VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221718 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-9697 | redhat_vex | undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy | fixed: 180 known affected: 20 known not affected: 798 | 2026-07-16T10:10:02+00:00 | Vulnerability · Source |
| CVE-2025-66471 | redhat_vex | urllib3: urllib3 Streaming API improperly handles highly compressed data | fixed: 1948 known affected: 359 known not affected: 3318 under investigation: 1 | 2026-07-16T10:04:22+00:00 | Vulnerability · Source |
| CVE-2026-44496 | redhat_vex | axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name | fixed: 119 known affected: 37 known not affected: 3875 | 2026-07-16T09:49:09+00:00 | Vulnerability · Source |
| CVE-2026-44495 | redhat_vex | axios: Axios: Information disclosure due to prototype pollution vulnerability | fixed: 114 known affected: 38 known not affected: 3375 | 2026-07-16T09:49:01+00:00 | Vulnerability · Source |
| CVE-2026-44494 | redhat_vex | axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution | fixed: 127 known affected: 38 known not affected: 5064 | 2026-07-16T09:49:00+00:00 | Vulnerability · Source |
| CVE-2026-44492 | redhat_vex | axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization | fixed: 116 known affected: 37 known not affected: 3831 | 2026-07-16T09:48:46+00:00 | Vulnerability · Source |
| CVE-2026-44488 | redhat_vex | axios: Axios: Denial of Service due to unenforced request and response size limits | fixed: 117 known affected: 35 known not affected: 3371 | 2026-07-16T09:48:45+00:00 | Vulnerability · Source |
| CVE-2026-44487 | redhat_vex | axios: Axios: Information disclosure of proxy credentials via redirect flows | fixed: 119 known affected: 35 known not affected: 3963 | 2026-07-16T09:48:45+00:00 | Vulnerability · Source |
| CVE-2026-44486 | redhat_vex | axios: Axios: Information disclosure of proxy credentials via HTTP redirects | fixed: 112 known affected: 38 known not affected: 3831 | 2026-07-16T09:48:45+00:00 | Vulnerability · Source |
| CVE-2026-14544 | redhat_vex | HPLIP: Incomplete Fix for CVE-2026-8631 | fixed: 10 known affected: 6 known not affected: 76 | 2026-07-16T09:44:04+00:00 | Vulnerability · Source |
| CVE-2026-8595 | redhat_vex | grafana: Grafana: Stored Cross-Site Scripting via malicious dashboard field name | known not affected: 28 | 2026-07-16T09:41:26+00:00 | Vulnerability · Source |
| CVE-2026-61863 | redhat_vex | ImageMagick: ImageMagick: Memory leak in TIFF encoder | known affected: 14 | 2026-07-16T09:38:03+00:00 | Vulnerability · Source |
| CVE-2026-61872 | redhat_vex | ImageMagick: ImageMagick: Denial of Service due to memory leak in TIFF encoder | known affected: 14 | 2026-07-16T09:38:03+00:00 | Vulnerability · Source |
| CVE-2026-61859 | redhat_vex | ImageMagick: ImageMagick: Information disclosure via policy bypass in -script operation | known affected: 14 | 2026-07-16T09:38:01+00:00 | Vulnerability · Source |
| CVE-2026-61868 | redhat_vex | ImageMagick: ImageMagick: Denial of Service due to memory leak in YUV decoder | known affected: 14 | 2026-07-16T09:37:58+00:00 | Vulnerability · Source |
| CVE-2026-61871 | redhat_vex | ImageMagick: ImageMagick: Denial of Service via memory leak in ICON decoder | known affected: 14 | 2026-07-16T09:37:57+00:00 | Vulnerability · Source |
| CVE-2026-61866 | redhat_vex | ImageMagick: ImageMagick: Memory leak in JNG encoder can lead to denial of service | known affected: 14 | 2026-07-16T09:37:53+00:00 | Vulnerability · Source |
| CVE-2026-61869 | redhat_vex | ImageMagick: ImageMagick: Denial of Service via memory leak in MIFF encoder | known affected: 14 | 2026-07-16T09:37:49+00:00 | Vulnerability · Source |
| CVE-2026-61862 | redhat_vex | ImageMagick: ImageMagick: Information disclosure via out-of-bounds read when displaying profiles with debug enabled | known affected: 14 | 2026-07-16T09:37:48+00:00 | Vulnerability · Source |
| CVE-2026-61864 | redhat_vex | ImageMagick: ImageMagick: Memory leak in color transformation to log colorspace | known affected: 14 | 2026-07-16T09:37:48+00:00 | Vulnerability · Source |
| CVE-2026-61860 | redhat_vex | ImageMagick: ImageMagick: Denial of Service via use-after-free during freetype initialization | known affected: 14 | 2026-07-16T09:37:46+00:00 | Vulnerability · Source |
| CVE-2026-56375 | redhat_vex | Magick.NET-Q16-AnyCPU: Magick.NET-Q16-HDRI-AnyCPU: Magick.NET-Q16-HDRI-OpenMP-arm64: Magick.NET-Q16-HDRI-arm64: Magick.NET-Q16-HDRI-x64: Magick.NET-Q16-HDRI-x86: Magick.NET-Q16-OpenMP-arm64: Magick.NET-Q16-OpenMP-x64: Magick.NET-Q16-OpenMP-x86: Magick.NET-Q16-arm64: Magick.NET-Q16-x64: Magick.NET-Q16-x86: Magick.NET-Q8-AnyCPU: Magick.NET-Q8-OpenMP-arm64: Magick.NET-Q8-OpenMP-x64: Magick.NET-Q8-arm64: Magick.NET-Q8-x64: Magick.NET-Q8-x86: ImageMagick: Denial of Service due to memory leak in ASHLAR coder | known affected: 14 | 2026-07-16T09:37:46+00:00 | Vulnerability · Source |
| CVE-2026-61865 | redhat_vex | ImageMagick: ImageMagick: Memory leak in hough lines operation can lead to denial of service | known affected: 14 | 2026-07-16T09:37:45+00:00 | Vulnerability · Source |
| CVE-2026-61867 | redhat_vex | ImageMagick: ImageMagick: Denial of Service due to memory leak in TIFF encoder | known affected: 14 | 2026-07-16T09:37:44+00:00 | Vulnerability · Source |
| CVE-2026-61464 | redhat_vex | ImageMagick: ImageMagick before 7.1.2-26 Heap Buffer Over-Write via X11 | known affected: 14 | 2026-07-16T09:37:41+00:00 | Vulnerability · Source |
| CVE-2026-15925 | redhat_vex | snowflake-connector-python: Snowflake Connector for Python: Arbitrary SQL execution and information disclosure via improper TLS hostname verification | known affected: 1 | 2026-07-16T09:32:29+00:00 | Vulnerability · Source |
| CVE-2026-28390 | redhat_vex | openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing | fixed: 301 known affected: 302 known not affected: 288 under investigation: 7 | 2026-07-16T09:21:46+00:00 | Vulnerability · Source |
| CVE-2026-49854 | redhat_vex | tornado: Tornado: Information disclosure via out-of-bounds read in websocket_mask | known affected: 45 under investigation: 14 | 2026-07-16T09:05:59+00:00 | Vulnerability · Source |
| CVE-2026-10879 | redhat_vex | perl-DBI: perl-DBI: Heap overflow in SQL preparsing can lead to denial of service or arbitrary code execution. | fixed: 39 known affected: 6 | 2026-07-16T09:03:06+00:00 | Vulnerability · Source |
| CVE-2026-59203 | redhat_vex | Pillow: Pillow: Denial of Service via crafted EPS file | known affected: 60 known not affected: 6 under investigation: 25 | 2026-07-16T09:00:57+00:00 | Vulnerability · Source |
| CVE-2026-25681 | redhat_vex | golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting | fixed: 290 known affected: 414 known not affected: 523 under investigation: 2 | 2026-07-16T08:32:08+00:00 | Vulnerability · Source |
| CVE-2025-58183 | redhat_vex | golang: archive/tar: Unbounded allocation when parsing GNU sparse map | fixed: 8840 known affected: 129 known not affected: 8191 | 2026-07-16T08:26:35+00:00 | Vulnerability · Source |
| CVE-2026-14380 | redhat_vex | DBI: DBI: Arbitrary code execution via caller-influenced Profile attribute | known affected: 10 | 2026-07-16T08:26:32+00:00 | Vulnerability · Source |
| CVE-2025-66506 | redhat_vex | github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token | fixed: 320 known affected: 66 known not affected: 1247 | 2026-07-16T08:25:43+00:00 | Vulnerability · Source |
| CVE-2025-64756 | redhat_vex | glob: glob: Command Injection Vulnerability via Malicious Filenames | fixed: 171 known affected: 145 known not affected: 1097 | 2026-07-16T08:25:25+00:00 | Vulnerability · Source |
| CVE-2025-52881 | redhat_vex | runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects | fixed: 2379 known affected: 45 known not affected: 4060 | 2026-07-16T08:25:06+00:00 | Vulnerability · Source |
| CVE-2025-30204 | redhat_vex | golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing | fixed: 3038 known affected: 78 known not affected: 11728 | 2026-07-16T08:25:03+00:00 | Vulnerability · Source |
| CVE-2025-22869 | redhat_vex | golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh | fixed: 2719 known affected: 55 known not affected: 6259 under investigation: 1 | 2026-07-16T08:25:00+00:00 | Vulnerability · Source |
| CVE-2025-22868 | redhat_vex | golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws | fixed: 1876 known affected: 95 known not affected: 8426 | 2026-07-16T08:25:00+00:00 | Vulnerability · Source |
| CVE-2026-9698 | redhat_vex | DBI: DBI: Buffer overflow in error handling can lead to arbitrary code execution | fixed: 52 known affected: 4 | 2026-07-16T08:21:22+00:00 | Vulnerability · Source |
| CVE-2026-50589 | redhat_vex | openstack-ironic: OpenStack Ironic: Denial of Service via crafted JSON string | known not affected: 14 | 2026-07-16T08:21:21+00:00 | Vulnerability · Source |
| CVE-2024-24786 | redhat_vex | golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON | fixed: 2012 known affected: 115 known not affected: 11938 under investigation: 58 | 2026-07-16T08:17:29+00:00 | Vulnerability · Source |
| CVE-2024-24784 | redhat_vex | golang: net/mail: comments in display names are incorrectly handled | fixed: 1678 known affected: 56 known not affected: 714 | 2026-07-16T08:17:27+00:00 | Vulnerability · Source |
| CVE-2022-41715 | redhat_vex | golang: regexp/syntax: limit memory used by parsing regexps | fixed: 2994 known affected: 91 known not affected: 2693 under investigation: 1 | 2026-07-16T08:17:22+00:00 | Vulnerability · Source |
| CVE-2022-30631 | redhat_vex | golang: compress/gzip: stack exhaustion in Reader.Read | fixed: 4253 known affected: 91 known not affected: 2159 | 2026-07-16T08:17:22+00:00 | Vulnerability · Source |
| CVE-2026-59198 | redhat_vex | Pillow: Pillow: Information disclosure via TGA RLE encoder out-of-bounds read | known affected: 66 under investigation: 25 | 2026-07-16T08:17:21+00:00 | Vulnerability · Source |
| CVE-2021-20329 | redhat_vex | mongo-go-driver: specific cstrings input may not be properly validated | fixed: 252 known affected: 69 known not affected: 3782 | 2026-07-16T08:09:53+00:00 | Vulnerability · Source |
| CVE-2026-50144 | redhat_vex | ncnn: ncnn: Out-of-bounds write allows arbitrary code execution | known not affected: 1 | 2026-07-16T08:08:10+00:00 | Vulnerability · Source |
| CVE-2026-27136 | redhat_vex | golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass | fixed: 218 known affected: 417 known not affected: 173 under investigation: 2 | 2026-07-16T08:08:08+00:00 | Vulnerability · Source |
| CVE-2023-39325 | redhat_vex | golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) | fixed: 4761 known affected: 244 known not affected: 30354 | 2026-07-16T08:05:10+00:00 | Vulnerability · Source |