Security Vulnerabilities
The `basic-ftp` FTP client library for Node.js contains a path traversal vulnerability (CWE-22) in versions prior to 5.2.0 in the `downloadToDir()` method. A malicious FTP server can send directory listings with filenames containing path traversal sequences (`../`) that cause files to be written outside the intended download directory. Version 5.2.0 patches the issue.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-02-25
iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when processing crafted/large cube inputs. Commit 43ae18dd69fc70190d3632a18a3af2f3da1e052a fixes the issue. No known workarounds are available.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-02-25
iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release() when strlen() reads past a heap buffer while parsing ICC profile XML text description tags, causing a crash. Commit 29d088840b962a7cdd35993dfabc2cb35a049847 fixes the issue. No known workarounds are available.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-02-25
zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key (`namespace/ENTITY#{id}`). A high-traffic entity can exceed DynamoDB's per-partition throughput limits (~1,000 WCU/sec), causing throttling that degrades service for that entity — and potentially co-located entities in the same partition. Version 0.10.1 fixes the issue.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-02-25
In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations
CVSS Score
4.3
EPSS Score
0.0
Published
2026-02-25
In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk
CVSS Score
2.3
EPSS Score
0.0
Published
2026-02-25
A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the argument messageId results in authorization bypass. The attack can be launched remotely. The exploit has been made public and could be used. Upgrading to version 1.3.3-beta is able to address this issue. The patch is identified as aefaabfd7527188bfba3c8c9eee17c316d094802. The affected component should be upgraded. The project was informed beforehand and acted very professional: "We have implemented message ownership verification, so that users can only query messages related to themselves."
CVSS Score
5.3
EPSS Score
0.0
Published
2026-02-25
A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the argument userId causes use of default password. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.3.3-beta addresses this issue. Patch name: aefaabfd7527188bfba3c8c9eee17c316d094802. It is suggested to upgrade the affected component. The project was informed beforehand and acted very professional: "We have added authorization validation to the password reset interface; now only users with the corresponding permissions are allowed to perform password resets."
CVSS Score
6.3
EPSS Score
0.0
Published
2026-02-25
In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint
CVSS Score
8.8
EPSS Score
0.0
Published
2026-02-25
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
CVSS Score
4.3
EPSS Score
0.0
Published
2026-02-25