VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221688 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2025-15284 redhat_vex qs: qs: Denial of Service via improper input validation in array parsing fixed: 247 known affected: 84 known not affected: 5286 2026-07-09T21:07:16+00:00 Vulnerability · Source
CVE-2026-41242 redhat_vex protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields fixed: 14 known affected: 27 known not affected: 458 under investigation: 14 2026-07-09T21:06:40+00:00 Vulnerability · Source
CVE-2026-40192 redhat_vex Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing fixed: 150 known affected: 25 known not affected: 1573 2026-07-09T21:06:36+00:00 Vulnerability · Source
CVE-2026-39892 redhat_vex cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API fixed: 157 known affected: 159 known not affected: 1082 2026-07-09T21:06:34+00:00 Vulnerability · Source
CVE-2026-34070 redhat_vex langchain: path traversal in legacy load_prompt functions in langchain-core fixed: 8 known affected: 3 known not affected: 330 2026-07-09T21:06:25+00:00 Vulnerability · Source
CVE-2026-33236 redhat_vex nltk: NLTK: Arbitrary file overwrite and creation via path traversal in XML index files fixed: 6 known affected: 10 known not affected: 698 2026-07-09T21:06:21+00:00 Vulnerability · Source
CVE-2026-33231 redhat_vex nltk: NLTK: Denial of Service via unauthenticated remote shutdown fixed: 6 known affected: 9 known not affected: 699 2026-07-09T21:06:15+00:00 Vulnerability · Source
CVE-2026-32640 redhat_vex simpleeval: SimpleEval: Arbitrary code execution via sandbox escape due to improper object handling fixed: 6 known affected: 4 known not affected: 437 2026-07-09T21:06:01+00:00 Vulnerability · Source
CVE-2026-30922 redhat_vex pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion fixed: 1697 known affected: 28 known not affected: 2347 2026-07-09T21:06:00+00:00 Vulnerability · Source
CVE-2026-32597 redhat_vex pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation) fixed: 1175 known affected: 25 known not affected: 1960 2026-07-09T21:05:58+00:00 Vulnerability · Source
CVE-2026-28356 redhat_vex multipart: denial of service via maliciously crafted HTTP or multipart segment headers fixed: 12 known affected: 21 known not affected: 468 2026-07-09T21:05:46+00:00 Vulnerability · Source
CVE-2026-27893 redhat_vex vllm: vLLM: Remote code execution due to hardcoded trust_remote_code setting fixed: 20 known affected: 6 known not affected: 683 2026-07-09T21:05:45+00:00 Vulnerability · Source
CVE-2026-5241 redhat_vex python-transformers: python-transformers: Arbitrary code execution due to overridden trust_remote_code setting fixed: 21 known affected: 44 known not affected: 545 2026-07-09T21:05:28+00:00 Vulnerability · Source
CVE-2026-2614 redhat_vex mlflow: mlflow: Arbitrary file read via bypassed source path validation fixed: 7 known affected: 14 known not affected: 550 2026-07-09T21:05:20+00:00 Vulnerability · Source
CVE-2026-1462 redhat_vex keras: Keras: Arbitrary Code Execution Vulnerability Bypassing Safe Mode fixed: 8 known affected: 1 known not affected: 439 2026-07-09T21:05:14+00:00 Vulnerability · Source
CVE-2025-62718 redhat_vex axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization fixed: 157 known affected: 62 known not affected: 1678 2026-07-09T21:02:33+00:00 Vulnerability · Source
CVE-2026-45109 redhat_vex next.js: Next.js: Information disclosure via security fix bypass in middleware with Turbopack fixed: 2 known affected: 5 known not affected: 24 2026-07-09T21:02:21+00:00 Vulnerability · Source
CVE-2026-44578 redhat_vex Next.js: Next.js: Server-Side Request Forgery via crafted WebSocket upgrade requests fixed: 2 known affected: 5 known not affected: 24 2026-07-09T21:02:18+00:00 Vulnerability · Source
CVE-2026-44579 redhat_vex next.js: Next.js: Denial of Service via crafted POST requests to server actions fixed: 2 known affected: 5 known not affected: 24 2026-07-09T21:02:17+00:00 Vulnerability · Source
CVE-2026-44577 redhat_vex Next.js: Next.js: Denial of Service via Image Optimization API fixed: 2 known affected: 5 known not affected: 24 2026-07-09T21:02:12+00:00 Vulnerability · Source
CVE-2026-44575 redhat_vex next.js: Next.js: Unauthorized access to protected content via middleware bypass fixed: 2 known affected: 5 known not affected: 24 2026-07-09T21:02:09+00:00 Vulnerability · Source
CVE-2026-44574 redhat_vex Next.js: Next.js: Authorization bypass via crafted query parameters fixed: 2 known affected: 5 known not affected: 24 2026-07-09T21:02:06+00:00 Vulnerability · Source
CVE-2026-44573 redhat_vex next.js: Next.js: Information disclosure due to middleware bypass in Pages Router with i18n fixed: 2 known affected: 5 known not affected: 24 2026-07-09T21:02:02+00:00 Vulnerability · Source
CVE-2026-42570 redhat_vex devalue: devalue: Excessive memory consumption via deserialization of sparse arrays fixed: 1 known not affected: 9 under investigation: 1 2026-07-09T21:02:01+00:00 Vulnerability · Source
CVE-2026-40175 redhat_vex axios: Axios: Remote Code Execution via Prototype Pollution escalation fixed: 139 known affected: 13 known not affected: 4880 2026-07-09T21:00:45+00:00 Vulnerability · Source
CVE-2026-29074 redhat_vex svgo: SVGO: Denial of Service via XML entity expansion fixed: 108 known affected: 23 known not affected: 1723 2026-07-09T21:00:28+00:00 Vulnerability · Source
CVE-2026-42043 redhat_vex axios: Axios: NO_PROXY bypass via crafted URL fixed: 142 known affected: 34 known not affected: 2451 2026-07-09T20:58:23+00:00 Vulnerability · Source
CVE-2026-42033 redhat_vex axios: Axios: HTTP Transport Hijacking via Prototype Pollution fixed: 142 known affected: 40 known not affected: 2446 2026-07-09T20:58:06+00:00 Vulnerability · Source
CVE-2026-40895 redhat_vex follow-redirects: follow-redirects: Information disclosure via cross-domain redirects fixed: 187 known affected: 43 known not affected: 2942 2026-07-09T20:58:00+00:00 Vulnerability · Source
CVE-2026-9277 redhat_vex shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators fixed: 118 known affected: 23 known not affected: 2149 2026-07-09T20:57:33+00:00 Vulnerability · Source
CVE-2026-59936 redhat_vex pypdf: pypdf: Denial of Service via crafted PDF inline image known affected: 11 2026-07-09T20:55:00+00:00 Vulnerability · Source
CVE-2026-13320 redhat_vex gitlab: GitLab: Arbitrary script execution via improper input sanitization known not affected: 4 2026-07-09T20:45:24+00:00 Vulnerability · Source
CVE-2026-46090 redhat_vex kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop fixed: 2073 known affected: 33 under investigation: 14 2026-07-09T20:40:53+00:00 Vulnerability · Source
CVE-2026-11623 redhat_vex tmux: tmux: Use-after-free vulnerability known affected: 5 2026-07-09T20:38:41+00:00 Vulnerability · Source
CVE-2026-14940 redhat_vex 389-ds-base: 389-ds-base: heap-buffer-overflow in DN normalization via quoted multivalued RDN known affected: 33 2026-07-09T20:38:21+00:00 Vulnerability · Source
CVE-2026-44663 redhat_vex OpenEXR: OpenEXR: Denial of Service via crafted HTJ2K-compressed EXR file known affected: 18 2026-07-09T20:33:34+00:00 Vulnerability · Source
CVE-2026-52908 redhat_vex kernel: RDMA: During rereg_mr ensure that REREG_ACCESS is compatible known affected: 246 known not affected: 28 2026-07-09T20:27:19+00:00 Vulnerability · Source
CVE-2026-53655 redhat_vex node-tar: node-tar: File smuggling due to inconsistent tar archive parsing known affected: 356 2026-07-09T20:27:15+00:00 Vulnerability · Source
CVE-2026-14969 redhat_vex 389-ds-base: 389-ds-base: Static initialization vector in AES-CBC/3DES-CBC attribute encryption known affected: 33 2026-07-09T20:27:14+00:00 Vulnerability · Source
CVE-2026-15163 redhat_vex wireshark: Wireshark: Denial of Service via multiple protocol dissector infinite loops known affected: 20 2026-07-09T20:27:09+00:00 Vulnerability · Source
CVE-2026-15169 redhat_vex wireshark: Wireshark: Denial of Service via UMTS FP protocol dissector crash known affected: 20 2026-07-09T20:22:07+00:00 Vulnerability · Source
CVE-2026-15167 redhat_vex wireshark: Wireshark: Denial of Service via DBS Etherwatch file parser crash known affected: 20 2026-07-09T20:22:04+00:00 Vulnerability · Source
CVE-2026-15166 redhat_vex Wireshark: Wireshark: Denial of Service via IEEE 802.11 protocol dissector crash known affected: 4 2026-07-09T20:22:00+00:00 Vulnerability · Source
CVE-2026-56001 redhat_vex libXfont2: BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow known affected: 9 2026-07-09T19:57:52+00:00 Vulnerability · Source
CVE-2026-15168 redhat_vex wireshark: Wireshark: Information disclosure in BLF file parser known affected: 20 2026-07-09T19:34:49+00:00 Vulnerability · Source
CVE-2026-44827 redhat_vex diffusers: Diffusers: Arbitrary Code Execution via malicious model loading known affected: 13 known not affected: 5 2026-07-09T19:15:10+00:00 Vulnerability · Source
CVE-2026-42006 redhat_vex dovecot: Dovecot: Denial of Service via excessive IMAP bracing known affected: 30 2026-07-09T18:46:22+00:00 Vulnerability · Source
CVE-2026-56374 redhat_vex ImageMagick: ImageMagick: Denial of Service and Information Disclosure via heap buffer overflow in FTXT encoder known affected: 14 2026-07-09T18:02:07+00:00 Vulnerability · Source
CVE-2026-53422 redhat_vex erlang: ssh: Erlang OTP ssh: Information disclosure via SFTP REALPATH handler fixed: 3 known affected: 42 2026-07-09T18:01:53+00:00 Vulnerability · Source
CVE-2026-59998 redhat_vex openssh: OpenSSH: Undocumented GSSAPIStrictAcceptorCheck behavior impacts security in Windows Active Directory fixed: 3 known affected: 41 2026-07-09T18:01:51+00:00 Vulnerability · Source