VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221688 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2025-15284 | redhat_vex | qs: qs: Denial of Service via improper input validation in array parsing | fixed: 247 known affected: 84 known not affected: 5286 | 2026-07-09T21:07:16+00:00 | Vulnerability · Source |
| CVE-2026-41242 | redhat_vex | protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields | fixed: 14 known affected: 27 known not affected: 458 under investigation: 14 | 2026-07-09T21:06:40+00:00 | Vulnerability · Source |
| CVE-2026-40192 | redhat_vex | Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing | fixed: 150 known affected: 25 known not affected: 1573 | 2026-07-09T21:06:36+00:00 | Vulnerability · Source |
| CVE-2026-39892 | redhat_vex | cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API | fixed: 157 known affected: 159 known not affected: 1082 | 2026-07-09T21:06:34+00:00 | Vulnerability · Source |
| CVE-2026-34070 | redhat_vex | langchain: path traversal in legacy load_prompt functions in langchain-core | fixed: 8 known affected: 3 known not affected: 330 | 2026-07-09T21:06:25+00:00 | Vulnerability · Source |
| CVE-2026-33236 | redhat_vex | nltk: NLTK: Arbitrary file overwrite and creation via path traversal in XML index files | fixed: 6 known affected: 10 known not affected: 698 | 2026-07-09T21:06:21+00:00 | Vulnerability · Source |
| CVE-2026-33231 | redhat_vex | nltk: NLTK: Denial of Service via unauthenticated remote shutdown | fixed: 6 known affected: 9 known not affected: 699 | 2026-07-09T21:06:15+00:00 | Vulnerability · Source |
| CVE-2026-32640 | redhat_vex | simpleeval: SimpleEval: Arbitrary code execution via sandbox escape due to improper object handling | fixed: 6 known affected: 4 known not affected: 437 | 2026-07-09T21:06:01+00:00 | Vulnerability · Source |
| CVE-2026-30922 | redhat_vex | pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion | fixed: 1697 known affected: 28 known not affected: 2347 | 2026-07-09T21:06:00+00:00 | Vulnerability · Source |
| CVE-2026-32597 | redhat_vex | pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation) | fixed: 1175 known affected: 25 known not affected: 1960 | 2026-07-09T21:05:58+00:00 | Vulnerability · Source |
| CVE-2026-28356 | redhat_vex | multipart: denial of service via maliciously crafted HTTP or multipart segment headers | fixed: 12 known affected: 21 known not affected: 468 | 2026-07-09T21:05:46+00:00 | Vulnerability · Source |
| CVE-2026-27893 | redhat_vex | vllm: vLLM: Remote code execution due to hardcoded trust_remote_code setting | fixed: 20 known affected: 6 known not affected: 683 | 2026-07-09T21:05:45+00:00 | Vulnerability · Source |
| CVE-2026-5241 | redhat_vex | python-transformers: python-transformers: Arbitrary code execution due to overridden trust_remote_code setting | fixed: 21 known affected: 44 known not affected: 545 | 2026-07-09T21:05:28+00:00 | Vulnerability · Source |
| CVE-2026-2614 | redhat_vex | mlflow: mlflow: Arbitrary file read via bypassed source path validation | fixed: 7 known affected: 14 known not affected: 550 | 2026-07-09T21:05:20+00:00 | Vulnerability · Source |
| CVE-2026-1462 | redhat_vex | keras: Keras: Arbitrary Code Execution Vulnerability Bypassing Safe Mode | fixed: 8 known affected: 1 known not affected: 439 | 2026-07-09T21:05:14+00:00 | Vulnerability · Source |
| CVE-2025-62718 | redhat_vex | axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization | fixed: 157 known affected: 62 known not affected: 1678 | 2026-07-09T21:02:33+00:00 | Vulnerability · Source |
| CVE-2026-45109 | redhat_vex | next.js: Next.js: Information disclosure via security fix bypass in middleware with Turbopack | fixed: 2 known affected: 5 known not affected: 24 | 2026-07-09T21:02:21+00:00 | Vulnerability · Source |
| CVE-2026-44578 | redhat_vex | Next.js: Next.js: Server-Side Request Forgery via crafted WebSocket upgrade requests | fixed: 2 known affected: 5 known not affected: 24 | 2026-07-09T21:02:18+00:00 | Vulnerability · Source |
| CVE-2026-44579 | redhat_vex | next.js: Next.js: Denial of Service via crafted POST requests to server actions | fixed: 2 known affected: 5 known not affected: 24 | 2026-07-09T21:02:17+00:00 | Vulnerability · Source |
| CVE-2026-44577 | redhat_vex | Next.js: Next.js: Denial of Service via Image Optimization API | fixed: 2 known affected: 5 known not affected: 24 | 2026-07-09T21:02:12+00:00 | Vulnerability · Source |
| CVE-2026-44575 | redhat_vex | next.js: Next.js: Unauthorized access to protected content via middleware bypass | fixed: 2 known affected: 5 known not affected: 24 | 2026-07-09T21:02:09+00:00 | Vulnerability · Source |
| CVE-2026-44574 | redhat_vex | Next.js: Next.js: Authorization bypass via crafted query parameters | fixed: 2 known affected: 5 known not affected: 24 | 2026-07-09T21:02:06+00:00 | Vulnerability · Source |
| CVE-2026-44573 | redhat_vex | next.js: Next.js: Information disclosure due to middleware bypass in Pages Router with i18n | fixed: 2 known affected: 5 known not affected: 24 | 2026-07-09T21:02:02+00:00 | Vulnerability · Source |
| CVE-2026-42570 | redhat_vex | devalue: devalue: Excessive memory consumption via deserialization of sparse arrays | fixed: 1 known not affected: 9 under investigation: 1 | 2026-07-09T21:02:01+00:00 | Vulnerability · Source |
| CVE-2026-40175 | redhat_vex | axios: Axios: Remote Code Execution via Prototype Pollution escalation | fixed: 139 known affected: 13 known not affected: 4880 | 2026-07-09T21:00:45+00:00 | Vulnerability · Source |
| CVE-2026-29074 | redhat_vex | svgo: SVGO: Denial of Service via XML entity expansion | fixed: 108 known affected: 23 known not affected: 1723 | 2026-07-09T21:00:28+00:00 | Vulnerability · Source |
| CVE-2026-42043 | redhat_vex | axios: Axios: NO_PROXY bypass via crafted URL | fixed: 142 known affected: 34 known not affected: 2451 | 2026-07-09T20:58:23+00:00 | Vulnerability · Source |
| CVE-2026-42033 | redhat_vex | axios: Axios: HTTP Transport Hijacking via Prototype Pollution | fixed: 142 known affected: 40 known not affected: 2446 | 2026-07-09T20:58:06+00:00 | Vulnerability · Source |
| CVE-2026-40895 | redhat_vex | follow-redirects: follow-redirects: Information disclosure via cross-domain redirects | fixed: 187 known affected: 43 known not affected: 2942 | 2026-07-09T20:58:00+00:00 | Vulnerability · Source |
| CVE-2026-9277 | redhat_vex | shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators | fixed: 118 known affected: 23 known not affected: 2149 | 2026-07-09T20:57:33+00:00 | Vulnerability · Source |
| CVE-2026-59936 | redhat_vex | pypdf: pypdf: Denial of Service via crafted PDF inline image | known affected: 11 | 2026-07-09T20:55:00+00:00 | Vulnerability · Source |
| CVE-2026-13320 | redhat_vex | gitlab: GitLab: Arbitrary script execution via improper input sanitization | known not affected: 4 | 2026-07-09T20:45:24+00:00 | Vulnerability · Source |
| CVE-2026-46090 | redhat_vex | kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop | fixed: 2073 known affected: 33 under investigation: 14 | 2026-07-09T20:40:53+00:00 | Vulnerability · Source |
| CVE-2026-11623 | redhat_vex | tmux: tmux: Use-after-free vulnerability | known affected: 5 | 2026-07-09T20:38:41+00:00 | Vulnerability · Source |
| CVE-2026-14940 | redhat_vex | 389-ds-base: 389-ds-base: heap-buffer-overflow in DN normalization via quoted multivalued RDN | known affected: 33 | 2026-07-09T20:38:21+00:00 | Vulnerability · Source |
| CVE-2026-44663 | redhat_vex | OpenEXR: OpenEXR: Denial of Service via crafted HTJ2K-compressed EXR file | known affected: 18 | 2026-07-09T20:33:34+00:00 | Vulnerability · Source |
| CVE-2026-52908 | redhat_vex | kernel: RDMA: During rereg_mr ensure that REREG_ACCESS is compatible | known affected: 246 known not affected: 28 | 2026-07-09T20:27:19+00:00 | Vulnerability · Source |
| CVE-2026-53655 | redhat_vex | node-tar: node-tar: File smuggling due to inconsistent tar archive parsing | known affected: 356 | 2026-07-09T20:27:15+00:00 | Vulnerability · Source |
| CVE-2026-14969 | redhat_vex | 389-ds-base: 389-ds-base: Static initialization vector in AES-CBC/3DES-CBC attribute encryption | known affected: 33 | 2026-07-09T20:27:14+00:00 | Vulnerability · Source |
| CVE-2026-15163 | redhat_vex | wireshark: Wireshark: Denial of Service via multiple protocol dissector infinite loops | known affected: 20 | 2026-07-09T20:27:09+00:00 | Vulnerability · Source |
| CVE-2026-15169 | redhat_vex | wireshark: Wireshark: Denial of Service via UMTS FP protocol dissector crash | known affected: 20 | 2026-07-09T20:22:07+00:00 | Vulnerability · Source |
| CVE-2026-15167 | redhat_vex | wireshark: Wireshark: Denial of Service via DBS Etherwatch file parser crash | known affected: 20 | 2026-07-09T20:22:04+00:00 | Vulnerability · Source |
| CVE-2026-15166 | redhat_vex | Wireshark: Wireshark: Denial of Service via IEEE 802.11 protocol dissector crash | known affected: 4 | 2026-07-09T20:22:00+00:00 | Vulnerability · Source |
| CVE-2026-56001 | redhat_vex | libXfont2: BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow | known affected: 9 | 2026-07-09T19:57:52+00:00 | Vulnerability · Source |
| CVE-2026-15168 | redhat_vex | wireshark: Wireshark: Information disclosure in BLF file parser | known affected: 20 | 2026-07-09T19:34:49+00:00 | Vulnerability · Source |
| CVE-2026-44827 | redhat_vex | diffusers: Diffusers: Arbitrary Code Execution via malicious model loading | known affected: 13 known not affected: 5 | 2026-07-09T19:15:10+00:00 | Vulnerability · Source |
| CVE-2026-42006 | redhat_vex | dovecot: Dovecot: Denial of Service via excessive IMAP bracing | known affected: 30 | 2026-07-09T18:46:22+00:00 | Vulnerability · Source |
| CVE-2026-56374 | redhat_vex | ImageMagick: ImageMagick: Denial of Service and Information Disclosure via heap buffer overflow in FTXT encoder | known affected: 14 | 2026-07-09T18:02:07+00:00 | Vulnerability · Source |
| CVE-2026-53422 | redhat_vex | erlang: ssh: Erlang OTP ssh: Information disclosure via SFTP REALPATH handler | fixed: 3 known affected: 42 | 2026-07-09T18:01:53+00:00 | Vulnerability · Source |
| CVE-2026-59998 | redhat_vex | openssh: OpenSSH: Undocumented GSSAPIStrictAcceptorCheck behavior impacts security in Windows Active Directory | fixed: 3 known affected: 41 | 2026-07-09T18:01:51+00:00 | Vulnerability · Source |