VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221796 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2025-31125 redhat_vex vite: Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query known affected: 6 known not affected: 5 2026-07-11T17:25:08+00:00 Vulnerability · Source
CVE-2026-47774 redhat_vex envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack fixed: 20 known not affected: 88 2026-07-11T17:20:04+00:00 Vulnerability · Source
CVE-2026-42208 redhat_vex LiteLLM: LiteLLM: Unauthorized data access and modification via SQL injection known not affected: 4 2026-07-11T17:20:02+00:00 Vulnerability · Source
CVE-2026-10536 microsoft_vex HTTP/2 stream-dependency tree UAF known affected: 2 known not affected: 4 2026-07-11T14:38:42+00:00 Vulnerability · Source
CVE-2026-14738 redhat_vex exo: Exo: Information disclosure due to weak hash algorithm known not affected: 1 2026-07-11T08:54:57+00:00 Vulnerability · Source
CVE-2026-54908 microsoft_vex Pion DTLS: Denial of service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message fixed: 1 known affected: 1 2026-07-11T01:41:05+00:00 Vulnerability · Source
CVE-2026-54886 microsoft_vex SSH SFTP server denial of service via extended channel data infinite loop fixed: 1 known affected: 1 2026-07-11T01:40:30+00:00 Vulnerability · Source
CVE-2026-45570 microsoft_vex go-git: Improper single-quote escaping in go-git SSH transport fixed: 1 known affected: 3 2026-07-11T01:39:57+00:00 Vulnerability · Source
CVE-2026-45571 microsoft_vex go-git: Crafted repositories may modify main and submodule .git directories fixed: 1 known affected: 3 2026-07-11T01:39:50+00:00 Vulnerability · Source
CVE-2024-7598 microsoft_vex Network restriction bypass via race condition during namespace termination fixed: 1 known affected: 13 under investigation: 3 2026-07-11T01:38:52+00:00 Vulnerability · Source
CVE-2026-56000 microsoft_vex xorg-x11-server / xwayland GLX contextTags Use-After-Free in CommonMakeCurrent() known affected: 2 2026-07-11T01:08:33+00:00 Vulnerability · Source
CVE-2026-59869 microsoft_vex js-yaml: YAML merge-key chains can force quadratic CPU consumption known affected: 1 2026-07-11T01:07:43+00:00 Vulnerability · Source
CVE-2026-59930 microsoft_vex Mistune toc / TableOfContents directive: heading IDs use predictable `toc_N` numbering with no slugification, allowing collision with attacker-controlled `id="toc_N"` content known affected: 1 2026-07-11T01:07:18+00:00 Vulnerability · Source
CVE-2026-59922 microsoft_vex Mistune plugins/formatting: quadratic-time parsing on long runs of `~~x~~`, `==x==`, and `^^x^^` markers (strikethrough / mark / insert) known affected: 1 2026-07-11T01:07:11+00:00 Vulnerability · Source
CVE-2026-59925 microsoft_vex inline_parser: quadratic-time parsing on long runs of `**x**` and `***x***` emphasis pairs known affected: 1 2026-07-11T01:07:05+00:00 Vulnerability · Source
CVE-2026-59926 microsoft_vex Mistune: XSS via unescaped class option in Admonition directive known affected: 1 2026-07-11T01:06:59+00:00 Vulnerability · Source
CVE-2026-59928 microsoft_vex Mistune block_parser: quadratic-time parsing on long lists of repeated reference-link definitions known affected: 1 2026-07-11T01:06:53+00:00 Vulnerability · Source
CVE-2026-14740 microsoft_vex DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment known affected: 1 2026-07-11T01:06:45+00:00 Vulnerability · Source
CVE-2026-14380 microsoft_vex DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile known affected: 1 2026-07-11T01:06:39+00:00 Vulnerability · Source
CVE-2026-14739 microsoft_vex DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders known affected: 1 2026-07-11T01:06:33+00:00 Vulnerability · Source
CVE-2026-59998 microsoft_vex sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory. known affected: 1 2026-07-11T01:02:59+00:00 Vulnerability · Source
CVE-2026-20244 microsoft_vex ClamAV DMG File Processing Denial of Service Vulnerability known affected: 1 2026-07-11T01:02:00+00:00 Vulnerability · Source
CVE-2026-20243 microsoft_vex ClamAV ALZ Archive Processing Denial of Service Vulnerability known affected: 1 2026-07-11T01:01:53+00:00 Vulnerability · Source
CVE-2026-20217 microsoft_vex ClamAV PESpin File Format Processing Out-of-Bounds Memory Corruption Vulnerability known affected: 1 2026-07-11T01:01:47+00:00 Vulnerability · Source
CVE-2026-20216 microsoft_vex ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerability known affected: 1 2026-07-11T01:01:41+00:00 Vulnerability · Source
CVE-2026-20215 microsoft_vex ClamAV 7Zip File Format Processing Out-of-Bounds Memory Corruption Vulnerability known affected: 1 2026-07-11T01:01:35+00:00 Vulnerability · Source
CVE-2026-20214 microsoft_vex ClamAV FSG File Format Processing Out-of-Bounds Memory Corruption Vulnerability known affected: 1 2026-07-11T01:01:29+00:00 Vulnerability · Source
CVE-2026-20213 microsoft_vex ClamAV PE File Format Processing Out-of-Bounds Memory Corruption Vulnerability known affected: 1 2026-07-11T01:01:22+00:00 Vulnerability · Source
CVE-2026-59856 microsoft_vex Vim: Arbitrary Code Execution via PHP Omni-Completion known affected: 1 2026-07-11T01:01:16+00:00 Vulnerability · Source
CVE-2025-56005 redhat_vex ply: python-ply: Unsafe pickle file handling in Ply known affected: 434 known not affected: 32 2026-07-10T23:21:53+00:00 Vulnerability · Source
CVE-2026-49980 redhat_vex github.com/rclone/rclone: Rclone: Remote Code Execution via unauthenticated requests when `rcd --rc-serve` is enabled known not affected: 6 2026-07-10T22:04:55+00:00 Vulnerability · Source
CVE-2026-47261 redhat_vex wasmtime-wasi: Wasmtime: Wasmtime: Access control bypass allows unauthorized file truncation via specific open flags. known affected: 3 2026-07-10T21:29:54+00:00 Vulnerability · Source
CVE-2025-4330 redhat_vex cpython: python: Extraction filter bypass for linking outside extraction directory fixed: 1027 known affected: 71 known not affected: 49 2026-07-10T20:52:45+00:00 Vulnerability · Source
CVE-2026-59882 redhat_vex guzzlehttp/psr7: guzzlehttp/psr7: URI host validation flaw can lead to security bypass or misrouting known not affected: 1 2026-07-10T20:44:53+00:00 Vulnerability · Source
CVE-2026-55404 redhat_vex yt-dlp: youtube-dl: yt-dlp/youtube-dl: Arbitrary Code Execution via Malicious Shortcut File Generation known not affected: 1 2026-07-10T20:40:12+00:00 Vulnerability · Source
CVE-2026-41901 redhat_vex thymeleaf: Thymeleaf: Server-Side Template Injection (SSTI) via expression execution bypass known affected: 3 known not affected: 2 2026-07-10T20:14:55+00:00 Vulnerability · Source
CVE-2026-53449 redhat_vex coturn: Coturn: Arbitrary file overwrite via CLI command known not affected: 1 2026-07-10T20:10:05+00:00 Vulnerability · Source
CVE-2026-53450 redhat_vex coturn: Coturn: Localhost services exposed via IPv4-mapped IPv6 address bypass known not affected: 1 2026-07-10T20:09:57+00:00 Vulnerability · Source
CVE-2026-53448 redhat_vex coturn: Coturn: Arbitrary code execution via SQL injection in HTTPS admin panel known not affected: 1 2026-07-10T20:09:55+00:00 Vulnerability · Source
CVE-2026-59180 redhat_vex apprise: Apprise: Information disclosure via HTTP redirect following with credential resending known not affected: 1 2026-07-10T19:54:52+00:00 Vulnerability · Source
CVE-2026-59871 redhat_vex node-tar: node-tar: Denial of Service due to incorrect PAX path handling known affected: 160 known not affected: 1 2026-07-10T19:14:58+00:00 Vulnerability · Source
CVE-2026-38076 redhat_vex jbig2dec: jbig2dec: Denial of Service via crafted input known affected: 6 2026-07-10T19:06:29+00:00 Vulnerability · Source
CVE-2026-56362 redhat_vex ImageMagick: Magick.NET-Q16-AnyCPU: Magick.NET-Q16-HDRI-AnyCPU: Magick.NET-Q16-HDRI-OpenMP-arm64: Magick.NET-Q16-HDRI-OpenMP-x64: Magick.NET-Q16-HDRI-arm64: Magick.NET-Q16-HDRI-x64: Magick.NET-Q16-HDRI-x86: Magick.NET-Q16-OpenMP-arm64: Magick.NET-Q16-OpenMP-x64: Magick.NET-Q16-OpenMP-x86: Magick.NET-Q16-arm64: Magick.NET-Q16-x64: Magick.NET-Q16-x86: Magick.NET-Q8-AnyCPU: Magick.NET-Q8-OpenMP-arm64: Magick.NET-Q8-OpenMP-x64: Magick.NET-Q8-arm64: Magick.NET-Q8-x64: Magick.NET-Q8-x86: ImageMagick: Information disclosure via heap-buffer-overflow read known affected: 14 2026-07-10T18:35:08+00:00 Vulnerability · Source
CVE-2026-53363 redhat_vex kernel: xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags() known not affected: 274 2026-07-10T17:10:57+00:00 Vulnerability · Source
CVE-2026-44171 redhat_vex mariadb: mbstream: Unauthorized file creation via path traversal fixed: 531 known not affected: 37 2026-07-10T16:53:55+00:00 Vulnerability · Source
CVE-2026-44168 redhat_vex mariadb: Arbitrary Code Execution via improper parameter validation during State Snapshot Transfer fixed: 531 known not affected: 37 2026-07-10T16:46:21+00:00 Vulnerability · Source
CVE-2026-49261 redhat_vex mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd fixed: 531 known not affected: 37 2026-07-10T16:46:15+00:00 Vulnerability · Source
CVE-2026-48165 redhat_vex mariadb: Arbitrary code execution via global system variable manipulation by a high-privileged user fixed: 531 known not affected: 37 2026-07-10T16:46:10+00:00 Vulnerability · Source
CVE-2026-48163 redhat_vex mariadb: Arbitrary code execution via improper parameter validation during SST fixed: 531 known not affected: 37 2026-07-10T16:46:01+00:00 Vulnerability · Source
CVE-2026-44173 redhat_vex mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries fixed: 531 known not affected: 37 2026-07-10T16:45:52+00:00 Vulnerability · Source