Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

268 New today

64,888 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

250

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 6.3

MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions_CVE-2026-48515

MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's multi-dimensional array formatters read dimension lengths directly from the payload and allocate T[,], T[,,], or T[,,,] before validating that the dimension product matches ...

CVE-2026-48515 MessagePack-CSharp MessagePack-CSharp >= 3.1.7, < 3.1.7

Jun 22, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.3	CVE-2026-48514	MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length_CVE-2026-48514 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, UnsafeBlitFormatterBase.Deserialize reads an attacker-controlled...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48513	MessagePack-CSharp: DynamicUnionResolver generated deserializers miss depth enforcement_CVE-2026-48513 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionRes...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48512	MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement_CVE-2026-48512 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion helpers contain multiple re...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48511	MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps_CVE-2026-48511 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, ExpandoObjectFormatter.Deserialize populates System.Dynamic.Expa...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48510	MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths_CVE-2026-48510 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray p...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48509	MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies_CVE-2026-48509 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, the parameterless MessagePackInputFormatter() constructor uses d...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
HIGH 7.5	CVE-2026-48506	MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth_CVE-2026-48506 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip() recursively descends into nested arr...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
HIGH 7.4	CVE-2026-48505	Filament: Multi-factor authentication (app) recovery codes can still be used multiple times via concurrent submission_CVE-2026-48505 Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, a flaw in the handling of...	filamentphp	filament >= 4.0.0, < 4.11.5	Jun 22, 2026	CVE
HIGH 8.2	CVE-2026-48502	MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows_CVE-2026-48502 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime() can allocate stack memory based...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions_CVE-2026-48515

Recent Advisories

MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length_CVE-2026-48514

MessagePack-CSharp: DynamicUnionResolver generated deserializers miss depth enforcement_CVE-2026-48513

MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement_CVE-2026-48512

MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps_CVE-2026-48511

MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths_CVE-2026-48510

MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies_CVE-2026-48509

MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth_CVE-2026-48506

Filament: Multi-factor authentication (app) recovery codes can still be used multiple times via concurrent submission_CVE-2026-48505

MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows_CVE-2026-48502

Protect Your Attack Surface with RedGem

Security Intelligence
Feed