VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221718 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-9697 redhat_vex undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy fixed: 180 known affected: 20 known not affected: 798 2026-07-16T10:10:02+00:00 Vulnerability · Source
CVE-2025-66471 redhat_vex urllib3: urllib3 Streaming API improperly handles highly compressed data fixed: 1948 known affected: 359 known not affected: 3318 under investigation: 1 2026-07-16T10:04:22+00:00 Vulnerability · Source
CVE-2026-44496 redhat_vex axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name fixed: 119 known affected: 37 known not affected: 3875 2026-07-16T09:49:09+00:00 Vulnerability · Source
CVE-2026-44495 redhat_vex axios: Axios: Information disclosure due to prototype pollution vulnerability fixed: 114 known affected: 38 known not affected: 3375 2026-07-16T09:49:01+00:00 Vulnerability · Source
CVE-2026-44494 redhat_vex axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution fixed: 127 known affected: 38 known not affected: 5064 2026-07-16T09:49:00+00:00 Vulnerability · Source
CVE-2026-44492 redhat_vex axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization fixed: 116 known affected: 37 known not affected: 3831 2026-07-16T09:48:46+00:00 Vulnerability · Source
CVE-2026-44488 redhat_vex axios: Axios: Denial of Service due to unenforced request and response size limits fixed: 117 known affected: 35 known not affected: 3371 2026-07-16T09:48:45+00:00 Vulnerability · Source
CVE-2026-44487 redhat_vex axios: Axios: Information disclosure of proxy credentials via redirect flows fixed: 119 known affected: 35 known not affected: 3963 2026-07-16T09:48:45+00:00 Vulnerability · Source
CVE-2026-44486 redhat_vex axios: Axios: Information disclosure of proxy credentials via HTTP redirects fixed: 112 known affected: 38 known not affected: 3831 2026-07-16T09:48:45+00:00 Vulnerability · Source
CVE-2026-14544 redhat_vex HPLIP: Incomplete Fix for CVE-2026-8631 fixed: 10 known affected: 6 known not affected: 76 2026-07-16T09:44:04+00:00 Vulnerability · Source
CVE-2026-8595 redhat_vex grafana: Grafana: Stored Cross-Site Scripting via malicious dashboard field name known not affected: 28 2026-07-16T09:41:26+00:00 Vulnerability · Source
CVE-2026-61863 redhat_vex ImageMagick: ImageMagick: Memory leak in TIFF encoder known affected: 14 2026-07-16T09:38:03+00:00 Vulnerability · Source
CVE-2026-61872 redhat_vex ImageMagick: ImageMagick: Denial of Service due to memory leak in TIFF encoder known affected: 14 2026-07-16T09:38:03+00:00 Vulnerability · Source
CVE-2026-61859 redhat_vex ImageMagick: ImageMagick: Information disclosure via policy bypass in -script operation known affected: 14 2026-07-16T09:38:01+00:00 Vulnerability · Source
CVE-2026-61868 redhat_vex ImageMagick: ImageMagick: Denial of Service due to memory leak in YUV decoder known affected: 14 2026-07-16T09:37:58+00:00 Vulnerability · Source
CVE-2026-61871 redhat_vex ImageMagick: ImageMagick: Denial of Service via memory leak in ICON decoder known affected: 14 2026-07-16T09:37:57+00:00 Vulnerability · Source
CVE-2026-61866 redhat_vex ImageMagick: ImageMagick: Memory leak in JNG encoder can lead to denial of service known affected: 14 2026-07-16T09:37:53+00:00 Vulnerability · Source
CVE-2026-61869 redhat_vex ImageMagick: ImageMagick: Denial of Service via memory leak in MIFF encoder known affected: 14 2026-07-16T09:37:49+00:00 Vulnerability · Source
CVE-2026-61862 redhat_vex ImageMagick: ImageMagick: Information disclosure via out-of-bounds read when displaying profiles with debug enabled known affected: 14 2026-07-16T09:37:48+00:00 Vulnerability · Source
CVE-2026-61864 redhat_vex ImageMagick: ImageMagick: Memory leak in color transformation to log colorspace known affected: 14 2026-07-16T09:37:48+00:00 Vulnerability · Source
CVE-2026-61860 redhat_vex ImageMagick: ImageMagick: Denial of Service via use-after-free during freetype initialization known affected: 14 2026-07-16T09:37:46+00:00 Vulnerability · Source
CVE-2026-56375 redhat_vex Magick.NET-Q16-AnyCPU: Magick.NET-Q16-HDRI-AnyCPU: Magick.NET-Q16-HDRI-OpenMP-arm64: Magick.NET-Q16-HDRI-arm64: Magick.NET-Q16-HDRI-x64: Magick.NET-Q16-HDRI-x86: Magick.NET-Q16-OpenMP-arm64: Magick.NET-Q16-OpenMP-x64: Magick.NET-Q16-OpenMP-x86: Magick.NET-Q16-arm64: Magick.NET-Q16-x64: Magick.NET-Q16-x86: Magick.NET-Q8-AnyCPU: Magick.NET-Q8-OpenMP-arm64: Magick.NET-Q8-OpenMP-x64: Magick.NET-Q8-arm64: Magick.NET-Q8-x64: Magick.NET-Q8-x86: ImageMagick: Denial of Service due to memory leak in ASHLAR coder known affected: 14 2026-07-16T09:37:46+00:00 Vulnerability · Source
CVE-2026-61865 redhat_vex ImageMagick: ImageMagick: Memory leak in hough lines operation can lead to denial of service known affected: 14 2026-07-16T09:37:45+00:00 Vulnerability · Source
CVE-2026-61867 redhat_vex ImageMagick: ImageMagick: Denial of Service due to memory leak in TIFF encoder known affected: 14 2026-07-16T09:37:44+00:00 Vulnerability · Source
CVE-2026-61464 redhat_vex ImageMagick: ImageMagick before 7.1.2-26 Heap Buffer Over-Write via X11 known affected: 14 2026-07-16T09:37:41+00:00 Vulnerability · Source
CVE-2026-15925 redhat_vex snowflake-connector-python: Snowflake Connector for Python: Arbitrary SQL execution and information disclosure via improper TLS hostname verification known affected: 1 2026-07-16T09:32:29+00:00 Vulnerability · Source
CVE-2026-28390 redhat_vex openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing fixed: 301 known affected: 302 known not affected: 288 under investigation: 7 2026-07-16T09:21:46+00:00 Vulnerability · Source
CVE-2026-49854 redhat_vex tornado: Tornado: Information disclosure via out-of-bounds read in websocket_mask known affected: 45 under investigation: 14 2026-07-16T09:05:59+00:00 Vulnerability · Source
CVE-2026-10879 redhat_vex perl-DBI: perl-DBI: Heap overflow in SQL preparsing can lead to denial of service or arbitrary code execution. fixed: 39 known affected: 6 2026-07-16T09:03:06+00:00 Vulnerability · Source
CVE-2026-59203 redhat_vex Pillow: Pillow: Denial of Service via crafted EPS file known affected: 60 known not affected: 6 under investigation: 25 2026-07-16T09:00:57+00:00 Vulnerability · Source
CVE-2026-25681 redhat_vex golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting fixed: 290 known affected: 414 known not affected: 523 under investigation: 2 2026-07-16T08:32:08+00:00 Vulnerability · Source
CVE-2025-58183 redhat_vex golang: archive/tar: Unbounded allocation when parsing GNU sparse map fixed: 8840 known affected: 129 known not affected: 8191 2026-07-16T08:26:35+00:00 Vulnerability · Source
CVE-2026-14380 redhat_vex DBI: DBI: Arbitrary code execution via caller-influenced Profile attribute known affected: 10 2026-07-16T08:26:32+00:00 Vulnerability · Source
CVE-2025-66506 redhat_vex github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token fixed: 320 known affected: 66 known not affected: 1247 2026-07-16T08:25:43+00:00 Vulnerability · Source
CVE-2025-64756 redhat_vex glob: glob: Command Injection Vulnerability via Malicious Filenames fixed: 171 known affected: 145 known not affected: 1097 2026-07-16T08:25:25+00:00 Vulnerability · Source
CVE-2025-52881 redhat_vex runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects fixed: 2379 known affected: 45 known not affected: 4060 2026-07-16T08:25:06+00:00 Vulnerability · Source
CVE-2025-30204 redhat_vex golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing fixed: 3038 known affected: 78 known not affected: 11728 2026-07-16T08:25:03+00:00 Vulnerability · Source
CVE-2025-22869 redhat_vex golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh fixed: 2719 known affected: 55 known not affected: 6259 under investigation: 1 2026-07-16T08:25:00+00:00 Vulnerability · Source
CVE-2025-22868 redhat_vex golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws fixed: 1876 known affected: 95 known not affected: 8426 2026-07-16T08:25:00+00:00 Vulnerability · Source
CVE-2026-9698 redhat_vex DBI: DBI: Buffer overflow in error handling can lead to arbitrary code execution fixed: 52 known affected: 4 2026-07-16T08:21:22+00:00 Vulnerability · Source
CVE-2026-50589 redhat_vex openstack-ironic: OpenStack Ironic: Denial of Service via crafted JSON string known not affected: 14 2026-07-16T08:21:21+00:00 Vulnerability · Source
CVE-2024-24786 redhat_vex golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON fixed: 2012 known affected: 115 known not affected: 11938 under investigation: 58 2026-07-16T08:17:29+00:00 Vulnerability · Source
CVE-2024-24784 redhat_vex golang: net/mail: comments in display names are incorrectly handled fixed: 1678 known affected: 56 known not affected: 714 2026-07-16T08:17:27+00:00 Vulnerability · Source
CVE-2022-41715 redhat_vex golang: regexp/syntax: limit memory used by parsing regexps fixed: 2994 known affected: 91 known not affected: 2693 under investigation: 1 2026-07-16T08:17:22+00:00 Vulnerability · Source
CVE-2022-30631 redhat_vex golang: compress/gzip: stack exhaustion in Reader.Read fixed: 4253 known affected: 91 known not affected: 2159 2026-07-16T08:17:22+00:00 Vulnerability · Source
CVE-2026-59198 redhat_vex Pillow: Pillow: Information disclosure via TGA RLE encoder out-of-bounds read known affected: 66 under investigation: 25 2026-07-16T08:17:21+00:00 Vulnerability · Source
CVE-2021-20329 redhat_vex mongo-go-driver: specific cstrings input may not be properly validated fixed: 252 known affected: 69 known not affected: 3782 2026-07-16T08:09:53+00:00 Vulnerability · Source
CVE-2026-50144 redhat_vex ncnn: ncnn: Out-of-bounds write allows arbitrary code execution known not affected: 1 2026-07-16T08:08:10+00:00 Vulnerability · Source
CVE-2026-27136 redhat_vex golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass fixed: 218 known affected: 417 known not affected: 173 under investigation: 2 2026-07-16T08:08:08+00:00 Vulnerability · Source
CVE-2023-39325 redhat_vex golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) fixed: 4761 known affected: 244 known not affected: 30354 2026-07-16T08:05:10+00:00 Vulnerability · Source