VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221692 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-53877 | redhat_vex | django: Django: Information disclosure via heap buffer over-read in GDALRaster | known affected: 20 | 2026-07-10T14:24:58+00:00 | Vulnerability · Source |
| CVE-2026-59937 | redhat_vex | pypdf: pypdf: Denial of Service via crafted PDF with malformed cross-reference streams | known affected: 11 | 2026-07-10T14:24:52+00:00 | Vulnerability · Source |
| CVE-2026-59938 | redhat_vex | pypdf: pypdf: Possible large memory usage for wrong image dimensions | known affected: 11 | 2026-07-10T14:10:27+00:00 | Vulnerability · Source |
| CVE-2026-15164 | redhat_vex | wireshark: Wireshark: Denial of Service vulnerability in ciscodump | known affected: 20 | 2026-07-10T14:05:41+00:00 | Vulnerability · Source |
| CVE-2026-15165 | redhat_vex | wireshark: Wireshark: Denial of Service via TLS ECH decryptor crash | known affected: 20 | 2026-07-10T14:05:30+00:00 | Vulnerability · Source |
| CVE-2026-47712 | redhat_vex | dulwich: Dulwich: Arbitrary file write via malicious commit subject in format_patch | known affected: 24 under investigation: 1 | 2026-07-10T14:00:38+00:00 | Vulnerability · Source |
| CVE-2026-7492 | redhat_vex | gitlab-ee: gitlab: GitLab: Information disclosure of private project existence via improper authorization | known not affected: 4 | 2026-07-10T13:50:51+00:00 | Vulnerability · Source |
| CVE-2026-48588 | redhat_vex | django: Django: Information disclosure due to improper caching of Set-Cookie responses | known affected: 20 | 2026-07-10T13:46:05+00:00 | Vulnerability · Source |
| CVE-2026-58207 | redhat_vex | github.com/nats-io/nats-server: NATS Server: Denial of Service via arithmetic overflow in connection monitoring pagination | known affected: 6 known not affected: 3 | 2026-07-10T13:46:03+00:00 | Vulnerability · Source |
| CVE-2026-12590 | redhat_vex | body-parser: body-parser: Denial of Service via invalid limit option | known affected: 132 known not affected: 1 | 2026-07-10T13:46:00+00:00 | Vulnerability · Source |
| CVE-2026-39197 | redhat_vex | vector: Vector: Denial of Service via crafted request to HTTP endpoint | known not affected: 1 | 2026-07-10T13:15:17+00:00 | Vulnerability · Source |
| CVE-2026-52924 | redhat_vex | kernel: sctp: purge outqueue on stale COOKIE-ECHO handling | known affected: 232 known not affected: 42 | 2026-07-10T13:07:12+00:00 | Vulnerability · Source |
| CVE-2026-59929 | redhat_vex | mistune: Mistune: Cross-site scripting via incomplete URL scheme filtering | known affected: 24 | 2026-07-10T12:59:58+00:00 | Vulnerability · Source |
| CVE-2026-59262 | redhat_vex | AFFiNE: AFFiNE: Information disclosure via histories GraphQL field | known not affected: 11 | 2026-07-10T12:24:52+00:00 | Vulnerability · Source |
| CVE-2026-52973 | redhat_vex | kernel: futex: Drop CLONE_THREAD requirement for private default hash alloc | known affected: 184 known not affected: 90 | 2026-07-10T11:55:23+00:00 | Vulnerability · Source |
| CVE-2026-59923 | redhat_vex | mistune: Mistune: Arbitrary code execution through crafted Markdown links | known affected: 24 under investigation: 1 | 2026-07-10T11:34:11+00:00 | Vulnerability · Source |
| CVE-2026-59926 | redhat_vex | mistune: Mistune: Cross-Site Scripting via unescaped HTML class attribute in Admonition directive | known affected: 24 under investigation: 1 | 2026-07-10T11:34:08+00:00 | Vulnerability · Source |
| CVE-2026-59930 | redhat_vex | mistune: Mistune: Same-page navigation redirection due to predictable heading IDs | known affected: 10 known not affected: 1 under investigation: 14 | 2026-07-10T11:34:07+00:00 | Vulnerability · Source |
| CVE-2026-15378 | redhat_vex | guardrails-detectors: guardrails-detectors: SSRF and local file read via user-supplied XML Schema (xml-with-schema:) | known affected: 1 | 2026-07-10T11:05:10+00:00 | Vulnerability · Source |
| CVE-2026-59725 | redhat_vex | socket.io: engine.io: Socket.IO: Denial of Service via invalid binary POST requests | fixed: 3 known affected: 4 | 2026-07-10T10:59:12+00:00 | Vulnerability · Source |
| CVE-2023-5685 | redhat_vex | xnio: StackOverflowException when the chain of notifier states becomes problematically big | fixed: 93 known affected: 5 known not affected: 240 | 2026-07-10T10:44:22+00:00 | Vulnerability · Source |
| CVE-2026-59152 | redhat_vex | langsmith: LangSmith SDK TracingMiddleware: Information Disclosure via Arbitrary Server-Side File Read | known affected: 14 | 2026-07-10T10:00:54+00:00 | Vulnerability · Source |
| CVE-2026-53511 | redhat_vex | calibre: Calibre: Arbitrary code execution via malicious e-book file processing | known not affected: 1 | 2026-07-10T09:55:40+00:00 | Vulnerability · Source |
| CVE-2026-58374 | redhat_vex | hostapd: hostapd: Denial of Service via malformed Wi-Fi 7 Multi-Link Operation association request | known affected: 3 | 2026-07-10T09:50:26+00:00 | Vulnerability · Source |
| CVE-2026-14362 | redhat_vex | github.com/hashicorp/memberlist: HashiCorp memberlist: Denial of Service via push/pull state handling | known affected: 15 known not affected: 32 | 2026-07-10T09:30:01+00:00 | Vulnerability · Source |
| CVE-2026-44512 | redhat_vex | onnx: ONNX: Denial of Service via crafted untrusted models | known affected: 16 | 2026-07-10T07:54:47+00:00 | Vulnerability · Source |
| CVE-2026-54528 | redhat_vex | jupyterlab-git: JupyterLab Git: Information disclosure via case-sensitivity bypass in excluded path enforcement | known affected: 15 | 2026-07-10T07:09:53+00:00 | Vulnerability · Source |
| CVE-2026-59925 | redhat_vex | mistune: Mistune: Denial of Service via crafted Markdown input | known affected: 25 | 2026-07-10T07:05:12+00:00 | Vulnerability · Source |
| CVE-2024-12125 | redhat_vex | 3scale-porta: Readonly fields not validated server-side | known affected: 1 | 2026-07-10T06:25:28+00:00 | Vulnerability · Source |
| CVE-2024-28176 | redhat_vex | jose: resource exhaustion | fixed: 584 known affected: 3 known not affected: 2423 | 2026-07-10T04:58:12+00:00 | Vulnerability · Source |
| CVE-2023-24536 | redhat_vex | golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption | fixed: 1648 known affected: 101 known not affected: 1097 | 2026-07-10T04:58:01+00:00 | Vulnerability · Source |
| CVE-2026-42198 | redhat_vex | jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication | fixed: 8 known affected: 6 | 2026-07-10T01:19:46+00:00 | Vulnerability · Source |
| CVE-2026-53916 | redhat_vex | activemq-stomp: Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec | known affected: 121 | 2026-07-10T01:14:51+00:00 | Vulnerability · Source |
| CVE-2026-33747 | redhat_vex | BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend | fixed: 137 known affected: 46 known not affected: 335 | 2026-07-10T01:04:59+00:00 | Vulnerability · Source |
| CVE-2026-49432 | redhat_vex | org.apache.activemq/activemq: org.apache.activemq/activemq-all: org.apache.activemq/activemq-stomp: Apache ActiveMQ: Denial of Service via improper input validation in STOMP connector | known affected: 122 | 2026-07-10T01:04:53+00:00 | Vulnerability · Source |
| CVE-2026-59818 | microsoft_vex | etcd: gRPC client listener does not enforce `--client-crl-file` certificate revocation | known affected: 1 | 2026-07-10T01:01:17+00:00 | Vulnerability · Source |
| CVE-2026-33748 | redhat_vex | github.com/moby/buildkit: BuildKit: Unauthorized file access via Git URL fragment subdir components | fixed: 133 known affected: 42 known not affected: 310 | 2026-07-09T23:28:58+00:00 | Vulnerability · Source |
| CVE-2025-66031 | redhat_vex | node-forge: node-forge ASN.1 Unbounded Recursion | fixed: 146 known affected: 46 known not affected: 1718 | 2026-07-09T23:28:13+00:00 | Vulnerability · Source |
| CVE-2025-12816 | redhat_vex | node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications | fixed: 225 known affected: 40 known not affected: 2120 | 2026-07-09T23:23:19+00:00 | Vulnerability · Source |
| CVE-2025-7783 | redhat_vex | form-data: Unsafe random function in form-data | fixed: 195 known affected: 72 known not affected: 995 | 2026-07-09T23:23:19+00:00 | Vulnerability · Source |
| CVE-2025-53643 | redhat_vex | aiohttp: AIOHTTP HTTP Request/Response Smuggling | fixed: 36 known affected: 17 known not affected: 859 | 2026-07-09T23:10:42+00:00 | Vulnerability · Source |
| CVE-2026-44291 | redhat_vex | protobufjs: protobufjs: Arbitrary Code Execution via prototype pollution | known affected: 33 known not affected: 12 | 2026-07-09T22:57:26+00:00 | Vulnerability · Source |
| CVE-2026-44292 | redhat_vex | protobufjs: protobufjs: Data integrity impact due to prototype pollution | known affected: 35 known not affected: 10 | 2026-07-09T22:57:23+00:00 | Vulnerability · Source |
| CVE-2026-44290 | redhat_vex | protobufjs: protobufjs: Denial of Service via crafted schema | known affected: 34 known not affected: 11 | 2026-07-09T22:57:20+00:00 | Vulnerability · Source |
| CVE-2026-45740 | redhat_vex | protobufjs: protobufjs: Denial of Service via crafted JSON descriptors | known affected: 36 known not affected: 9 | 2026-07-09T22:57:09+00:00 | Vulnerability · Source |
| CVE-2026-46331 | redhat_vex | kernel: net/sched: act_pedit: extend the writable skb range per key | fixed: 2297 known not affected: 43 | 2026-07-09T22:51:24+00:00 | Vulnerability · Source |
| CVE-2026-1519 | redhat_vex | bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone | fixed: 1136 known not affected: 434 | 2026-07-09T22:50:25+00:00 | Vulnerability · Source |
| CVE-2026-9563 | redhat_vex | org.eclipse.parsson/parsson: Eclipse Parsson: Denial of Service via uncontrolled resource consumption in JSON parsing | known affected: 17 known not affected: 12 | 2026-07-09T22:19:54+00:00 | Vulnerability · Source |
| CVE-2026-53435 | redhat_vex | jenkins: Jenkins: Arbitrary code execution via deserialization of attacker-controlled configuration | known affected: 1 | 2026-07-09T22:09:44+00:00 | Vulnerability · Source |
| CVE-2026-49975 | redhat_vex | httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack | fixed: 323 known not affected: 94 | 2026-07-09T22:04:45+00:00 | Vulnerability · Source |