VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221689 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2025-61772 | redhat_vex | rack: Rack memory exhaustion denial of service | fixed: 138 known affected: 41 | 2026-07-11T20:00:06+00:00 | Vulnerability · Source |
| CVE-2025-23216 | redhat_vex | argocd: Argo CD does not scrub secret values from patch errors | fixed: 70 | 2026-07-11T19:00:04+00:00 | Vulnerability · Source |
| CVE-2024-13484 | redhat_vex | openshift-gitops-operator-container: Namespace Isolation Break | fixed: 74 known not affected: 29 | 2026-07-11T19:00:04+00:00 | Vulnerability · Source |
| CVE-2025-3415 | redhat_vex | grafana: Exposure of DingDing alerting integration URL to Viewer level users | known not affected: 21 | 2026-07-11T17:42:33+00:00 | Vulnerability · Source |
| CVE-2024-28956 | redhat_vex | microcode_ctl: From CVEorg collector | fixed: 947 known affected: 65 known not affected: 5 | 2026-07-11T17:42:12+00:00 | Vulnerability · Source |
| CVE-2025-47277 | redhat_vex | vllm: vLLM Allows Remote Code Execution via PyNcclPipe Communication Service | fixed: 15 known not affected: 1 | 2026-07-11T17:42:06+00:00 | Vulnerability · Source |
| CVE-2025-66516 | redhat_vex | tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected | fixed: 9 known not affected: 65 | 2026-07-11T17:41:42+00:00 | Vulnerability · Source |
| CVE-2025-32462 | redhat_vex | sudo: LPE via host option | fixed: 271 known not affected: 4159 | 2026-07-11T17:41:41+00:00 | Vulnerability · Source |
| CVE-2025-1094 | redhat_vex | postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation | fixed: 3374 known affected: 11 known not affected: 19 | 2026-07-11T17:41:38+00:00 | Vulnerability · Source |
| CVE-2025-62168 | redhat_vex | squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling | fixed: 225 known affected: 4 known not affected: 17 | 2026-07-11T17:41:38+00:00 | Vulnerability · Source |
| CVE-2025-29927 | redhat_vex | nextjs: Authorization Bypass in Next.js Middleware | known not affected: 177 | 2026-07-11T17:41:34+00:00 | Vulnerability · Source |
| CVE-2025-68664 | redhat_vex | langchain-core: LangChain: Arbitrary code execution via serialization injection | fixed: 18 known not affected: 254 | 2026-07-11T17:41:32+00:00 | Vulnerability · Source |
| CVE-2025-41244 | redhat_vex | open-vm-tools: Local privilege escalation in open-vm-tools | fixed: 169 known not affected: 6 | 2026-07-11T17:41:27+00:00 | Vulnerability · Source |
| CVE-2025-48384 | redhat_vex | git: Git arbitrary code execution | fixed: 587 known affected: 13 known not affected: 655 | 2026-07-11T17:41:25+00:00 | Vulnerability · Source |
| CVE-2025-13888 | redhat_vex | openshift-gitops-operator: OpenShift GitOps: Namespace Admin Cluster Takeover via Privileged Jobs | fixed: 16 known not affected: 145 | 2026-07-11T17:40:59+00:00 | Vulnerability · Source |
| CVE-2025-5115 | redhat_vex | jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames | fixed: 36 known affected: 8 known not affected: 16 | 2026-07-11T17:40:49+00:00 | Vulnerability · Source |
| CVE-2025-47151 | redhat_vex | lasso: Type confusion in Entr'ouvert Lasso | fixed: 450 known affected: 3 | 2026-07-11T17:40:42+00:00 | Vulnerability · Source |
| CVE-2021-22555 | redhat_vex | kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c | fixed: 1259 known affected: 16 known not affected: 115 | 2026-07-11T17:40:34+00:00 | Vulnerability · Source |
| CVE-2025-32463 | redhat_vex | sudo: LPE via chroot option | fixed: 33 known not affected: 12 | 2026-07-11T17:40:26+00:00 | Vulnerability · Source |
| CVE-2026-1709 | redhat_vex | keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication | fixed: 86 | 2026-07-11T17:25:14+00:00 | Vulnerability · Source |
| CVE-2026-4631 | redhat_vex | cockpit: Cockpit: Unauthenticated remote code execution due to SSH command-line argument injection | fixed: 102 known not affected: 13 | 2026-07-11T17:25:14+00:00 | Vulnerability · Source |
| CVE-2026-22778 | redhat_vex | vLLM: vLLM: Remote code execution via invalid image processing in the multimodal endpoint. | fixed: 18 known affected: 4 known not affected: 670 | 2026-07-11T17:25:13+00:00 | Vulnerability · Source |
| CVE-2025-31125 | redhat_vex | vite: Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | known affected: 6 known not affected: 5 | 2026-07-11T17:25:08+00:00 | Vulnerability · Source |
| CVE-2026-47774 | redhat_vex | envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack | fixed: 20 known not affected: 88 | 2026-07-11T17:20:04+00:00 | Vulnerability · Source |
| CVE-2026-42208 | redhat_vex | LiteLLM: LiteLLM: Unauthorized data access and modification via SQL injection | known not affected: 4 | 2026-07-11T17:20:02+00:00 | Vulnerability · Source |
| CVE-2026-10536 | microsoft_vex | HTTP/2 stream-dependency tree UAF | known affected: 2 known not affected: 4 | 2026-07-11T14:38:42+00:00 | Vulnerability · Source |
| CVE-2026-14738 | redhat_vex | exo: Exo: Information disclosure due to weak hash algorithm | known not affected: 1 | 2026-07-11T08:54:57+00:00 | Vulnerability · Source |
| CVE-2026-54908 | microsoft_vex | Pion DTLS: Denial of service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message | fixed: 1 known affected: 1 | 2026-07-11T01:41:05+00:00 | Vulnerability · Source |
| CVE-2026-54886 | microsoft_vex | SSH SFTP server denial of service via extended channel data infinite loop | fixed: 1 known affected: 1 | 2026-07-11T01:40:30+00:00 | Vulnerability · Source |
| CVE-2026-45570 | microsoft_vex | go-git: Improper single-quote escaping in go-git SSH transport | fixed: 1 known affected: 3 | 2026-07-11T01:39:57+00:00 | Vulnerability · Source |
| CVE-2026-45571 | microsoft_vex | go-git: Crafted repositories may modify main and submodule .git directories | fixed: 1 known affected: 3 | 2026-07-11T01:39:50+00:00 | Vulnerability · Source |
| CVE-2024-7598 | microsoft_vex | Network restriction bypass via race condition during namespace termination | fixed: 1 known affected: 13 under investigation: 3 | 2026-07-11T01:38:52+00:00 | Vulnerability · Source |
| CVE-2026-56000 | microsoft_vex | xorg-x11-server / xwayland GLX contextTags Use-After-Free in CommonMakeCurrent() | known affected: 2 | 2026-07-11T01:08:33+00:00 | Vulnerability · Source |
| CVE-2026-59869 | microsoft_vex | js-yaml: YAML merge-key chains can force quadratic CPU consumption | known affected: 1 | 2026-07-11T01:07:43+00:00 | Vulnerability · Source |
| CVE-2026-59930 | microsoft_vex | Mistune toc / TableOfContents directive: heading IDs use predictable `toc_N` numbering with no slugification, allowing collision with attacker-controlled `id="toc_N"` content | known affected: 1 | 2026-07-11T01:07:18+00:00 | Vulnerability · Source |
| CVE-2026-59922 | microsoft_vex | Mistune plugins/formatting: quadratic-time parsing on long runs of `~~x~~`, `==x==`, and `^^x^^` markers (strikethrough / mark / insert) | known affected: 1 | 2026-07-11T01:07:11+00:00 | Vulnerability · Source |
| CVE-2026-59925 | microsoft_vex | inline_parser: quadratic-time parsing on long runs of `**x**` and `***x***` emphasis pairs | known affected: 1 | 2026-07-11T01:07:05+00:00 | Vulnerability · Source |
| CVE-2026-59926 | microsoft_vex | Mistune: XSS via unescaped class option in Admonition directive | known affected: 1 | 2026-07-11T01:06:59+00:00 | Vulnerability · Source |
| CVE-2026-59928 | microsoft_vex | Mistune block_parser: quadratic-time parsing on long lists of repeated reference-link definitions | known affected: 1 | 2026-07-11T01:06:53+00:00 | Vulnerability · Source |
| CVE-2026-14740 | microsoft_vex | DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment | known affected: 1 | 2026-07-11T01:06:45+00:00 | Vulnerability · Source |
| CVE-2026-14380 | microsoft_vex | DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile | known affected: 1 | 2026-07-11T01:06:39+00:00 | Vulnerability · Source |
| CVE-2026-14739 | microsoft_vex | DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders | known affected: 1 | 2026-07-11T01:06:33+00:00 | Vulnerability · Source |
| CVE-2026-59998 | microsoft_vex | sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory. | known affected: 1 | 2026-07-11T01:02:59+00:00 | Vulnerability · Source |
| CVE-2026-20244 | microsoft_vex | ClamAV DMG File Processing Denial of Service Vulnerability | known affected: 1 | 2026-07-11T01:02:00+00:00 | Vulnerability · Source |
| CVE-2026-20243 | microsoft_vex | ClamAV ALZ Archive Processing Denial of Service Vulnerability | known affected: 1 | 2026-07-11T01:01:53+00:00 | Vulnerability · Source |
| CVE-2026-20217 | microsoft_vex | ClamAV PESpin File Format Processing Out-of-Bounds Memory Corruption Vulnerability | known affected: 1 | 2026-07-11T01:01:47+00:00 | Vulnerability · Source |
| CVE-2026-20216 | microsoft_vex | ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerability | known affected: 1 | 2026-07-11T01:01:41+00:00 | Vulnerability · Source |
| CVE-2026-20215 | microsoft_vex | ClamAV 7Zip File Format Processing Out-of-Bounds Memory Corruption Vulnerability | known affected: 1 | 2026-07-11T01:01:35+00:00 | Vulnerability · Source |
| CVE-2026-20214 | microsoft_vex | ClamAV FSG File Format Processing Out-of-Bounds Memory Corruption Vulnerability | known affected: 1 | 2026-07-11T01:01:29+00:00 | Vulnerability · Source |
| CVE-2026-20213 | microsoft_vex | ClamAV PE File Format Processing Out-of-Bounds Memory Corruption Vulnerability | known affected: 1 | 2026-07-11T01:01:22+00:00 | Vulnerability · Source |