Dsa Study Hub

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-28678 HIGH PATCH This Week

DSA Study Hub stores JWT authentication tokens in unencrypted HTTP cookies, allowing attackers to extract and replay user credentials to gain unauthorized access to accounts. An unauthenticated remote attacker can intercept these tokens through network traffic analysis or client-side inspection to impersonate legitimate users. A patch is available in commit d527fba and should be applied immediately.

Information Disclosure Dsa Study Hub

NVD GitHub

CVSS 3.1

8.1

EPSS

0.0%

CVE-2026-28678

EPSS 0% CVSS 8.1

HIGH PATCH This Week

DSA Study Hub stores JWT authentication tokens in unencrypted HTTP cookies, allowing attackers to extract and replay user credentials to gain unauthorized access to accounts. An unauthenticated remote attacker can intercept these tokens through network traffic analysis or client-side inspection to impersonate legitimate users. A patch is available in commit d527fba and should be applied immediately.

Information Disclosure Dsa Study Hub

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy