CVE-2026-28678

DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens JWTs were stored in HTTP cookies without cryptographic protection...

EUVD-2026-10157

DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens JWTs were stored in HTTP cookies without cryptographic protection...

CVE-2026-28678 dsa-hub-server: Clear-Text Storage of Sensitive Data

DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens JWTs were stored in HTTP cookies without cryptographic protection...

CVE-2026-28678

DSA Study Hub (server/routes/auth.js) is affected. Before commit d527fba, authentication used JWTs stored in HTTP cookies without cryptographic protection of the payload, enabling Insufficiently Protected Credentials. The issue impacts the authentication flow and could allow unauthorized access; ...

DSA Study Hub 安全漏洞

DSA Study Hub is an interactive data structure and algorithm learning platform developed by toxicbishop, a personal developer. Previous versions of DSA Study Hub d527fba had security vulnerabilities. These vulnerabilities stemmed from the fact that authentication tokens were stored in HTTP cookie...

PT-2026-23866

Name of the Vulnerable Software and Affected Versions DSA Study Hub versions prior to commit d527fba Description The user authentication system in the application’s server/routes/auth.js component had a flaw related to insufficiently protected credentials. Authentication tokens, specifically JWTs...

EUVD-2026-9988

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, the URL ingest pipeline accepted user-controlled remote URLs with incomplete destination restrictions. Although private/local host checks existed, missing...

A LINDDUN-Based Privacy Threat Modeling Framework for GenAI

As generative AI GenAI systems become increasingly prevalent across various technological stacks, the question of how such systems handle sensitive and personal data flows becomes increasingly important. Specifically, both the ability to harness and process large swaths of information as well as...

CVE-2026-26698

code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modaledit.php...

CVE-2026-26698

code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modaledit.php...

PT-2026-22586

code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modal edit.php...

CVE-2026-26698

code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modaledit.php...

EUVD-2026-9176

code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modaledit.php...

Code-Projects Simple Student Alumni System 安全漏洞

Code-Projects Simple Student Alumni System is an open-source student alumni system developed by Code-Projects. Version 1.0 of the code-projects Simple Student Alumni System contains a security vulnerability, which stems from an SQL injection vulnerability in the /TracerStudy/recordteacherview.php...

CVE-2026-26698

CVE-2026-26698 affects code-projects Simple Student Alumni System v1.0. The vulnerability is a SQL Injection in the file path used by the application, specifically in /TracerStudy/modal_edit.php. Public references from multiple sources (Red Hat, NVD, CVE/CVE List, EUVD, Attack-KB, etc.) consisten...

Power Network SCADA Quantum Communications: A Comparison of BB84, B92, E91, and SGS04 Quantum Key Distribution Protocols

The current state, emerging trends, and practical challenges of optical fiber-based power network SCADA quantum communication must be addressed to fully utilise the technological platform's potential in real-world power system SCADA communications involving massive volumes of real-time data, as...

Time Stepped Cyber Physical Simulation of DoS, DoD, and FDI Attacks on the IEEE 14 Bus System

Reliable grid operation depends on accurate and timely telemetry, making modern power systems vulnerable to communication layer cyberattacks. This paper evaluates how Denial of Service DoS, Denial of Data DoD, and False Data Injection FDI attacks disrupt the IEEE 14 bus system using a MATLAB only...

On the Security of Password Managers

Good article on password managers that secretly have a backdoor. New research shows that these claims aren’t true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into groups. The researchers reverse-engineered or closely...

Understanding Human-AI Collaboration in Cybersecurity Competitions

Capture-the-Flag CTF competitions are increasingly becoming a testbed for evaluating AI capabilities at solving security tasks, due to the controlled environments and objective success criteria. Existing evaluations have focused on how successful AI is at solving CTF challenges in isolation from...

Can You Tell It'S AI? Human Perception of Synthetic Voices in Vishing Scenarios

Large Language Models and commercial speech synthesis systems now enable highly realistic AI-generated voice scams vishing, raising urgent concerns about deception at scale. Yet it remains unclear whether individuals can reliably distinguish AI-generated speech from human-recorded voices in...