Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-48506

MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth_CVE-2026-48506

MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip() recursively descends into nested arr...

MessagePack-CSharp MessagePack-CSharp >= 3.1.7, < 3.1.7 CVE
HIGH 7.4 CVE-2026-48505

Filament: Multi-factor authentication (app) recovery codes can still be used multiple times via concurrent submission_CVE-2026-48505

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, a flaw in the handling of...

filamentphp filament >= 4.0.0, < 4.11.5 CVE
HIGH 8.2 CVE-2026-48502

MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows_CVE-2026-48502

MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime() can allocate stack memory based...

MessagePack-CSharp MessagePack-CSharp >= 3.1.7, < 3.1.7 CVE
HIGH 8.2 CVE-2026-48109

MessagePack-CSharp: LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input_CVE-2026-48109

MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, A vulnerability exists in the optional LZ4 decompression path us...

MessagePack-CSharp MessagePack-CSharp >= 3.1.7, < 3.1.7 CVE
HIGH 7.6 CVE-2025-71358

picklescan – Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity_CVE-2025-71358

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.get_entity function in reduce method...

picklescan picklescan CVE
HIGH 7.6 CVE-2025-71344

picklescan – Arbitrary Code Execution via Undetected ensurepip._run_pip Function_CVE-2025-71344

picklescan before 0.0.30 (affected versions 0.0.26 and earlier) fails to detect the ensurepip._run_pip built-in function when scanning pickle files...

picklescan picklescan CVE
HIGH 7.6 CVE-2025-71339

Picklescan – Arbitrary Code Execution via numpy.f2py.crackfortran._eval_length Gadget_CVE-2025-71339

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran._eval_length gadget in pickle __reduce__ methods, allowing arbitrary code exec...

Picklescan Picklescan CVE
HIGH 8.8 MS:CVE-2026-12443

Chromium: CVE-2026-12443 Use after free in Web Authentication_MS:CVE-2026-12443

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...

N/A N/A MSCVE
HIGH 8.8 MS:CVE-2026-12452

Chromium: CVE-2026-12452 Use after free in Downloads_MS:CVE-2026-12452

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...

N/A N/A MSCVE
HIGH 8.3 MS:CVE-2026-12437

Chromium: CVE-2026-12437 Use after free in WebShare_MS:CVE-2026-12437

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...

N/A N/A MSCVE