VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221796 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-44170 | redhat_vex | mariadb: Arbitrary shell command execution via improper sanitization in CONNECT engine | fixed: 531 known not affected: 37 | 2026-07-10T16:45:42+00:00 | Vulnerability · Source |
| CVE-2025-71319 | redhat_vex | image-size: image-size: Denial of Service due to infinite loop when processing specially crafted images. | fixed: 3 known affected: 28 known not affected: 34 | 2026-07-10T16:14:53+00:00 | Vulnerability · Source |
| CVE-2026-15143 | redhat_vex | guardrails-detectors: guardrails-detectors: SSRF and local file read via user-supplied XML Schema (xml-with-schema:) | known affected: 2 | 2026-07-10T16:05:37+00:00 | Vulnerability · Source |
| CVE-2026-57280 | redhat_vex | jenkins-script-security-plugin: Jenkins Script Security Plugin: Sandbox bypass leading to arbitrary code execution | known affected: 5 | 2026-07-10T15:59:59+00:00 | Vulnerability · Source |
| CVE-2026-54423 | redhat_vex | openstack-ironic: openstack-ironic: Arbitrary IPMI command execution via send_raw deployment step | known affected: 5 known not affected: 9 | 2026-07-10T15:30:05+00:00 | Vulnerability · Source |
| CVE-2026-14535 | redhat_vex | fickling: Fickling: Arbitrary code execution via pickle deserialization bypass | known affected: 1 | 2026-07-10T15:20:09+00:00 | Vulnerability · Source |
| CVE-2026-56297 | redhat_vex | FreeRDP: FreeRDP: Remote code execution or denial of service via use-after-free race condition | known affected: 31 | 2026-07-10T14:44:54+00:00 | Vulnerability · Source |
| CVE-2026-8926 | microsoft_vex | password leak with netrc and user in URL | known affected: 1 known not affected: 3 | 2026-07-10T14:40:29+00:00 | Vulnerability · Source |
| CVE-2026-57585 | microsoft_vex | MessagePack: Out-of-bounds read/crash on Unpacker reuse after caught error | fixed: 1 known affected: 1 | 2026-07-10T14:40:08+00:00 | Vulnerability · Source |
| CVE-2026-58014 | microsoft_vex | Glib: off-by-one error in glib/gkeyfile.c via "g_key_file_get_locale_string_list" | fixed: 1 known affected: 1 | 2026-07-10T14:40:00+00:00 | Vulnerability · Source |
| CVE-2026-58013 | microsoft_vex | Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend" | fixed: 1 known affected: 1 | 2026-07-10T14:39:52+00:00 | Vulnerability · Source |
| CVE-2026-58011 | microsoft_vex | Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime | fixed: 1 known affected: 1 | 2026-07-10T14:39:45+00:00 | Vulnerability · Source |
| CVE-2026-58012 | microsoft_vex | Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char() | fixed: 1 known affected: 1 | 2026-07-10T14:39:37+00:00 | Vulnerability · Source |
| CVE-2026-58016 | microsoft_vex | Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml" | fixed: 1 known affected: 1 | 2026-07-10T14:39:30+00:00 | Vulnerability · Source |
| CVE-2026-58015 | microsoft_vex | Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive | fixed: 1 known affected: 1 | 2026-07-10T14:39:22+00:00 | Vulnerability · Source |
| CVE-2026-58010 | microsoft_vex | Glib: buffer over-read in glib/gvariant-serialiser.c via gvs_tuple_is_normal() | fixed: 1 known affected: 1 | 2026-07-10T14:39:14+00:00 | Vulnerability · Source |
| CVE-2026-11525 | microsoft_vex | undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching | fixed: 1 known affected: 1 under investigation: 1 | 2026-07-10T14:39:01+00:00 | Vulnerability · Source |
| CVE-2026-59935 | redhat_vex | pypdf: pypdf: Denial of Service via crafted PDF with unterminated inline image | known affected: 5 under investigation: 6 | 2026-07-10T14:34:53+00:00 | Vulnerability · Source |
| CVE-2026-53878 | redhat_vex | django: Django: HTTP header injection via DomainNameValidator accepting newlines | known affected: 20 | 2026-07-10T14:25:02+00:00 | Vulnerability · Source |
| CVE-2026-53877 | redhat_vex | django: Django: Information disclosure via heap buffer over-read in GDALRaster | known affected: 20 | 2026-07-10T14:24:58+00:00 | Vulnerability · Source |
| CVE-2026-59937 | redhat_vex | pypdf: pypdf: Denial of Service via crafted PDF with malformed cross-reference streams | known affected: 11 | 2026-07-10T14:24:52+00:00 | Vulnerability · Source |
| CVE-2026-59938 | redhat_vex | pypdf: pypdf: Possible large memory usage for wrong image dimensions | known affected: 11 | 2026-07-10T14:10:27+00:00 | Vulnerability · Source |
| CVE-2026-15164 | redhat_vex | wireshark: Wireshark: Denial of Service vulnerability in ciscodump | known affected: 20 | 2026-07-10T14:05:41+00:00 | Vulnerability · Source |
| CVE-2026-15165 | redhat_vex | wireshark: Wireshark: Denial of Service via TLS ECH decryptor crash | known affected: 20 | 2026-07-10T14:05:30+00:00 | Vulnerability · Source |
| CVE-2026-47712 | redhat_vex | dulwich: Dulwich: Arbitrary file write via malicious commit subject in format_patch | known affected: 24 under investigation: 1 | 2026-07-10T14:00:38+00:00 | Vulnerability · Source |
| CVE-2026-7492 | redhat_vex | gitlab-ee: gitlab: GitLab: Information disclosure of private project existence via improper authorization | known not affected: 4 | 2026-07-10T13:50:51+00:00 | Vulnerability · Source |
| CVE-2026-48588 | redhat_vex | django: Django: Information disclosure due to improper caching of Set-Cookie responses | known affected: 20 | 2026-07-10T13:46:05+00:00 | Vulnerability · Source |
| CVE-2026-58207 | redhat_vex | github.com/nats-io/nats-server: NATS Server: Denial of Service via arithmetic overflow in connection monitoring pagination | known affected: 6 known not affected: 3 | 2026-07-10T13:46:03+00:00 | Vulnerability · Source |
| CVE-2026-12590 | redhat_vex | body-parser: body-parser: Denial of Service via invalid limit option | known affected: 132 known not affected: 1 | 2026-07-10T13:46:00+00:00 | Vulnerability · Source |
| CVE-2026-39197 | redhat_vex | vector: Vector: Denial of Service via crafted request to HTTP endpoint | known not affected: 1 | 2026-07-10T13:15:17+00:00 | Vulnerability · Source |
| CVE-2026-52924 | redhat_vex | kernel: sctp: purge outqueue on stale COOKIE-ECHO handling | known affected: 232 known not affected: 42 | 2026-07-10T13:07:12+00:00 | Vulnerability · Source |
| CVE-2026-59929 | redhat_vex | mistune: Mistune: Cross-site scripting via incomplete URL scheme filtering | known affected: 24 | 2026-07-10T12:59:58+00:00 | Vulnerability · Source |
| CVE-2026-59262 | redhat_vex | AFFiNE: AFFiNE: Information disclosure via histories GraphQL field | known not affected: 11 | 2026-07-10T12:24:52+00:00 | Vulnerability · Source |
| CVE-2026-52973 | redhat_vex | kernel: futex: Drop CLONE_THREAD requirement for private default hash alloc | known affected: 184 known not affected: 90 | 2026-07-10T11:55:23+00:00 | Vulnerability · Source |
| CVE-2026-59923 | redhat_vex | mistune: Mistune: Arbitrary code execution through crafted Markdown links | known affected: 24 under investigation: 1 | 2026-07-10T11:34:11+00:00 | Vulnerability · Source |
| CVE-2026-59926 | redhat_vex | mistune: Mistune: Cross-Site Scripting via unescaped HTML class attribute in Admonition directive | known affected: 24 under investigation: 1 | 2026-07-10T11:34:08+00:00 | Vulnerability · Source |
| CVE-2026-59930 | redhat_vex | mistune: Mistune: Same-page navigation redirection due to predictable heading IDs | known affected: 10 known not affected: 1 under investigation: 14 | 2026-07-10T11:34:07+00:00 | Vulnerability · Source |
| CVE-2026-15378 | redhat_vex | guardrails-detectors: guardrails-detectors: SSRF and local file read via user-supplied XML Schema (xml-with-schema:) | known affected: 1 | 2026-07-10T11:05:10+00:00 | Vulnerability · Source |
| CVE-2026-59725 | redhat_vex | socket.io: engine.io: Socket.IO: Denial of Service via invalid binary POST requests | fixed: 3 known affected: 4 | 2026-07-10T10:59:12+00:00 | Vulnerability · Source |
| CVE-2023-5685 | redhat_vex | xnio: StackOverflowException when the chain of notifier states becomes problematically big | fixed: 93 known affected: 5 known not affected: 240 | 2026-07-10T10:44:22+00:00 | Vulnerability · Source |
| CVE-2026-59152 | redhat_vex | langsmith: LangSmith SDK TracingMiddleware: Information Disclosure via Arbitrary Server-Side File Read | known affected: 14 | 2026-07-10T10:00:54+00:00 | Vulnerability · Source |
| CVE-2026-53511 | redhat_vex | calibre: Calibre: Arbitrary code execution via malicious e-book file processing | known not affected: 1 | 2026-07-10T09:55:40+00:00 | Vulnerability · Source |
| CVE-2026-58374 | redhat_vex | hostapd: hostapd: Denial of Service via malformed Wi-Fi 7 Multi-Link Operation association request | known affected: 3 | 2026-07-10T09:50:26+00:00 | Vulnerability · Source |
| CVE-2026-14362 | redhat_vex | github.com/hashicorp/memberlist: HashiCorp memberlist: Denial of Service via push/pull state handling | known affected: 15 known not affected: 32 | 2026-07-10T09:30:01+00:00 | Vulnerability · Source |
| CVE-2026-44512 | redhat_vex | onnx: ONNX: Denial of Service via crafted untrusted models | known affected: 16 | 2026-07-10T07:54:47+00:00 | Vulnerability · Source |
| CVE-2026-54528 | redhat_vex | jupyterlab-git: JupyterLab Git: Information disclosure via case-sensitivity bypass in excluded path enforcement | known affected: 15 | 2026-07-10T07:09:53+00:00 | Vulnerability · Source |
| CVE-2026-59925 | redhat_vex | mistune: Mistune: Denial of Service via crafted Markdown input | known affected: 25 | 2026-07-10T07:05:12+00:00 | Vulnerability · Source |
| CVE-2024-12125 | redhat_vex | 3scale-porta: Readonly fields not validated server-side | known affected: 1 | 2026-07-10T06:25:28+00:00 | Vulnerability · Source |
| CVE-2024-28176 | redhat_vex | jose: resource exhaustion | fixed: 584 known affected: 3 known not affected: 2423 | 2026-07-10T04:58:12+00:00 | Vulnerability · Source |
| CVE-2023-24536 | redhat_vex | golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption | fixed: 1648 known affected: 101 known not affected: 1097 | 2026-07-10T04:58:01+00:00 | Vulnerability · Source |