Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

287 New today
64,930 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
292
Jun 23
Jun 24
Critical
High
Medium
Low
Latest
CVE CVSS 7.4

Filament: Multi-factor authentication (app) recovery codes can still be used multiple times via concurrent submission_CVE-2026-48505

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, a flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. Th...

CVE-2026-48505 filamentphp filament >= 4.0.0, < 4.11.5
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.2 CVE-2026-48502

MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows_CVE-2026-48502

MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime() can allocate stack memory based...

MessagePack-CSharp MessagePack-CSharp >= 3.1.7, < 3.1.7 CVE
MEDIUM 6.5 CVE-2026-48500

Filament: Unauthenticated temporary file upload on auth pages_CVE-2026-48500

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.52, 4.11.5, and 5.6.5, any schema can c...

filamentphp filament >= 3.0.0, < 3.3.52 CVE
MEDIUM 6.4 CVE-2026-48167

Filament: Unvalidated ImageColumn and ImageEntry values can be used for XSS_CVE-2026-48167

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the ImageColumn and Image...

filamentphp filament >= 4.0.0, < 4.11.5 CVE
MEDIUM 5.3 CVE-2026-48166

Filament: Timing-based user enumeration on login page_CVE-2026-48166

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an obs...

filamentphp filament >= 4.0.0, < 4.11.5 CVE
HIGH 8.2 CVE-2026-48109

MessagePack-CSharp: LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input_CVE-2026-48109

MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, A vulnerability exists in the optional LZ4 decompression path us...

MessagePack-CSharp MessagePack-CSharp >= 3.1.7, < 3.1.7 CVE
MEDIUM 6.5 CVE-2026-48067

Filament: Inconsistent scope enforcement for AttachAction and AssociateAction Select fields_CVE-2026-48067

Filament is a collection of full-stack components for accelerated Laravel development. From filament/actions 4.0.0 until 4.11.4 and 5.6.4 and from ...

filamentphp filament >= 4.0.0, < 4.11.4 CVE
MEDIUM 6.1 CVE-2026-44889

WebOb: Location header normalization during redirect leads to open redirect_CVE-2026-44889

WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnera...

Pylons webob < 1.8.10 CVE
MEDIUM 5.4 CVE-2026-44311

Fabric.js: Improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization_CVE-2026-44311

Fabric.js is a Javascript HTML5 canvas library. Prior to 7.4.0, a potential Cross-Site Scripting (XSS) vulnerability exists in Fabric.js due to imp...

fabricjs fabric.js < 7.4.0 CVE
HIGH 7.6 CVE-2025-71358

picklescan – Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity_CVE-2025-71358

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.get_entity function in reduce method...

picklescan picklescan CVE