漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
NEXULEAN API Key Leak
Vulnerability Description
NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services without authentication, potentially leading to unauthorized access to application resources and user data. This vulnerability is fixed in 2.0.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
NEXULEAN 信任管理问题漏洞
Vulnerability Description
NEXULEAN是Stalin个人开发者的一个网络安全专业人士的个人作品集与服务展示平台。 NEXULEAN 2.0.0之前版本存在信任管理问题漏洞,该漏洞源于Firebase和Web3Forms API密钥暴露,可能导致攻击者未经身份验证与后端服务交互,从而未经授权访问应用程序资源和用户数据。
CVSS Information
N/A
Vulnerability Type
N/A