Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

206 New today
64,655 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
17
Jun 23
Critical
High
Medium
Low
Latest
CVE CVSS 6.3

MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement_CVE-2026-48512

MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. These paths are in the JSON conversion component rather than normal ...

CVE-2026-48512 MessagePack-CSharp MessagePack-CSharp >= 3.1.7, < 3.1.7
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.3 CVE-2026-48511

MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps_CVE-2026-48511

MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, ExpandoObjectFormatter.Deserialize populates System.Dynamic.Expa...

MessagePack-CSharp MessagePack-CSharp >= 3.1.7, < 3.1.7 CVE
MEDIUM 6.3 CVE-2026-48510

MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths_CVE-2026-48510

MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray p...

MessagePack-CSharp MessagePack-CSharp >= 3.1.7, < 3.1.7 CVE
MEDIUM 6.3 CVE-2026-48509

MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies_CVE-2026-48509

MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, the parameterless MessagePackInputFormatter() constructor uses d...

MessagePack-CSharp MessagePack-CSharp >= 3.1.7, < 3.1.7 CVE
HIGH 7.5 CVE-2026-48506

MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth_CVE-2026-48506

MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip() recursively descends into nested arr...

MessagePack-CSharp MessagePack-CSharp >= 3.1.7, < 3.1.7 CVE
HIGH 7.4 CVE-2026-48505

Filament: Multi-factor authentication (app) recovery codes can still be used multiple times via concurrent submission_CVE-2026-48505

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, a flaw in the handling of...

filamentphp filament >= 4.0.0, < 4.11.5 CVE
HIGH 8.2 CVE-2026-48502

MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows_CVE-2026-48502

MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime() can allocate stack memory based...

MessagePack-CSharp MessagePack-CSharp >= 3.1.7, < 3.1.7 CVE
MEDIUM 6.5 CVE-2026-48500

Filament: Unauthenticated temporary file upload on auth pages_CVE-2026-48500

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.52, 4.11.5, and 5.6.5, any schema can c...

filamentphp filament >= 3.0.0, < 3.3.52 CVE
MEDIUM 6.4 CVE-2026-48167

Filament: Unvalidated ImageColumn and ImageEntry values can be used for XSS_CVE-2026-48167

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the ImageColumn and Image...

filamentphp filament >= 4.0.0, < 4.11.5 CVE
MEDIUM 5.3 CVE-2026-48166

Filament: Timing-based user enumeration on login page_CVE-2026-48166

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an obs...

filamentphp filament >= 4.0.0, < 4.11.5 CVE