|
1451
|
- |
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.3, in new_form.tmpl, milestone names are rendered with Go's default auto-escaping ({{.Name}}), which converts < to < etc. This prevent…
|
CWE-79
Cross-site Scripting
|
CVE-2026-52807
|
2026-06-26 01:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1452
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler …
|
CWE-863
Incorrect Authorization
|
CVE-2026-52795
|
2026-06-26 01:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1453
|
7.5 |
HIGH
Network
|
messagepack
|
messagepack
|
MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, UnsafeBlitFormatterBase<T>.Deserialize reads an attacker-controlled byteLength from an extension payload and allocat…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-48514
|
2026-06-26 01:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1454
|
7.5 |
HIGH
Network
|
messagepack
|
messagepack
|
MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStep(ref …
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-48513
|
2026-06-26 01:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1455
|
7.5 |
HIGH
Network
|
messagepack
|
messagepack
|
MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a dep…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-48512
|
2026-06-26 01:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1456
|
7.5 |
HIGH
Network
|
messagepack
|
messagepack
|
MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, ExpandoObjectFormatter.Deserialize populates System.Dynamic.ExpandoObject by calling IDictionary<string, object>.Add…
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-48511
|
2026-06-26 01:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1457
|
7.5 |
HIGH
Network
|
messagepack
|
messagepack
|
MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray payloads, it reads declared uncompressed lengths from…
|
CWE-409
CWE-770
Improper Handling of Highly Compressed Data (Data Amplification)
Allocation of Resources Without Limits or Throttling
|
CVE-2026-48510
|
2026-06-26 01:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1458
|
9.1 |
CRITICAL
Network
|
messagepack
|
messagepack
|
MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, the parameterless MessagePackInputFormatter() constructor uses default serializer options, which resolve to MessageP…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2026-48509
|
2026-06-26 01:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1459
|
4.4 |
MEDIUM
Network
|
-
|
-
|
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown renders user-controlled src values directly into <a…
|
CWE-79
Cross-site Scripting
|
CVE-2026-47733
|
2026-06-26 01:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1460
|
- |
|
-
|
-
|
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat allows users deactivated through…
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-45757
|
2026-06-26 01:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
