1. Critical Path Traversal Flaw in basic-ftp Library Exposes Apps to Remote Code Execution
A critical path traversal vulnerability in the widely used `basic-ftp` Node.js library has been disclosed, allowing a malicious FTP server to write files anywhere on a victim's system. The flaw, tracked as CVE-2026-27699, resides in the library's `downloadToDir()` method. By exploiting this, an attacker could achieve a...