VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221754 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2023-5574 | redhat_vex | xorg-x11-server: Use-after-free bug in DamageDestroy | fixed: 40 known affected: 38 known not affected: 26 | 2026-07-11T21:12:08+00:00 | Vulnerability · Source |
| CVE-2025-48866 | redhat_vex | mod_security: ModSecurity Denial of Service Vulnerability | fixed: 84 known affected: 6 | 2026-07-11T21:06:37+00:00 | Vulnerability · Source |
| CVE-2025-8176 | redhat_vex | libtiff: LibTIFF Use-After-Free Vulnerability | fixed: 239 known not affected: 50 | 2026-07-11T21:01:25+00:00 | Vulnerability · Source |
| CVE-2025-45582 | redhat_vex | tar: Tar path traversal | fixed: 62 known affected: 6 known not affected: 54 | 2026-07-11T21:01:25+00:00 | Vulnerability · Source |
| CVE-2025-43865 | redhat_vex | react-router: React Router allows pre-render data spoofing on React-Router framework mode | fixed: 4 known not affected: 76 | 2026-07-11T20:41:01+00:00 | Vulnerability · Source |
| CVE-2025-22150 | redhat_vex | undici: Undici Uses Insufficiently Random Values | fixed: 352 known affected: 3 known not affected: 107 | 2026-07-11T20:40:51+00:00 | Vulnerability · Source |
| CVE-2024-7557 | redhat_vex | odh-dashboard: odh-model-controller: Cross-Model Authentication Bypass in OpenShift AI | known affected: 4 | 2026-07-11T20:40:47+00:00 | Vulnerability · Source |
| CVE-2025-31137 | redhat_vex | react-router: Remix Host Header Spoofing Vulnerability | known affected: 1 known not affected: 83 | 2026-07-11T20:40:39+00:00 | Vulnerability · Source |
| CVE-2025-14025 | redhat_vex | ansible-automation-platform/aap-gateway: aap-gateway: Read-only Personal Access Token (PAT) bypasses write restrictions | fixed: 11 known not affected: 213 | 2026-07-11T20:35:04+00:00 | Vulnerability · Source |
| CVE-2025-26699 | redhat_vex | django: Potential denial-of-service vulnerability in django.utils.text.wrap() | fixed: 26 known affected: 7 known not affected: 458 | 2026-07-11T20:30:05+00:00 | Vulnerability · Source |
| CVE-2025-62727 | redhat_vex | starlette: Starlette DoS via Range header merging | fixed: 84 known affected: 18 known not affected: 423 | 2026-07-11T20:25:12+00:00 | Vulnerability · Source |
| CVE-2025-27610 | redhat_vex | rack: rubygem-rack: Local File Inclusion in Rack::Static | fixed: 121 known affected: 6 known not affected: 2033 | 2026-07-11T20:20:22+00:00 | Vulnerability · Source |
| CVE-2025-47287 | redhat_vex | tornado: Tornado Multipart Form-Data Denial of Service | fixed: 132 known affected: 3 known not affected: 6 | 2026-07-11T20:20:15+00:00 | Vulnerability · Source |
| CVE-2025-67725 | redhat_vex | tornado: Tornado Quadratic DoS via Repeated Header Coalescing | fixed: 134 known affected: 13 known not affected: 399 | 2026-07-11T20:10:21+00:00 | Vulnerability · Source |
| CVE-2025-67726 | redhat_vex | tornado: Tornado Quadratic DoS via Crafted Multipart Parameters | fixed: 134 known affected: 14 known not affected: 398 | 2026-07-11T20:10:19+00:00 | Vulnerability · Source |
| CVE-2025-46727 | redhat_vex | rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser | fixed: 155 known affected: 8 known not affected: 72 | 2026-07-11T20:05:05+00:00 | Vulnerability · Source |
| CVE-2025-59830 | redhat_vex | rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters | fixed: 154 known affected: 18 known not affected: 355 | 2026-07-11T20:00:20+00:00 | Vulnerability · Source |
| CVE-2025-61770 | redhat_vex | rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) | fixed: 152 known affected: 8 known not affected: 230 | 2026-07-11T20:00:09+00:00 | Vulnerability · Source |
| CVE-2025-61771 | redhat_vex | rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion) | fixed: 120 known affected: 16 known not affected: 222 | 2026-07-11T20:00:08+00:00 | Vulnerability · Source |
| CVE-2025-61919 | redhat_vex | rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion | fixed: 168 known affected: 10 known not affected: 359 | 2026-07-11T20:00:07+00:00 | Vulnerability · Source |
| CVE-2025-61772 | redhat_vex | rack: Rack memory exhaustion denial of service | fixed: 138 known affected: 41 | 2026-07-11T20:00:06+00:00 | Vulnerability · Source |
| CVE-2025-23216 | redhat_vex | argocd: Argo CD does not scrub secret values from patch errors | fixed: 70 | 2026-07-11T19:00:04+00:00 | Vulnerability · Source |
| CVE-2024-13484 | redhat_vex | openshift-gitops-operator-container: Namespace Isolation Break | fixed: 74 known not affected: 29 | 2026-07-11T19:00:04+00:00 | Vulnerability · Source |
| CVE-2025-3415 | redhat_vex | grafana: Exposure of DingDing alerting integration URL to Viewer level users | known not affected: 21 | 2026-07-11T17:42:33+00:00 | Vulnerability · Source |
| CVE-2024-28956 | redhat_vex | microcode_ctl: From CVEorg collector | fixed: 947 known affected: 65 known not affected: 5 | 2026-07-11T17:42:12+00:00 | Vulnerability · Source |
| CVE-2025-47277 | redhat_vex | vllm: vLLM Allows Remote Code Execution via PyNcclPipe Communication Service | fixed: 15 known not affected: 1 | 2026-07-11T17:42:06+00:00 | Vulnerability · Source |
| CVE-2025-66516 | redhat_vex | tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected | fixed: 9 known not affected: 65 | 2026-07-11T17:41:42+00:00 | Vulnerability · Source |
| CVE-2025-32462 | redhat_vex | sudo: LPE via host option | fixed: 271 known not affected: 4159 | 2026-07-11T17:41:41+00:00 | Vulnerability · Source |
| CVE-2025-1094 | redhat_vex | postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation | fixed: 3374 known affected: 11 known not affected: 19 | 2026-07-11T17:41:38+00:00 | Vulnerability · Source |
| CVE-2025-62168 | redhat_vex | squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling | fixed: 225 known affected: 4 known not affected: 17 | 2026-07-11T17:41:38+00:00 | Vulnerability · Source |
| CVE-2025-29927 | redhat_vex | nextjs: Authorization Bypass in Next.js Middleware | known not affected: 177 | 2026-07-11T17:41:34+00:00 | Vulnerability · Source |
| CVE-2025-68664 | redhat_vex | langchain-core: LangChain: Arbitrary code execution via serialization injection | fixed: 18 known not affected: 254 | 2026-07-11T17:41:32+00:00 | Vulnerability · Source |
| CVE-2025-41244 | redhat_vex | open-vm-tools: Local privilege escalation in open-vm-tools | fixed: 169 known not affected: 6 | 2026-07-11T17:41:27+00:00 | Vulnerability · Source |
| CVE-2025-48384 | redhat_vex | git: Git arbitrary code execution | fixed: 587 known affected: 13 known not affected: 655 | 2026-07-11T17:41:25+00:00 | Vulnerability · Source |
| CVE-2025-13888 | redhat_vex | openshift-gitops-operator: OpenShift GitOps: Namespace Admin Cluster Takeover via Privileged Jobs | fixed: 16 known not affected: 145 | 2026-07-11T17:40:59+00:00 | Vulnerability · Source |
| CVE-2025-5115 | redhat_vex | jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames | fixed: 36 known affected: 8 known not affected: 16 | 2026-07-11T17:40:49+00:00 | Vulnerability · Source |
| CVE-2025-47151 | redhat_vex | lasso: Type confusion in Entr'ouvert Lasso | fixed: 450 known affected: 3 | 2026-07-11T17:40:42+00:00 | Vulnerability · Source |
| CVE-2021-22555 | redhat_vex | kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c | fixed: 1259 known affected: 16 known not affected: 115 | 2026-07-11T17:40:34+00:00 | Vulnerability · Source |
| CVE-2025-32463 | redhat_vex | sudo: LPE via chroot option | fixed: 33 known not affected: 12 | 2026-07-11T17:40:26+00:00 | Vulnerability · Source |
| CVE-2026-1709 | redhat_vex | keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication | fixed: 86 | 2026-07-11T17:25:14+00:00 | Vulnerability · Source |
| CVE-2026-4631 | redhat_vex | cockpit: Cockpit: Unauthenticated remote code execution due to SSH command-line argument injection | fixed: 102 known not affected: 13 | 2026-07-11T17:25:14+00:00 | Vulnerability · Source |
| CVE-2026-22778 | redhat_vex | vLLM: vLLM: Remote code execution via invalid image processing in the multimodal endpoint. | fixed: 18 known affected: 4 known not affected: 670 | 2026-07-11T17:25:13+00:00 | Vulnerability · Source |
| CVE-2025-31125 | redhat_vex | vite: Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | known affected: 6 known not affected: 5 | 2026-07-11T17:25:08+00:00 | Vulnerability · Source |
| CVE-2026-47774 | redhat_vex | envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack | fixed: 20 known not affected: 88 | 2026-07-11T17:20:04+00:00 | Vulnerability · Source |
| CVE-2026-42208 | redhat_vex | LiteLLM: LiteLLM: Unauthorized data access and modification via SQL injection | known not affected: 4 | 2026-07-11T17:20:02+00:00 | Vulnerability · Source |
| CVE-2026-10536 | microsoft_vex | HTTP/2 stream-dependency tree UAF | known affected: 2 known not affected: 4 | 2026-07-11T14:38:42+00:00 | Vulnerability · Source |
| CVE-2026-14738 | redhat_vex | exo: Exo: Information disclosure due to weak hash algorithm | known not affected: 1 | 2026-07-11T08:54:57+00:00 | Vulnerability · Source |
| CVE-2026-54908 | microsoft_vex | Pion DTLS: Denial of service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message | fixed: 1 known affected: 1 | 2026-07-11T01:41:05+00:00 | Vulnerability · Source |
| CVE-2026-54886 | microsoft_vex | SSH SFTP server denial of service via extended channel data infinite loop | fixed: 1 known affected: 1 | 2026-07-11T01:40:30+00:00 | Vulnerability · Source |
| CVE-2026-45570 | microsoft_vex | go-git: Improper single-quote escaping in go-git SSH transport | fixed: 1 known affected: 3 | 2026-07-11T01:39:57+00:00 | Vulnerability · Source |