9.1
CVE-2026-27699 - Basic FTP has Path Traversal Vulnerability in its downloadToDir() method
The `basic-ftp` FTP client library for Node.js contains a path traversal vulnerability (CWE-22) in versions prior to 5.2.0 in the `downloadToDir()`ย method. A malicious FTP server can send directory listings with filenames containing path traversal sequences (`../`) that cause files to be written ouโฆ
4.3
CVE-2026-27695 - zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service
zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key (`namespace/ENTITY#{id}`). A high-traffic entity can exceed DynamoDB's per-partition throughput limits (~1,000 WCU/sec),โฆ
5.3
CVE-2026-2878 - Insufficient Entropy Vulnerability in Telerik UI for ASP.NET AJAX
In Progressยฎ Telerikยฎ UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering.
7.1
CVE-2026-27692 - iccDEV has HBO in CIccTagTextDescription::Release()
iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release() when strlen() reads past a heap buffer while parsing ICC profile XML text description tags,โฆ
6.2
CVE-2026-27691 - iccDEV has SIO in parse3DTable() at iccFromCube.cpp Line 218
iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when prโฆ
5.5
CVE-2026-3203 - Buffer Over-read in Wireshark
RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service
4.7
CVE-2026-3202 - NULL Pointer Dereference in Wireshark
NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service
4.7
CVE-2026-3201 - Improperly Controlled Sequential Memory Allocation in Wireshark
USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service
5.3
CVE-2026-3187 - feiyuchuixue sz-boot-parent API Endpoint upload unrestricted upload
A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this issue is some unknown functionality of the file /api/admin/sys-file/upload of the component API Endpoint. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploitโฆ
5.3
CVE-2026-3186 - feiyuchuixue sz-boot-parent Password Reset password default password
A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the argument userId causes use of default passwordโฆ