High severity8.2NVD Advisory· Published Mar 12, 2026· Updated Apr 16, 2026
CVE-2026-32138
CVE-2026-32138
Description
NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services without authentication, potentially leading to unauthorized access to application resources and user data. This vulnerability is fixed in 2.0.0.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
50- Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout SkimmingThe Hacker News · May 16, 2026
- Here’s how the FTC plans to enforce the Take It Down ActCyberScoop · May 15, 2026
- Funnel Builder WordPress plugin bug exploited to steal credit cardsBleepingComputer · May 15, 2026
- Metasploit Wrap-Up 05/15/2026Rapid7 Blog · May 15, 2026
- Avada Builder WordPress plugin flaws allow site credential theftBleepingComputer · May 15, 2026
- Attackers replaced JDownloader installer downloads with malwareMalwarebytes Labs · May 15, 2026
- Cyber Pioneers Ponder Past as PrologueDark Reading · May 15, 2026
- American Lending Center Data Breach Affects 123,000 IndividualsSecurityWeek · May 15, 2026
- Zombie linkages are keeping expired domains trusted for yearsHelp Net Security · May 15, 2026
- ISC Stormcast For Friday, May 15th, 2026 https://isc.sans.edu/podcastdetail/9934, (Fri, May 15th)SANS Internet Storm Center · May 15, 2026
- Hackers exploit auth bypass flaw in Burst Statistics WordPress pluginBleepingComputer · May 14, 2026
- Wordfence Intelligence Weekly WordPress Vulnerability Report (May 4, 2026 to May 10, 2026)Wordfence Blog · May 14, 2026
- ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ StoriesThe Hacker News · May 14, 2026
- Cops arrest man suspected of being Dream Market kingpinThe Register Security · May 14, 2026
- Kimsuky targets organizations with PebbleDash-based toolsSecurelist · May 14, 2026
- Deepfake sextortion forces schools to remove student photos from websitesMalwarebytes Labs · May 14, 2026
- ISC Stormcast For Thursday, May 14th, 2026 https://isc.sans.edu/podcastdetail/9932, (Thu, May 14th)SANS Internet Storm Center · May 14, 2026
- Foxconn Confirms North American Factories Hit by CyberattackSecurityWeek · May 13, 2026
- [GUEST DIARY] Tearing apart website fraud to see how it works., (Wed, May 13th)SANS Internet Storm Center · May 13, 2026
- ISC Stormcast For Wednesday, May 13th, 2026 https://isc.sans.edu/podcastdetail/9930, (Wed, May 13th)SANS Internet Storm Center · May 13, 2026
- Fake Claude search results lure Mac users into ClickFix attackMalwarebytes Labs · May 12, 2026
- Instructure took a risky approach to recover stolen Canvas dataHelp Net Security · May 12, 2026
- 20 Leaders Who Built the CISO Era: 2 Decades of ChangeDark Reading · May 12, 2026
- ISC Stormcast For Tuesday, May 12th, 2026 https://isc.sans.edu/podcastdetail/9928, (Tue, May 12th)SANS Internet Storm Center · May 12, 2026
- Double Canvas breach acknowledged as ShinyHunters sets new pay-or-leak deadlineThe Register Security · May 11, 2026
- Apple Patches Everything, (Mon, May 11th)SANS Internet Storm Center · May 11, 2026
- 11th May – Threat Intelligence ReportCheck Point Research · May 11, 2026
- ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and MoreThe Hacker News · May 11, 2026
- The scam economy has found its AI upgradeHelp Net Security · May 11, 2026
- ISC Stormcast For Monday, May 11th, 2026 https://isc.sans.edu/podcastdetail/9926, (Mon, May 11th)SANS Internet Storm Center · May 11, 2026
- Hackers abuse Google ads, Claude.ai chats to push Mac malwareBleepingComputer · May 10, 2026
- JDownloader site hacked to replace installers with Python RAT malwareBleepingComputer · May 9, 2026
- Friday Squid Blogging: Giant Squid Live in the Waters of Western AustraliaSchneier on Security · May 8, 2026
- Kingdom Market administrator given 16-year sentenceThe Record · May 8, 2026
- Microsoft says Edge’s plaintext password behavior is “by design”Malwarebytes Labs · May 8, 2026
- Ransomware Group Takes Credit for Trellix HackSecurityWeek · May 8, 2026
- New TCLBanker malware self-spreads over WhatsApp and OutlookBleepingComputer · May 7, 2026
- Wordfence Intelligence Weekly WordPress Vulnerability Report (April 27, 2026 to May 3, 2026)Wordfence Blog · May 7, 2026
- ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New StoriesThe Hacker News · May 7, 2026
- Fixing the password problem is as easy as 123456ESET WeLiveSecurity · May 7, 2026
- North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malwareThe Record · May 7, 2026
- VoidStealer Malware Darts Past Google Chrome's EncryptionDark Reading · May 6, 2026
- Arctic Wolf kicks 250 employees out of the pack to save money for AIThe Register Security · May 6, 2026
- DAEMON Tools devs confirm breach, release malware-free versionBleepingComputer · May 6, 2026
- Attackers compromised Daemon Tools software to deliver backdoorsHelp Net Security · May 6, 2026
- Hackers compromise Daemon Tools in global supply-chain attack, researchers sayThe Record · May 6, 2026
- From Stuxnet to ChatGPT: 20 News Events That Shaped CyberDark Reading · May 6, 2026
- Websites with an undefined trust level: avoiding the trapSecurelist · May 6, 2026
- Google's Android Apps Get Public Verification to Stop Supply Chain AttacksThe Hacker News · May 6, 2026
- Government, Scientific Entities Hit via Daemon Tools Supply Chain AttackSecurityWeek · May 6, 2026