VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221683 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-41901 | redhat_vex | thymeleaf: Thymeleaf: Server-Side Template Injection (SSTI) via expression execution bypass | known affected: 3 known not affected: 2 | 2026-07-10T20:14:55+00:00 | Vulnerability · Source |
| CVE-2026-53449 | redhat_vex | coturn: Coturn: Arbitrary file overwrite via CLI command | known not affected: 1 | 2026-07-10T20:10:05+00:00 | Vulnerability · Source |
| CVE-2026-53450 | redhat_vex | coturn: Coturn: Localhost services exposed via IPv4-mapped IPv6 address bypass | known not affected: 1 | 2026-07-10T20:09:57+00:00 | Vulnerability · Source |
| CVE-2026-53448 | redhat_vex | coturn: Coturn: Arbitrary code execution via SQL injection in HTTPS admin panel | known not affected: 1 | 2026-07-10T20:09:55+00:00 | Vulnerability · Source |
| CVE-2026-59180 | redhat_vex | apprise: Apprise: Information disclosure via HTTP redirect following with credential resending | known not affected: 1 | 2026-07-10T19:54:52+00:00 | Vulnerability · Source |
| CVE-2026-59871 | redhat_vex | node-tar: node-tar: Denial of Service due to incorrect PAX path handling | known affected: 160 known not affected: 1 | 2026-07-10T19:14:58+00:00 | Vulnerability · Source |
| CVE-2026-38076 | redhat_vex | jbig2dec: jbig2dec: Denial of Service via crafted input | known affected: 6 | 2026-07-10T19:06:29+00:00 | Vulnerability · Source |
| CVE-2026-40984 | redhat_vex | micrometer-core: micrometer-jetty11: micrometer-jetty12: Micrometer: Denial of Service via specially crafted HTTP requests | fixed: 2 known affected: 22 known not affected: 1 | 2026-07-10T18:49:53+00:00 | Vulnerability · Source |
| CVE-2026-56362 | redhat_vex | ImageMagick: Magick.NET-Q16-AnyCPU: Magick.NET-Q16-HDRI-AnyCPU: Magick.NET-Q16-HDRI-OpenMP-arm64: Magick.NET-Q16-HDRI-OpenMP-x64: Magick.NET-Q16-HDRI-arm64: Magick.NET-Q16-HDRI-x64: Magick.NET-Q16-HDRI-x86: Magick.NET-Q16-OpenMP-arm64: Magick.NET-Q16-OpenMP-x64: Magick.NET-Q16-OpenMP-x86: Magick.NET-Q16-arm64: Magick.NET-Q16-x64: Magick.NET-Q16-x86: Magick.NET-Q8-AnyCPU: Magick.NET-Q8-OpenMP-arm64: Magick.NET-Q8-OpenMP-x64: Magick.NET-Q8-arm64: Magick.NET-Q8-x64: Magick.NET-Q8-x86: ImageMagick: Information disclosure via heap-buffer-overflow read | known affected: 14 | 2026-07-10T18:35:08+00:00 | Vulnerability · Source |
| CVE-2026-48710 | redhat_vex | starlette: Starlette: Security restriction bypass via malformed HTTP Host header | fixed: 81 known affected: 38 known not affected: 609 | 2026-07-10T17:51:06+00:00 | Vulnerability · Source |
| CVE-2026-58380 | redhat_vex | gimp: gimp: Stack buffer overflow in pnmscanner_gettoken() | known affected: 32 | 2026-07-10T17:35:35+00:00 | Vulnerability · Source |
| CVE-2026-53363 | redhat_vex | kernel: xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags() | known not affected: 274 | 2026-07-10T17:10:57+00:00 | Vulnerability · Source |
| CVE-2026-44171 | redhat_vex | mariadb: mbstream: Unauthorized file creation via path traversal | fixed: 531 known not affected: 37 | 2026-07-10T16:53:55+00:00 | Vulnerability · Source |
| CVE-2026-44168 | redhat_vex | mariadb: Arbitrary Code Execution via improper parameter validation during State Snapshot Transfer | fixed: 531 known not affected: 37 | 2026-07-10T16:46:21+00:00 | Vulnerability · Source |
| CVE-2026-49261 | redhat_vex | mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd | fixed: 531 known not affected: 37 | 2026-07-10T16:46:15+00:00 | Vulnerability · Source |
| CVE-2026-48165 | redhat_vex | mariadb: Arbitrary code execution via global system variable manipulation by a high-privileged user | fixed: 531 known not affected: 37 | 2026-07-10T16:46:10+00:00 | Vulnerability · Source |
| CVE-2026-48163 | redhat_vex | mariadb: Arbitrary code execution via improper parameter validation during SST | fixed: 531 known not affected: 37 | 2026-07-10T16:46:01+00:00 | Vulnerability · Source |
| CVE-2026-44173 | redhat_vex | mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries | fixed: 531 known not affected: 37 | 2026-07-10T16:45:52+00:00 | Vulnerability · Source |
| CVE-2026-44170 | redhat_vex | mariadb: Arbitrary shell command execution via improper sanitization in CONNECT engine | fixed: 531 known not affected: 37 | 2026-07-10T16:45:42+00:00 | Vulnerability · Source |
| CVE-2025-71319 | redhat_vex | image-size: image-size: Denial of Service due to infinite loop when processing specially crafted images. | fixed: 3 known affected: 28 known not affected: 34 | 2026-07-10T16:14:53+00:00 | Vulnerability · Source |
| CVE-2026-15143 | redhat_vex | guardrails-detectors: guardrails-detectors: SSRF and local file read via user-supplied XML Schema (xml-with-schema:) | known affected: 2 | 2026-07-10T16:05:37+00:00 | Vulnerability · Source |
| CVE-2026-57280 | redhat_vex | jenkins-script-security-plugin: Jenkins Script Security Plugin: Sandbox bypass leading to arbitrary code execution | known affected: 5 | 2026-07-10T15:59:59+00:00 | Vulnerability · Source |
| CVE-2026-58384 | redhat_vex | gimp: gimp: Integer overflow in read_RLE_channel() | known affected: 3 known not affected: 29 | 2026-07-10T15:34:53+00:00 | Vulnerability · Source |
| CVE-2026-54423 | redhat_vex | openstack-ironic: openstack-ironic: Arbitrary IPMI command execution via send_raw deployment step | known affected: 5 known not affected: 9 | 2026-07-10T15:30:05+00:00 | Vulnerability · Source |
| CVE-2026-14535 | redhat_vex | fickling: Fickling: Arbitrary code execution via pickle deserialization bypass | known affected: 1 | 2026-07-10T15:20:09+00:00 | Vulnerability · Source |
| CVE-2026-56297 | redhat_vex | FreeRDP: FreeRDP: Remote code execution or denial of service via use-after-free race condition | known affected: 31 | 2026-07-10T14:44:54+00:00 | Vulnerability · Source |
| CVE-2026-8926 | microsoft_vex | password leak with netrc and user in URL | known affected: 1 known not affected: 3 | 2026-07-10T14:40:29+00:00 | Vulnerability · Source |
| CVE-2026-57585 | microsoft_vex | MessagePack: Out-of-bounds read/crash on Unpacker reuse after caught error | fixed: 1 known affected: 1 | 2026-07-10T14:40:08+00:00 | Vulnerability · Source |
| CVE-2026-58014 | microsoft_vex | Glib: off-by-one error in glib/gkeyfile.c via "g_key_file_get_locale_string_list" | fixed: 1 known affected: 1 | 2026-07-10T14:40:00+00:00 | Vulnerability · Source |
| CVE-2026-58013 | microsoft_vex | Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend" | fixed: 1 known affected: 1 | 2026-07-10T14:39:52+00:00 | Vulnerability · Source |
| CVE-2026-58011 | microsoft_vex | Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime | fixed: 1 known affected: 1 | 2026-07-10T14:39:45+00:00 | Vulnerability · Source |
| CVE-2026-58012 | microsoft_vex | Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char() | fixed: 1 known affected: 1 | 2026-07-10T14:39:37+00:00 | Vulnerability · Source |
| CVE-2026-58016 | microsoft_vex | Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml" | fixed: 1 known affected: 1 | 2026-07-10T14:39:30+00:00 | Vulnerability · Source |
| CVE-2026-58015 | microsoft_vex | Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive | fixed: 1 known affected: 1 | 2026-07-10T14:39:22+00:00 | Vulnerability · Source |
| CVE-2026-58010 | microsoft_vex | Glib: buffer over-read in glib/gvariant-serialiser.c via gvs_tuple_is_normal() | fixed: 1 known affected: 1 | 2026-07-10T14:39:14+00:00 | Vulnerability · Source |
| CVE-2026-11525 | microsoft_vex | undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching | fixed: 1 known affected: 1 under investigation: 1 | 2026-07-10T14:39:01+00:00 | Vulnerability · Source |
| CVE-2026-59935 | redhat_vex | pypdf: pypdf: Denial of Service via crafted PDF with unterminated inline image | known affected: 5 under investigation: 6 | 2026-07-10T14:34:53+00:00 | Vulnerability · Source |
| CVE-2026-53878 | redhat_vex | django: Django: HTTP header injection via DomainNameValidator accepting newlines | known affected: 20 | 2026-07-10T14:25:02+00:00 | Vulnerability · Source |
| CVE-2026-53877 | redhat_vex | django: Django: Information disclosure via heap buffer over-read in GDALRaster | known affected: 20 | 2026-07-10T14:24:58+00:00 | Vulnerability · Source |
| CVE-2026-59937 | redhat_vex | pypdf: pypdf: Denial of Service via crafted PDF with malformed cross-reference streams | known affected: 11 | 2026-07-10T14:24:52+00:00 | Vulnerability · Source |
| CVE-2026-59938 | redhat_vex | pypdf: pypdf: Possible large memory usage for wrong image dimensions | known affected: 11 | 2026-07-10T14:10:27+00:00 | Vulnerability · Source |
| CVE-2026-15164 | redhat_vex | wireshark: Wireshark: Denial of Service vulnerability in ciscodump | known affected: 20 | 2026-07-10T14:05:41+00:00 | Vulnerability · Source |
| CVE-2026-15165 | redhat_vex | wireshark: Wireshark: Denial of Service via TLS ECH decryptor crash | known affected: 20 | 2026-07-10T14:05:30+00:00 | Vulnerability · Source |
| CVE-2026-47712 | redhat_vex | dulwich: Dulwich: Arbitrary file write via malicious commit subject in format_patch | known affected: 24 under investigation: 1 | 2026-07-10T14:00:38+00:00 | Vulnerability · Source |
| CVE-2026-7492 | redhat_vex | gitlab-ee: gitlab: GitLab: Information disclosure of private project existence via improper authorization | known not affected: 4 | 2026-07-10T13:50:51+00:00 | Vulnerability · Source |
| CVE-2026-48588 | redhat_vex | django: Django: Information disclosure due to improper caching of Set-Cookie responses | known affected: 20 | 2026-07-10T13:46:05+00:00 | Vulnerability · Source |
| CVE-2026-58207 | redhat_vex | github.com/nats-io/nats-server: NATS Server: Denial of Service via arithmetic overflow in connection monitoring pagination | known affected: 6 known not affected: 3 | 2026-07-10T13:46:03+00:00 | Vulnerability · Source |
| CVE-2026-12590 | redhat_vex | body-parser: body-parser: Denial of Service via invalid limit option | known affected: 132 known not affected: 1 | 2026-07-10T13:46:00+00:00 | Vulnerability · Source |
| CVE-2026-39197 | redhat_vex | vector: Vector: Denial of Service via crafted request to HTTP endpoint | known not affected: 1 | 2026-07-10T13:15:17+00:00 | Vulnerability · Source |
| CVE-2026-52924 | redhat_vex | kernel: sctp: purge outqueue on stale COOKIE-ECHO handling | known affected: 232 known not affected: 42 | 2026-07-10T13:07:12+00:00 | Vulnerability · Source |