{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-27T20:55:29.390","vulnerabilities":[{"cve":{"id":"CVE-2026-28678","sourceIdentifier":"security-advisories@github.com","published":"2026-03-07T16:15:54.010","lastModified":"2026-03-11T17:35:39.667","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens (JWTs) were stored in HTTP cookies without cryptographic protection of the payload. This issue has been patched via commit d527fba."},{"lang":"es","value":"DSA Study Hub es una aplicación web educativa interactiva. Antes del commit d527fba, el sistema de autenticación de usuarios en server/routes/auth.js se encontró que era vulnerable a Credenciales Insuficientemente Protegidas. Los tokens de autenticación (JWTs) se almacenaban en cookies HTTP sin protección criptográfica de la carga útil. Este problema ha sido parcheado mediante el commit d527fba."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-311"},{"lang":"en","value":"CWE-522"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:toxicbishop:dsa_study_hub:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2026-02-21","matchCriteriaId":"A52FD77D-F07C-4B6D-96D8-7D96ED185304"}]}]}],"references":[{"url":"https://github.com/toxicbishop/DSA-with-tsx/commit/d527fba3b3c15f185b9d1e730322dff9248391e4","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/toxicbishop/DSA-with-tsx/security/advisories/GHSA-vmxr-562h-rcgg","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}