VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221692 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-20216 microsoft_vex ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerability known affected: 1 2026-07-11T01:01:41+00:00 Vulnerability · Source
CVE-2026-20215 microsoft_vex ClamAV 7Zip File Format Processing Out-of-Bounds Memory Corruption Vulnerability known affected: 1 2026-07-11T01:01:35+00:00 Vulnerability · Source
CVE-2026-20214 microsoft_vex ClamAV FSG File Format Processing Out-of-Bounds Memory Corruption Vulnerability known affected: 1 2026-07-11T01:01:29+00:00 Vulnerability · Source
CVE-2026-20213 microsoft_vex ClamAV PE File Format Processing Out-of-Bounds Memory Corruption Vulnerability known affected: 1 2026-07-11T01:01:22+00:00 Vulnerability · Source
CVE-2026-59856 microsoft_vex Vim: Arbitrary Code Execution via PHP Omni-Completion known affected: 1 2026-07-11T01:01:16+00:00 Vulnerability · Source
CVE-2025-56005 redhat_vex ply: python-ply: Unsafe pickle file handling in Ply known affected: 434 known not affected: 32 2026-07-10T23:21:53+00:00 Vulnerability · Source
CVE-2026-49980 redhat_vex github.com/rclone/rclone: Rclone: Remote Code Execution via unauthenticated requests when `rcd --rc-serve` is enabled known not affected: 6 2026-07-10T22:04:55+00:00 Vulnerability · Source
CVE-2026-47261 redhat_vex wasmtime-wasi: Wasmtime: Wasmtime: Access control bypass allows unauthorized file truncation via specific open flags. known affected: 3 2026-07-10T21:29:54+00:00 Vulnerability · Source
CVE-2026-43870 redhat_vex apache-thrift: Apache Thrift: Denial of Service via multiple vulnerabilities fixed: 4 known affected: 24 known not affected: 199 under investigation: 2 2026-07-10T21:24:55+00:00 Vulnerability · Source
CVE-2025-4330 redhat_vex cpython: python: Extraction filter bypass for linking outside extraction directory fixed: 1027 known affected: 71 known not affected: 49 2026-07-10T20:52:45+00:00 Vulnerability · Source
CVE-2026-59882 redhat_vex guzzlehttp/psr7: guzzlehttp/psr7: URI host validation flaw can lead to security bypass or misrouting known not affected: 1 2026-07-10T20:44:53+00:00 Vulnerability · Source
CVE-2026-55404 redhat_vex yt-dlp: youtube-dl: yt-dlp/youtube-dl: Arbitrary Code Execution via Malicious Shortcut File Generation known not affected: 1 2026-07-10T20:40:12+00:00 Vulnerability · Source
CVE-2026-41901 redhat_vex thymeleaf: Thymeleaf: Server-Side Template Injection (SSTI) via expression execution bypass known affected: 3 known not affected: 2 2026-07-10T20:14:55+00:00 Vulnerability · Source
CVE-2026-53449 redhat_vex coturn: Coturn: Arbitrary file overwrite via CLI command known not affected: 1 2026-07-10T20:10:05+00:00 Vulnerability · Source
CVE-2026-53450 redhat_vex coturn: Coturn: Localhost services exposed via IPv4-mapped IPv6 address bypass known not affected: 1 2026-07-10T20:09:57+00:00 Vulnerability · Source
CVE-2026-53448 redhat_vex coturn: Coturn: Arbitrary code execution via SQL injection in HTTPS admin panel known not affected: 1 2026-07-10T20:09:55+00:00 Vulnerability · Source
CVE-2026-59180 redhat_vex apprise: Apprise: Information disclosure via HTTP redirect following with credential resending known not affected: 1 2026-07-10T19:54:52+00:00 Vulnerability · Source
CVE-2026-59871 redhat_vex node-tar: node-tar: Denial of Service due to incorrect PAX path handling known affected: 160 known not affected: 1 2026-07-10T19:14:58+00:00 Vulnerability · Source
CVE-2026-38076 redhat_vex jbig2dec: jbig2dec: Denial of Service via crafted input known affected: 6 2026-07-10T19:06:29+00:00 Vulnerability · Source
CVE-2026-40984 redhat_vex micrometer-core: micrometer-jetty11: micrometer-jetty12: Micrometer: Denial of Service via specially crafted HTTP requests fixed: 2 known affected: 22 known not affected: 1 2026-07-10T18:49:53+00:00 Vulnerability · Source
CVE-2026-56362 redhat_vex ImageMagick: Magick.NET-Q16-AnyCPU: Magick.NET-Q16-HDRI-AnyCPU: Magick.NET-Q16-HDRI-OpenMP-arm64: Magick.NET-Q16-HDRI-OpenMP-x64: Magick.NET-Q16-HDRI-arm64: Magick.NET-Q16-HDRI-x64: Magick.NET-Q16-HDRI-x86: Magick.NET-Q16-OpenMP-arm64: Magick.NET-Q16-OpenMP-x64: Magick.NET-Q16-OpenMP-x86: Magick.NET-Q16-arm64: Magick.NET-Q16-x64: Magick.NET-Q16-x86: Magick.NET-Q8-AnyCPU: Magick.NET-Q8-OpenMP-arm64: Magick.NET-Q8-OpenMP-x64: Magick.NET-Q8-arm64: Magick.NET-Q8-x64: Magick.NET-Q8-x86: ImageMagick: Information disclosure via heap-buffer-overflow read known affected: 14 2026-07-10T18:35:08+00:00 Vulnerability · Source
CVE-2026-48710 redhat_vex starlette: Starlette: Security restriction bypass via malformed HTTP Host header fixed: 81 known affected: 38 known not affected: 609 2026-07-10T17:51:06+00:00 Vulnerability · Source
CVE-2026-58380 redhat_vex gimp: gimp: Stack buffer overflow in pnmscanner_gettoken() known affected: 32 2026-07-10T17:35:35+00:00 Vulnerability · Source
CVE-2026-53363 redhat_vex kernel: xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags() known not affected: 274 2026-07-10T17:10:57+00:00 Vulnerability · Source
CVE-2026-44171 redhat_vex mariadb: mbstream: Unauthorized file creation via path traversal fixed: 531 known not affected: 37 2026-07-10T16:53:55+00:00 Vulnerability · Source
CVE-2026-44168 redhat_vex mariadb: Arbitrary Code Execution via improper parameter validation during State Snapshot Transfer fixed: 531 known not affected: 37 2026-07-10T16:46:21+00:00 Vulnerability · Source
CVE-2026-49261 redhat_vex mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd fixed: 531 known not affected: 37 2026-07-10T16:46:15+00:00 Vulnerability · Source
CVE-2026-48165 redhat_vex mariadb: Arbitrary code execution via global system variable manipulation by a high-privileged user fixed: 531 known not affected: 37 2026-07-10T16:46:10+00:00 Vulnerability · Source
CVE-2026-48163 redhat_vex mariadb: Arbitrary code execution via improper parameter validation during SST fixed: 531 known not affected: 37 2026-07-10T16:46:01+00:00 Vulnerability · Source
CVE-2026-44173 redhat_vex mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries fixed: 531 known not affected: 37 2026-07-10T16:45:52+00:00 Vulnerability · Source
CVE-2026-44170 redhat_vex mariadb: Arbitrary shell command execution via improper sanitization in CONNECT engine fixed: 531 known not affected: 37 2026-07-10T16:45:42+00:00 Vulnerability · Source
CVE-2025-71319 redhat_vex image-size: image-size: Denial of Service due to infinite loop when processing specially crafted images. fixed: 3 known affected: 28 known not affected: 34 2026-07-10T16:14:53+00:00 Vulnerability · Source
CVE-2026-15143 redhat_vex guardrails-detectors: guardrails-detectors: SSRF and local file read via user-supplied XML Schema (xml-with-schema:) known affected: 2 2026-07-10T16:05:37+00:00 Vulnerability · Source
CVE-2026-57280 redhat_vex jenkins-script-security-plugin: Jenkins Script Security Plugin: Sandbox bypass leading to arbitrary code execution known affected: 5 2026-07-10T15:59:59+00:00 Vulnerability · Source
CVE-2026-58384 redhat_vex gimp: gimp: Integer overflow in read_RLE_channel() known affected: 3 known not affected: 29 2026-07-10T15:34:53+00:00 Vulnerability · Source
CVE-2026-54423 redhat_vex openstack-ironic: openstack-ironic: Arbitrary IPMI command execution via send_raw deployment step known affected: 5 known not affected: 9 2026-07-10T15:30:05+00:00 Vulnerability · Source
CVE-2026-14535 redhat_vex fickling: Fickling: Arbitrary code execution via pickle deserialization bypass known affected: 1 2026-07-10T15:20:09+00:00 Vulnerability · Source
CVE-2026-56297 redhat_vex FreeRDP: FreeRDP: Remote code execution or denial of service via use-after-free race condition known affected: 31 2026-07-10T14:44:54+00:00 Vulnerability · Source
CVE-2026-8926 microsoft_vex password leak with netrc and user in URL known affected: 1 known not affected: 3 2026-07-10T14:40:29+00:00 Vulnerability · Source
CVE-2026-57585 microsoft_vex MessagePack: Out-of-bounds read/crash on Unpacker reuse after caught error fixed: 1 known affected: 1 2026-07-10T14:40:08+00:00 Vulnerability · Source
CVE-2026-58014 microsoft_vex Glib: off-by-one error in glib/gkeyfile.c via "g_key_file_get_locale_string_list" fixed: 1 known affected: 1 2026-07-10T14:40:00+00:00 Vulnerability · Source
CVE-2026-58013 microsoft_vex Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend" fixed: 1 known affected: 1 2026-07-10T14:39:52+00:00 Vulnerability · Source
CVE-2026-58011 microsoft_vex Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime fixed: 1 known affected: 1 2026-07-10T14:39:45+00:00 Vulnerability · Source
CVE-2026-58012 microsoft_vex Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char() fixed: 1 known affected: 1 2026-07-10T14:39:37+00:00 Vulnerability · Source
CVE-2026-58016 microsoft_vex Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml" fixed: 1 known affected: 1 2026-07-10T14:39:30+00:00 Vulnerability · Source
CVE-2026-58015 microsoft_vex Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive fixed: 1 known affected: 1 2026-07-10T14:39:22+00:00 Vulnerability · Source
CVE-2026-58010 microsoft_vex Glib: buffer over-read in glib/gvariant-serialiser.c via gvs_tuple_is_normal() fixed: 1 known affected: 1 2026-07-10T14:39:14+00:00 Vulnerability · Source
CVE-2026-11525 microsoft_vex undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching fixed: 1 known affected: 1 under investigation: 1 2026-07-10T14:39:01+00:00 Vulnerability · Source
CVE-2026-59935 redhat_vex pypdf: pypdf: Denial of Service via crafted PDF with unterminated inline image known affected: 5 under investigation: 6 2026-07-10T14:34:53+00:00 Vulnerability · Source
CVE-2026-53878 redhat_vex django: Django: HTTP header injection via DomainNameValidator accepting newlines known affected: 20 2026-07-10T14:25:02+00:00 Vulnerability · Source