Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

206 New today
64,655 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
17
Jun 23
Critical
High
Medium
Low
Latest
CVE CVSS 8.2

MessagePack-CSharp: LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input_CVE-2026-48109

MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes Lz4Block and Lz4BlockArray. The decoder implementation is based on a deprecated fast-decompres...

CVE-2026-48109 MessagePack-CSharp MessagePack-CSharp >= 3.1.7, < 3.1.7
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-48067

Filament: Inconsistent scope enforcement for AttachAction and AssociateAction Select fields_CVE-2026-48067

Filament is a collection of full-stack components for accelerated Laravel development. From filament/actions 4.0.0 until 4.11.4 and 5.6.4 and from ...

filamentphp filament >= 4.0.0, < 4.11.4 CVE
MEDIUM 6.1 CVE-2026-44889

WebOb: Location header normalization during redirect leads to open redirect_CVE-2026-44889

WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnera...

Pylons webob < 1.8.10 CVE
MEDIUM 5.4 CVE-2026-44311

Fabric.js: Improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization_CVE-2026-44311

Fabric.js is a Javascript HTML5 canvas library. Prior to 7.4.0, a potential Cross-Site Scripting (XSS) vulnerability exists in Fabric.js due to imp...

fabricjs fabric.js < 7.4.0 CVE
HIGH 7.6 CVE-2025-71358

picklescan – Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity_CVE-2025-71358

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.get_entity function in reduce method...

picklescan picklescan CVE
HIGH 7.6 CVE-2025-71344

picklescan – Arbitrary Code Execution via Undetected ensurepip._run_pip Function_CVE-2025-71344

picklescan before 0.0.30 (affected versions 0.0.26 and earlier) fails to detect the ensurepip._run_pip built-in function when scanning pickle files...

picklescan picklescan CVE
HIGH 7.6 CVE-2025-71339

Picklescan – Arbitrary Code Execution via numpy.f2py.crackfortran._eval_length Gadget_CVE-2025-71339

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran._eval_length gadget in pickle __reduce__ methods, allowing arbitrary code exec...

Picklescan Picklescan CVE
CRITICAL 9.3 4DC88245-D5D6-

Exploit for CVE-2026-49772_4DC88245-D5D6-582C-AA2B-EE9293E136F3

The Events Calendar SQL Injection CVE-2026-49772 PoC Description CVE-2026-49772 is an unauthenticated blind SQL injection in the WordPress plugin T...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.3 PACKETSTORM:224001

📄 Worksnaps.net Worksnaps Hardcoded Root Cloud Credentials_PACKETSTORM:224001

Silver Leaf Technologies - Worksnaps.net Worksnaps suffers from a hardcoded credential vulnerability. Several application binaries contained hardco...

N/A N/A PACKETSTORM
CRITICAL 9.8 PACKETSTORM:223999

📄 Sprecher Automation SPRECON-E-C/-E-P/-E-T3 Missing Secure-Boot / Static Passwords_PACKETSTORM:223999

Sprecher Automation SPRECON-E-C/-E-P/-E-T3 leaks the firmware signing private key, is missing a secure-boot mechanism, has unencrypted flash memory...

N/A N/A PACKETSTORM