VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221754 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2023-5574 redhat_vex xorg-x11-server: Use-after-free bug in DamageDestroy fixed: 40 known affected: 38 known not affected: 26 2026-07-11T21:12:08+00:00 Vulnerability · Source
CVE-2025-48866 redhat_vex mod_security: ModSecurity Denial of Service Vulnerability fixed: 84 known affected: 6 2026-07-11T21:06:37+00:00 Vulnerability · Source
CVE-2025-8176 redhat_vex libtiff: LibTIFF Use-After-Free Vulnerability fixed: 239 known not affected: 50 2026-07-11T21:01:25+00:00 Vulnerability · Source
CVE-2025-45582 redhat_vex tar: Tar path traversal fixed: 62 known affected: 6 known not affected: 54 2026-07-11T21:01:25+00:00 Vulnerability · Source
CVE-2025-43865 redhat_vex react-router: React Router allows pre-render data spoofing on React-Router framework mode fixed: 4 known not affected: 76 2026-07-11T20:41:01+00:00 Vulnerability · Source
CVE-2025-22150 redhat_vex undici: Undici Uses Insufficiently Random Values fixed: 352 known affected: 3 known not affected: 107 2026-07-11T20:40:51+00:00 Vulnerability · Source
CVE-2024-7557 redhat_vex odh-dashboard: odh-model-controller: Cross-Model Authentication Bypass in OpenShift AI known affected: 4 2026-07-11T20:40:47+00:00 Vulnerability · Source
CVE-2025-31137 redhat_vex react-router: Remix Host Header Spoofing Vulnerability known affected: 1 known not affected: 83 2026-07-11T20:40:39+00:00 Vulnerability · Source
CVE-2025-14025 redhat_vex ansible-automation-platform/aap-gateway: aap-gateway: Read-only Personal Access Token (PAT) bypasses write restrictions fixed: 11 known not affected: 213 2026-07-11T20:35:04+00:00 Vulnerability · Source
CVE-2025-26699 redhat_vex django: Potential denial-of-service vulnerability in django.utils.text.wrap() fixed: 26 known affected: 7 known not affected: 458 2026-07-11T20:30:05+00:00 Vulnerability · Source
CVE-2025-62727 redhat_vex starlette: Starlette DoS via Range header merging fixed: 84 known affected: 18 known not affected: 423 2026-07-11T20:25:12+00:00 Vulnerability · Source
CVE-2025-27610 redhat_vex rack: rubygem-rack: Local File Inclusion in Rack::Static fixed: 121 known affected: 6 known not affected: 2033 2026-07-11T20:20:22+00:00 Vulnerability · Source
CVE-2025-47287 redhat_vex tornado: Tornado Multipart Form-Data Denial of Service fixed: 132 known affected: 3 known not affected: 6 2026-07-11T20:20:15+00:00 Vulnerability · Source
CVE-2025-67725 redhat_vex tornado: Tornado Quadratic DoS via Repeated Header Coalescing fixed: 134 known affected: 13 known not affected: 399 2026-07-11T20:10:21+00:00 Vulnerability · Source
CVE-2025-67726 redhat_vex tornado: Tornado Quadratic DoS via Crafted Multipart Parameters fixed: 134 known affected: 14 known not affected: 398 2026-07-11T20:10:19+00:00 Vulnerability · Source
CVE-2025-46727 redhat_vex rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser fixed: 155 known affected: 8 known not affected: 72 2026-07-11T20:05:05+00:00 Vulnerability · Source
CVE-2025-59830 redhat_vex rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters fixed: 154 known affected: 18 known not affected: 355 2026-07-11T20:00:20+00:00 Vulnerability · Source
CVE-2025-61770 redhat_vex rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) fixed: 152 known affected: 8 known not affected: 230 2026-07-11T20:00:09+00:00 Vulnerability · Source
CVE-2025-61771 redhat_vex rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion) fixed: 120 known affected: 16 known not affected: 222 2026-07-11T20:00:08+00:00 Vulnerability · Source
CVE-2025-61919 redhat_vex rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion fixed: 168 known affected: 10 known not affected: 359 2026-07-11T20:00:07+00:00 Vulnerability · Source
CVE-2025-61772 redhat_vex rack: Rack memory exhaustion denial of service fixed: 138 known affected: 41 2026-07-11T20:00:06+00:00 Vulnerability · Source
CVE-2025-23216 redhat_vex argocd: Argo CD does not scrub secret values from patch errors fixed: 70 2026-07-11T19:00:04+00:00 Vulnerability · Source
CVE-2024-13484 redhat_vex openshift-gitops-operator-container: Namespace Isolation Break fixed: 74 known not affected: 29 2026-07-11T19:00:04+00:00 Vulnerability · Source
CVE-2025-3415 redhat_vex grafana: Exposure of DingDing alerting integration URL to Viewer level users known not affected: 21 2026-07-11T17:42:33+00:00 Vulnerability · Source
CVE-2024-28956 redhat_vex microcode_ctl: From CVEorg collector fixed: 947 known affected: 65 known not affected: 5 2026-07-11T17:42:12+00:00 Vulnerability · Source
CVE-2025-47277 redhat_vex vllm: vLLM Allows Remote Code Execution via PyNcclPipe Communication Service fixed: 15 known not affected: 1 2026-07-11T17:42:06+00:00 Vulnerability · Source
CVE-2025-66516 redhat_vex tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected fixed: 9 known not affected: 65 2026-07-11T17:41:42+00:00 Vulnerability · Source
CVE-2025-32462 redhat_vex sudo: LPE via host option fixed: 271 known not affected: 4159 2026-07-11T17:41:41+00:00 Vulnerability · Source
CVE-2025-1094 redhat_vex postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation fixed: 3374 known affected: 11 known not affected: 19 2026-07-11T17:41:38+00:00 Vulnerability · Source
CVE-2025-62168 redhat_vex squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling fixed: 225 known affected: 4 known not affected: 17 2026-07-11T17:41:38+00:00 Vulnerability · Source
CVE-2025-29927 redhat_vex nextjs: Authorization Bypass in Next.js Middleware known not affected: 177 2026-07-11T17:41:34+00:00 Vulnerability · Source
CVE-2025-68664 redhat_vex langchain-core: LangChain: Arbitrary code execution via serialization injection fixed: 18 known not affected: 254 2026-07-11T17:41:32+00:00 Vulnerability · Source
CVE-2025-41244 redhat_vex open-vm-tools: Local privilege escalation in open-vm-tools fixed: 169 known not affected: 6 2026-07-11T17:41:27+00:00 Vulnerability · Source
CVE-2025-48384 redhat_vex git: Git arbitrary code execution fixed: 587 known affected: 13 known not affected: 655 2026-07-11T17:41:25+00:00 Vulnerability · Source
CVE-2025-13888 redhat_vex openshift-gitops-operator: OpenShift GitOps: Namespace Admin Cluster Takeover via Privileged Jobs fixed: 16 known not affected: 145 2026-07-11T17:40:59+00:00 Vulnerability · Source
CVE-2025-5115 redhat_vex jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames fixed: 36 known affected: 8 known not affected: 16 2026-07-11T17:40:49+00:00 Vulnerability · Source
CVE-2025-47151 redhat_vex lasso: Type confusion in Entr'ouvert Lasso fixed: 450 known affected: 3 2026-07-11T17:40:42+00:00 Vulnerability · Source
CVE-2021-22555 redhat_vex kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c fixed: 1259 known affected: 16 known not affected: 115 2026-07-11T17:40:34+00:00 Vulnerability · Source
CVE-2025-32463 redhat_vex sudo: LPE via chroot option fixed: 33 known not affected: 12 2026-07-11T17:40:26+00:00 Vulnerability · Source
CVE-2026-1709 redhat_vex keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication fixed: 86 2026-07-11T17:25:14+00:00 Vulnerability · Source
CVE-2026-4631 redhat_vex cockpit: Cockpit: Unauthenticated remote code execution due to SSH command-line argument injection fixed: 102 known not affected: 13 2026-07-11T17:25:14+00:00 Vulnerability · Source
CVE-2026-22778 redhat_vex vLLM: vLLM: Remote code execution via invalid image processing in the multimodal endpoint. fixed: 18 known affected: 4 known not affected: 670 2026-07-11T17:25:13+00:00 Vulnerability · Source
CVE-2025-31125 redhat_vex vite: Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query known affected: 6 known not affected: 5 2026-07-11T17:25:08+00:00 Vulnerability · Source
CVE-2026-47774 redhat_vex envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack fixed: 20 known not affected: 88 2026-07-11T17:20:04+00:00 Vulnerability · Source
CVE-2026-42208 redhat_vex LiteLLM: LiteLLM: Unauthorized data access and modification via SQL injection known not affected: 4 2026-07-11T17:20:02+00:00 Vulnerability · Source
CVE-2026-10536 microsoft_vex HTTP/2 stream-dependency tree UAF known affected: 2 known not affected: 4 2026-07-11T14:38:42+00:00 Vulnerability · Source
CVE-2026-14738 redhat_vex exo: Exo: Information disclosure due to weak hash algorithm known not affected: 1 2026-07-11T08:54:57+00:00 Vulnerability · Source
CVE-2026-54908 microsoft_vex Pion DTLS: Denial of service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message fixed: 1 known affected: 1 2026-07-11T01:41:05+00:00 Vulnerability · Source
CVE-2026-54886 microsoft_vex SSH SFTP server denial of service via extended channel data infinite loop fixed: 1 known affected: 1 2026-07-11T01:40:30+00:00 Vulnerability · Source
CVE-2026-45570 microsoft_vex go-git: Improper single-quote escaping in go-git SSH transport fixed: 1 known affected: 3 2026-07-11T01:39:57+00:00 Vulnerability · Source