth-firebase npm...
Malicious code in ra-auth-firebase (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ddebb70a73861543e5a68b94eb70a9b3e2fa3726a977ef776f8ef3fc75f0e76 The package ra-auth-firebase was found to contain malicious code. Source: ghsa-malware d4c20e629d2ccf83a4cc1a771392c0f879de71df77471d5e822fc511e415cb...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
EUVD-2025-198963
Malicious code in ra-data-firebase npm...
Malicious code in ra-data-firebase (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e18e2fda31999ba999f5629853253dd8ff93b75237944d8c2971c2f54381cc13 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...