Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

221 New today
64,829 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
191
Jun 23
Critical
High
Medium
Low
Latest
CVE CVSS 8.2

MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows_CVE-2026-48502

MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime() can allocate stack memory based on an attacker-controlled MessagePack extension length. In the slow path for timestamp extension parsing, the computed tokenSize ...

CVE-2026-48502 MessagePack-CSharp MessagePack-CSharp >= 3.1.7, < 3.1.7
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-48500

Filament: Unauthenticated temporary file upload on auth pages_CVE-2026-48500

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.52, 4.11.5, and 5.6.5, any schema can c...

filamentphp filament >= 3.0.0, < 3.3.52 CVE
MEDIUM 6.4 CVE-2026-48167

Filament: Unvalidated ImageColumn and ImageEntry values can be used for XSS_CVE-2026-48167

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the ImageColumn and Image...

filamentphp filament >= 4.0.0, < 4.11.5 CVE
MEDIUM 5.3 CVE-2026-48166

Filament: Timing-based user enumeration on login page_CVE-2026-48166

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an obs...

filamentphp filament >= 4.0.0, < 4.11.5 CVE
HIGH 8.2 CVE-2026-48109

MessagePack-CSharp: LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input_CVE-2026-48109

MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, A vulnerability exists in the optional LZ4 decompression path us...

MessagePack-CSharp MessagePack-CSharp >= 3.1.7, < 3.1.7 CVE
MEDIUM 6.5 CVE-2026-48067

Filament: Inconsistent scope enforcement for AttachAction and AssociateAction Select fields_CVE-2026-48067

Filament is a collection of full-stack components for accelerated Laravel development. From filament/actions 4.0.0 until 4.11.4 and 5.6.4 and from ...

filamentphp filament >= 4.0.0, < 4.11.4 CVE
MEDIUM 6.1 CVE-2026-44889

WebOb: Location header normalization during redirect leads to open redirect_CVE-2026-44889

WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnera...

Pylons webob < 1.8.10 CVE
MEDIUM 5.4 CVE-2026-44311

Fabric.js: Improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization_CVE-2026-44311

Fabric.js is a Javascript HTML5 canvas library. Prior to 7.4.0, a potential Cross-Site Scripting (XSS) vulnerability exists in Fabric.js due to imp...

fabricjs fabric.js < 7.4.0 CVE
HIGH 7.6 CVE-2025-71358

picklescan – Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity_CVE-2025-71358

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.get_entity function in reduce method...

picklescan picklescan CVE
HIGH 7.6 CVE-2025-71344

picklescan – Arbitrary Code Execution via Undetected ensurepip._run_pip Function_CVE-2025-71344

picklescan before 0.0.30 (affected versions 0.0.26 and earlier) fails to detect the ensurepip._run_pip built-in function when scanning pickle files...

picklescan picklescan CVE