VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221692 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2025-59830 redhat_vex rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters fixed: 154 known affected: 18 known not affected: 355 2026-07-11T20:00:20+00:00 Vulnerability · Source
CVE-2025-61770 redhat_vex rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) fixed: 152 known affected: 8 known not affected: 230 2026-07-11T20:00:09+00:00 Vulnerability · Source
CVE-2025-61771 redhat_vex rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion) fixed: 120 known affected: 16 known not affected: 222 2026-07-11T20:00:08+00:00 Vulnerability · Source
CVE-2025-61919 redhat_vex rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion fixed: 168 known affected: 10 known not affected: 359 2026-07-11T20:00:07+00:00 Vulnerability · Source
CVE-2025-61772 redhat_vex rack: Rack memory exhaustion denial of service fixed: 138 known affected: 41 2026-07-11T20:00:06+00:00 Vulnerability · Source
CVE-2025-23216 redhat_vex argocd: Argo CD does not scrub secret values from patch errors fixed: 70 2026-07-11T19:00:04+00:00 Vulnerability · Source
CVE-2024-13484 redhat_vex openshift-gitops-operator-container: Namespace Isolation Break fixed: 74 known not affected: 29 2026-07-11T19:00:04+00:00 Vulnerability · Source
CVE-2025-3415 redhat_vex grafana: Exposure of DingDing alerting integration URL to Viewer level users known not affected: 21 2026-07-11T17:42:33+00:00 Vulnerability · Source
CVE-2024-28956 redhat_vex microcode_ctl: From CVEorg collector fixed: 947 known affected: 65 known not affected: 5 2026-07-11T17:42:12+00:00 Vulnerability · Source
CVE-2025-47277 redhat_vex vllm: vLLM Allows Remote Code Execution via PyNcclPipe Communication Service fixed: 15 known not affected: 1 2026-07-11T17:42:06+00:00 Vulnerability · Source
CVE-2025-66516 redhat_vex tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected fixed: 9 known not affected: 65 2026-07-11T17:41:42+00:00 Vulnerability · Source
CVE-2025-32462 redhat_vex sudo: LPE via host option fixed: 271 known not affected: 4159 2026-07-11T17:41:41+00:00 Vulnerability · Source
CVE-2025-1094 redhat_vex postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation fixed: 3374 known affected: 11 known not affected: 19 2026-07-11T17:41:38+00:00 Vulnerability · Source
CVE-2025-62168 redhat_vex squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling fixed: 225 known affected: 4 known not affected: 17 2026-07-11T17:41:38+00:00 Vulnerability · Source
CVE-2025-29927 redhat_vex nextjs: Authorization Bypass in Next.js Middleware known not affected: 177 2026-07-11T17:41:34+00:00 Vulnerability · Source
CVE-2025-68664 redhat_vex langchain-core: LangChain: Arbitrary code execution via serialization injection fixed: 18 known not affected: 254 2026-07-11T17:41:32+00:00 Vulnerability · Source
CVE-2025-41244 redhat_vex open-vm-tools: Local privilege escalation in open-vm-tools fixed: 169 known not affected: 6 2026-07-11T17:41:27+00:00 Vulnerability · Source
CVE-2025-48384 redhat_vex git: Git arbitrary code execution fixed: 587 known affected: 13 known not affected: 655 2026-07-11T17:41:25+00:00 Vulnerability · Source
CVE-2025-13888 redhat_vex openshift-gitops-operator: OpenShift GitOps: Namespace Admin Cluster Takeover via Privileged Jobs fixed: 16 known not affected: 145 2026-07-11T17:40:59+00:00 Vulnerability · Source
CVE-2025-5115 redhat_vex jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames fixed: 36 known affected: 8 known not affected: 16 2026-07-11T17:40:49+00:00 Vulnerability · Source
CVE-2025-47151 redhat_vex lasso: Type confusion in Entr'ouvert Lasso fixed: 450 known affected: 3 2026-07-11T17:40:42+00:00 Vulnerability · Source
CVE-2021-22555 redhat_vex kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c fixed: 1259 known affected: 16 known not affected: 115 2026-07-11T17:40:34+00:00 Vulnerability · Source
CVE-2025-32463 redhat_vex sudo: LPE via chroot option fixed: 33 known not affected: 12 2026-07-11T17:40:26+00:00 Vulnerability · Source
CVE-2026-1709 redhat_vex keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication fixed: 86 2026-07-11T17:25:14+00:00 Vulnerability · Source
CVE-2026-4631 redhat_vex cockpit: Cockpit: Unauthenticated remote code execution due to SSH command-line argument injection fixed: 102 known not affected: 13 2026-07-11T17:25:14+00:00 Vulnerability · Source
CVE-2026-22778 redhat_vex vLLM: vLLM: Remote code execution via invalid image processing in the multimodal endpoint. fixed: 18 known affected: 4 known not affected: 670 2026-07-11T17:25:13+00:00 Vulnerability · Source
CVE-2025-31125 redhat_vex vite: Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query known affected: 6 known not affected: 5 2026-07-11T17:25:08+00:00 Vulnerability · Source
CVE-2026-47774 redhat_vex envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack fixed: 20 known not affected: 88 2026-07-11T17:20:04+00:00 Vulnerability · Source
CVE-2026-42208 redhat_vex LiteLLM: LiteLLM: Unauthorized data access and modification via SQL injection known not affected: 4 2026-07-11T17:20:02+00:00 Vulnerability · Source
CVE-2026-10536 microsoft_vex HTTP/2 stream-dependency tree UAF known affected: 2 known not affected: 4 2026-07-11T14:38:42+00:00 Vulnerability · Source
CVE-2026-14738 redhat_vex exo: Exo: Information disclosure due to weak hash algorithm known not affected: 1 2026-07-11T08:54:57+00:00 Vulnerability · Source
CVE-2026-54908 microsoft_vex Pion DTLS: Denial of service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message fixed: 1 known affected: 1 2026-07-11T01:41:05+00:00 Vulnerability · Source
CVE-2026-54886 microsoft_vex SSH SFTP server denial of service via extended channel data infinite loop fixed: 1 known affected: 1 2026-07-11T01:40:30+00:00 Vulnerability · Source
CVE-2026-45570 microsoft_vex go-git: Improper single-quote escaping in go-git SSH transport fixed: 1 known affected: 3 2026-07-11T01:39:57+00:00 Vulnerability · Source
CVE-2026-45571 microsoft_vex go-git: Crafted repositories may modify main and submodule .git directories fixed: 1 known affected: 3 2026-07-11T01:39:50+00:00 Vulnerability · Source
CVE-2024-7598 microsoft_vex Network restriction bypass via race condition during namespace termination fixed: 1 known affected: 13 under investigation: 3 2026-07-11T01:38:52+00:00 Vulnerability · Source
CVE-2026-56000 microsoft_vex xorg-x11-server / xwayland GLX contextTags Use-After-Free in CommonMakeCurrent() known affected: 2 2026-07-11T01:08:33+00:00 Vulnerability · Source
CVE-2026-59869 microsoft_vex js-yaml: YAML merge-key chains can force quadratic CPU consumption known affected: 1 2026-07-11T01:07:43+00:00 Vulnerability · Source
CVE-2026-59930 microsoft_vex Mistune toc / TableOfContents directive: heading IDs use predictable `toc_N` numbering with no slugification, allowing collision with attacker-controlled `id="toc_N"` content known affected: 1 2026-07-11T01:07:18+00:00 Vulnerability · Source
CVE-2026-59922 microsoft_vex Mistune plugins/formatting: quadratic-time parsing on long runs of `~~x~~`, `==x==`, and `^^x^^` markers (strikethrough / mark / insert) known affected: 1 2026-07-11T01:07:11+00:00 Vulnerability · Source
CVE-2026-59925 microsoft_vex inline_parser: quadratic-time parsing on long runs of `**x**` and `***x***` emphasis pairs known affected: 1 2026-07-11T01:07:05+00:00 Vulnerability · Source
CVE-2026-59926 microsoft_vex Mistune: XSS via unescaped class option in Admonition directive known affected: 1 2026-07-11T01:06:59+00:00 Vulnerability · Source
CVE-2026-59928 microsoft_vex Mistune block_parser: quadratic-time parsing on long lists of repeated reference-link definitions known affected: 1 2026-07-11T01:06:53+00:00 Vulnerability · Source
CVE-2026-14740 microsoft_vex DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment known affected: 1 2026-07-11T01:06:45+00:00 Vulnerability · Source
CVE-2026-14380 microsoft_vex DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile known affected: 1 2026-07-11T01:06:39+00:00 Vulnerability · Source
CVE-2026-14739 microsoft_vex DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders known affected: 1 2026-07-11T01:06:33+00:00 Vulnerability · Source
CVE-2026-59998 microsoft_vex sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory. known affected: 1 2026-07-11T01:02:59+00:00 Vulnerability · Source
CVE-2026-20244 microsoft_vex ClamAV DMG File Processing Denial of Service Vulnerability known affected: 1 2026-07-11T01:02:00+00:00 Vulnerability · Source
CVE-2026-20243 microsoft_vex ClamAV ALZ Archive Processing Denial of Service Vulnerability known affected: 1 2026-07-11T01:01:53+00:00 Vulnerability · Source
CVE-2026-20217 microsoft_vex ClamAV PESpin File Format Processing Out-of-Bounds Memory Corruption Vulnerability known affected: 1 2026-07-11T01:01:47+00:00 Vulnerability · Source