Security Vulnerabilities
USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service
CVSS Score
4.7
EPSS Score
0.0
Published
2026-02-25
NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service
CVSS Score
4.7
EPSS Score
0.0
Published
2026-02-25
RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service
CVSS Score
5.5
EPSS Score
0.0
Published
2026-02-25
In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-02-25
The `basic-ftp` FTP client library for Node.js contains a path traversal vulnerability (CWE-22) in versions prior to 5.2.0 in the `downloadToDir()` method. A malicious FTP server can send directory listings with filenames containing path traversal sequences (`../`) that cause files to be written outside the intended download directory. Version 5.2.0 patches the issue.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-02-25
iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when processing crafted/large cube inputs. Commit 43ae18dd69fc70190d3632a18a3af2f3da1e052a fixes the issue. No known workarounds are available.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-02-25
iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release() when strlen() reads past a heap buffer while parsing ICC profile XML text description tags, causing a crash. Commit 29d088840b962a7cdd35993dfabc2cb35a049847 fixes the issue. No known workarounds are available.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-02-25
zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key (`namespace/ENTITY#{id}`). A high-traffic entity can exceed DynamoDB's per-partition throughput limits (~1,000 WCU/sec), causing throttling that degrades service for that entity — and potentially co-located entities in the same partition. Version 0.10.1 fixes the issue.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-02-25
In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations
CVSS Score
4.3
EPSS Score
0.0
Published
2026-02-25
In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk
CVSS Score
2.3
EPSS Score
0.0
Published
2026-02-25