{"metadata": {"count": 222161, "page": 1, "per_page": 100}, "data": [{"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T09:44:04+00:00", "cve": "CVE-2026-14544", "id": "CVE-2026-14544", "initial_release_date": "2026-07-03T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "HPLIP: Incomplete Fix for CVE-2026-8631", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-14544.json", "version": "3", "product_status": {"fixed": 10, "known_affected": 6, "known_not_affected": 76}, "imported": 1784195044.0, "vulnerability_id": "CVE-2026-14544", "vulnerability_url": "/vuln/CVE-2026-14544"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T09:41:26+00:00", "cve": "CVE-2026-8595", "id": "CVE-2026-8595", "initial_release_date": "2026-07-10T14:59:35.891000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "grafana: Grafana: Stored Cross-Site Scripting via malicious dashboard field name", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8595.json", "version": "3", "product_status": {"known_not_affected": 28}, "imported": 1784194886.0, "vulnerability_id": "CVE-2026-8595", "vulnerability_url": "/vuln/CVE-2026-8595"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-16T09:38:03+00:00", "cve": "CVE-2026-61863", "id": "CVE-2026-61863", "initial_release_date": "2026-07-15T11:25:49.962000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "ImageMagick: ImageMagick: Memory leak in TIFF encoder", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-61863.json", "version": "3", "product_status": {"known_affected": 14}, "imported": 1784194683.0, "vulnerability_id": "CVE-2026-61863", "vulnerability_url": "/vuln/CVE-2026-61863"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-16T09:38:03+00:00", "cve": "CVE-2026-61872", "id": "CVE-2026-61872", "initial_release_date": "2026-07-15T11:25:55.435000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "ImageMagick: ImageMagick: Denial of Service due to memory leak in TIFF encoder", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-61872.json", "version": "3", "product_status": {"known_affected": 14}, "imported": 1784194683.0, "vulnerability_id": "CVE-2026-61872", "vulnerability_url": "/vuln/CVE-2026-61872"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-16T09:38:01+00:00", "cve": "CVE-2026-61859", "id": "CVE-2026-61859", "initial_release_date": "2026-07-15T11:25:47.918000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "ImageMagick: ImageMagick: Information disclosure via policy bypass in -script operation", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-61859.json", "version": "3", "product_status": {"known_affected": 14}, "imported": 1784194681.0, "vulnerability_id": "CVE-2026-61859", "vulnerability_url": "/vuln/CVE-2026-61859"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-16T09:37:58+00:00", "cve": "CVE-2026-61868", "id": "CVE-2026-61868", "initial_release_date": "2026-07-15T11:25:53.358000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "ImageMagick: ImageMagick: Denial of Service due to memory leak in YUV decoder", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-61868.json", "version": "3", "product_status": {"known_affected": 14}, "imported": 1784194678.0, "vulnerability_id": "CVE-2026-61868", "vulnerability_url": "/vuln/CVE-2026-61868"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-16T09:37:57+00:00", "cve": "CVE-2026-61871", "id": "CVE-2026-61871", "initial_release_date": "2026-07-15T11:25:54.748000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "ImageMagick: ImageMagick: Denial of Service via memory leak in ICON decoder", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-61871.json", "version": "3", "product_status": {"known_affected": 14}, "imported": 1784194677.0, "vulnerability_id": "CVE-2026-61871", "vulnerability_url": "/vuln/CVE-2026-61871"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-16T09:37:53+00:00", "cve": "CVE-2026-61866", "id": "CVE-2026-61866", "initial_release_date": "2026-07-15T11:25:51.999000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "ImageMagick: ImageMagick: Memory leak in JNG encoder can lead to denial of service", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-61866.json", "version": "3", "product_status": {"known_affected": 14}, "imported": 1784194673.0, "vulnerability_id": "CVE-2026-61866", "vulnerability_url": "/vuln/CVE-2026-61866"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-16T09:37:49+00:00", "cve": "CVE-2026-61869", "id": "CVE-2026-61869", "initial_release_date": "2026-07-15T11:25:54.057000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "ImageMagick: ImageMagick: Denial of Service via memory leak in MIFF encoder", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-61869.json", "version": "3", "product_status": {"known_affected": 14}, "imported": 1784194669.0, "vulnerability_id": "CVE-2026-61869", "vulnerability_url": "/vuln/CVE-2026-61869"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-16T09:37:48+00:00", "cve": "CVE-2026-61864", "id": "CVE-2026-61864", "initial_release_date": "2026-07-15T11:25:50.648000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "ImageMagick: ImageMagick: Memory leak in color transformation to log colorspace", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-61864.json", "version": "3", "product_status": {"known_affected": 14}, "imported": 1784194668.0, "vulnerability_id": "CVE-2026-61864", "vulnerability_url": "/vuln/CVE-2026-61864"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-16T09:37:48+00:00", "cve": "CVE-2026-61862", "id": "CVE-2026-61862", "initial_release_date": "2026-07-15T11:25:49.276000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "ImageMagick: ImageMagick: Information disclosure via out-of-bounds read when displaying profiles with debug enabled", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-61862.json", "version": "3", "product_status": {"known_affected": 14}, "imported": 1784194668.0, "vulnerability_id": "CVE-2026-61862", "vulnerability_url": "/vuln/CVE-2026-61862"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-16T09:37:46+00:00", "cve": "CVE-2026-56375", "id": "CVE-2026-56375", "initial_release_date": "2026-07-15T11:25:30.028000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "Magick.NET-Q16-AnyCPU: Magick.NET-Q16-HDRI-AnyCPU: Magick.NET-Q16-HDRI-OpenMP-arm64: Magick.NET-Q16-HDRI-arm64: Magick.NET-Q16-HDRI-x64: Magick.NET-Q16-HDRI-x86: Magick.NET-Q16-OpenMP-arm64: Magick.NET-Q16-OpenMP-x64: Magick.NET-Q16-OpenMP-x86: Magick.NET-Q16-arm64: Magick.NET-Q16-x64: Magick.NET-Q16-x86: Magick.NET-Q8-AnyCPU: Magick.NET-Q8-OpenMP-arm64: Magick.NET-Q8-OpenMP-x64: Magick.NET-Q8-arm64: Magick.NET-Q8-x64: Magick.NET-Q8-x86: ImageMagick: Denial of Service due to memory leak in ASHLAR coder", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-56375.json", "version": "3", "product_status": {"known_affected": 14}, "imported": 1784194666.0, "vulnerability_id": "CVE-2026-56375", "vulnerability_url": "/vuln/CVE-2026-56375"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-16T09:37:46+00:00", "cve": "CVE-2026-61860", "id": "CVE-2026-61860", "initial_release_date": "2026-07-15T11:25:48.586000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "ImageMagick: ImageMagick: Denial of Service via use-after-free during freetype initialization", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-61860.json", "version": "3", "product_status": {"known_affected": 14}, "imported": 1784194666.0, "vulnerability_id": "CVE-2026-61860", "vulnerability_url": "/vuln/CVE-2026-61860"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-16T09:37:45+00:00", "cve": "CVE-2026-61865", "id": "CVE-2026-61865", "initial_release_date": "2026-07-15T11:25:51.311000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "ImageMagick: ImageMagick: Memory leak in hough lines operation can lead to denial of service", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-61865.json", "version": "3", "product_status": {"known_affected": 14}, "imported": 1784194665.0, "vulnerability_id": "CVE-2026-61865", "vulnerability_url": "/vuln/CVE-2026-61865"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-16T09:37:44+00:00", "cve": "CVE-2026-61867", "id": "CVE-2026-61867", "initial_release_date": "2026-07-15T11:25:52.678000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "ImageMagick: ImageMagick: Denial of Service due to memory leak in TIFF encoder", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-61867.json", "version": "3", "product_status": {"known_affected": 14}, "imported": 1784194664.0, "vulnerability_id": "CVE-2026-61867", "vulnerability_url": "/vuln/CVE-2026-61867"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-16T09:37:41+00:00", "cve": "CVE-2026-61464", "id": "CVE-2026-61464", "initial_release_date": "2026-07-15T11:25:47.202000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "ImageMagick: ImageMagick before 7.1.2-26 Heap Buffer Over-Write via X11", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-61464.json", "version": "3", "product_status": {"known_affected": 14}, "imported": 1784194661.0, "vulnerability_id": "CVE-2026-61464", "vulnerability_url": "/vuln/CVE-2026-61464"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T09:32:29+00:00", "cve": "CVE-2026-15925", "id": "CVE-2026-15925", "initial_release_date": "2026-07-16T05:31:35.515000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "snowflake-connector-python: Snowflake Connector for Python: Arbitrary SQL execution and information disclosure via improper TLS hostname verification", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-15925.json", "version": "3", "product_status": {"known_affected": 1}, "imported": 1784194349.0, "vulnerability_id": "CVE-2026-15925", "vulnerability_url": "/vuln/CVE-2026-15925"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T09:26:51+00:00", "cve": "CVE-2025-58188", "id": "CVE-2025-58188", "initial_release_date": "2025-10-29T22:10:14.143000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58188.json", "version": "3", "product_status": {"fixed": 8, "known_affected": 10, "known_not_affected": 50, "under_investigation": 351}, "imported": 1784194011.0, "vulnerability_id": "CVE-2025-58188", "vulnerability_url": "/vuln/CVE-2025-58188"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T09:21:46+00:00", "cve": "CVE-2026-28390", "id": "CVE-2026-28390", "initial_release_date": "2026-04-07T22:00:54.172000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28390.json", "version": "3", "product_status": {"fixed": 301, "known_affected": 302, "known_not_affected": 288, "under_investigation": 7}, "imported": 1784193706.0, "vulnerability_id": "CVE-2026-28390", "vulnerability_url": "/vuln/CVE-2026-28390"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T09:05:59+00:00", "cve": "CVE-2026-49854", "id": "CVE-2026-49854", "initial_release_date": "2026-07-14T20:43:03.977000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "tornado: Tornado: Information disclosure via out-of-bounds read in websocket_mask", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49854.json", "version": "3", "product_status": {"known_affected": 45, "under_investigation": 14}, "imported": 1784192759.0, "vulnerability_id": "CVE-2026-49854", "vulnerability_url": "/vuln/CVE-2026-49854"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T09:05:56+00:00", "cve": "CVE-2026-45804", "id": "CVE-2026-45804", "initial_release_date": "2026-07-15T16:05:35.217000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "diffusers: Diffusers: Arbitrary code execution due to trust_remote_code guard bypass", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45804.json", "version": "3", "product_status": {"known_affected": 14, "known_not_affected": 2}, "imported": 1784192756.0, "vulnerability_id": "CVE-2026-45804", "vulnerability_url": "/vuln/CVE-2026-45804"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T09:03:06+00:00", "cve": "CVE-2026-10879", "id": "CVE-2026-10879", "initial_release_date": "2026-06-05T14:30:58.497000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "perl-DBI: perl-DBI: Heap overflow in SQL preparsing can lead to denial of service or arbitrary code execution.", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-10879.json", "version": "3", "product_status": {"fixed": 39, "known_affected": 6}, "imported": 1784192586.0, "vulnerability_id": "CVE-2026-10879", "vulnerability_url": "/vuln/CVE-2026-10879"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T09:00:58+00:00", "cve": "CVE-2026-59205", "id": "CVE-2026-59205", "initial_release_date": "2026-07-14T15:48:39.962000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "Pillow: Pillow: Controlled native heap corruption in ImageCms.ImageCmsTransform.apply API", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-59205.json", "version": "3", "product_status": {"known_affected": 66, "under_investigation": 25}, "imported": 1784192458.0, "vulnerability_id": "CVE-2026-59205", "vulnerability_url": "/vuln/CVE-2026-59205"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T09:00:57+00:00", "cve": "CVE-2026-59203", "id": "CVE-2026-59203", "initial_release_date": "2026-07-14T15:43:58.333000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "Pillow: Pillow: Denial of Service via crafted EPS file", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-59203.json", "version": "3", "product_status": {"known_affected": 60, "known_not_affected": 6, "under_investigation": 25}, "imported": 1784192457.0, "vulnerability_id": "CVE-2026-59203", "vulnerability_url": "/vuln/CVE-2026-59203"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:32:08+00:00", "cve": "CVE-2026-25681", "id": "CVE-2026-25681", "initial_release_date": "2026-05-22T15:01:21.975000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25681.json", "version": "3", "product_status": {"fixed": 290, "known_affected": 414, "known_not_affected": 523, "under_investigation": 2}, "imported": 1784190728.0, "vulnerability_id": "CVE-2026-25681", "vulnerability_url": "/vuln/CVE-2026-25681"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:31:39+00:00", "cve": "CVE-2026-25679", "id": "CVE-2026-25679", "initial_release_date": "2026-03-06T21:28:14.211000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25679.json", "version": "3", "product_status": {"fixed": 8880, "known_affected": 164, "known_not_affected": 4255, "under_investigation": 1}, "imported": 1784190699.0, "vulnerability_id": "CVE-2026-25679", "vulnerability_url": "/vuln/CVE-2026-25679"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T08:26:39+00:00", "cve": "CVE-2025-61728", "id": "CVE-2025-61728", "initial_release_date": "2025-01-01T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61728.json", "version": "3", "product_status": {"fixed": 6567, "known_affected": 110, "known_not_affected": 4103}, "imported": 1784190399.0, "vulnerability_id": "CVE-2025-61728", "vulnerability_url": "/vuln/CVE-2025-61728"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T08:26:35+00:00", "cve": "CVE-2025-58183", "id": "CVE-2025-58183", "initial_release_date": "2025-10-29T22:10:14.376000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json", "version": "3", "product_status": {"fixed": 8840, "known_affected": 129, "known_not_affected": 8191}, "imported": 1784190395.0, "vulnerability_id": "CVE-2025-58183", "vulnerability_url": "/vuln/CVE-2025-58183"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:26:32+00:00", "cve": "CVE-2026-14380", "id": "CVE-2026-14380", "initial_release_date": "2026-07-07T22:04:49.078000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "DBI: DBI: Arbitrary code execution via caller-influenced Profile attribute", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-14380.json", "version": "3", "product_status": {"known_affected": 10}, "imported": 1784190392.0, "vulnerability_id": "CVE-2026-14380", "vulnerability_url": "/vuln/CVE-2026-14380"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:25:49+00:00", "cve": "CVE-2026-33186", "id": "CVE-2026-33186", "initial_release_date": "2026-03-20T22:23:32.147000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33186.json", "version": "3", "product_status": {"fixed": 2477, "known_affected": 409, "known_not_affected": 27387, "under_investigation": 1}, "imported": 1784190349.0, "vulnerability_id": "CVE-2026-33186", "vulnerability_url": "/vuln/CVE-2026-33186"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:25:43+00:00", "cve": "CVE-2025-66506", "id": "CVE-2025-66506", "initial_release_date": "2025-12-04T22:04:41.637000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66506.json", "version": "3", "product_status": {"fixed": 320, "known_affected": 66, "known_not_affected": 1247}, "imported": 1784190343.0, "vulnerability_id": "CVE-2025-66506", "vulnerability_url": "/vuln/CVE-2025-66506"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:25:31+00:00", "cve": "CVE-2025-66418", "id": "CVE-2025-66418", "initial_release_date": "2025-12-05T16:02:15.271000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66418.json", "version": "3", "product_status": {"fixed": 1933, "known_affected": 421, "known_not_affected": 2586, "under_investigation": 1}, "imported": 1784190331.0, "vulnerability_id": "CVE-2025-66418", "vulnerability_url": "/vuln/CVE-2025-66418"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:25:25+00:00", "cve": "CVE-2025-64756", "id": "CVE-2025-64756", "initial_release_date": "2025-11-17T17:29:08.029000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "glob: glob: Command Injection Vulnerability via Malicious Filenames", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64756.json", "version": "3", "product_status": {"fixed": 171, "known_affected": 145, "known_not_affected": 1097}, "imported": 1784190325.0, "vulnerability_id": "CVE-2025-64756", "vulnerability_url": "/vuln/CVE-2025-64756"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:25:16+00:00", "cve": "CVE-2025-61729", "id": "CVE-2025-61729", "initial_release_date": "2025-12-02T18:54:10.166000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61729.json", "version": "3", "product_status": {"fixed": 7443, "known_affected": 439, "known_not_affected": 4614, "under_investigation": 2}, "imported": 1784190316.0, "vulnerability_id": "CVE-2025-61729", "vulnerability_url": "/vuln/CVE-2025-61729"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:25:06+00:00", "cve": "CVE-2025-52881", "id": "CVE-2025-52881", "initial_release_date": "2025-11-05T09:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52881.json", "version": "3", "product_status": {"fixed": 2379, "known_affected": 45, "known_not_affected": 4060}, "imported": 1784190306.0, "vulnerability_id": "CVE-2025-52881", "vulnerability_url": "/vuln/CVE-2025-52881"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:25:03+00:00", "cve": "CVE-2025-30204", "id": "CVE-2025-30204", "initial_release_date": "2025-03-21T21:42:01.382000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30204.json", "version": "3", "product_status": {"fixed": 3038, "known_affected": 78, "known_not_affected": 11728}, "imported": 1784190303.0, "vulnerability_id": "CVE-2025-30204", "vulnerability_url": "/vuln/CVE-2025-30204"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:25:00+00:00", "cve": "CVE-2025-22869", "id": "CVE-2025-22869", "initial_release_date": "2025-02-26T03:07:48.855000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22869.json", "version": "3", "product_status": {"fixed": 2719, "known_affected": 55, "known_not_affected": 6259, "under_investigation": 1}, "imported": 1784190300.0, "vulnerability_id": "CVE-2025-22869", "vulnerability_url": "/vuln/CVE-2025-22869"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:25:00+00:00", "cve": "CVE-2025-22868", "id": "CVE-2025-22868", "initial_release_date": "2025-02-26T03:07:49.012000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22868.json", "version": "3", "product_status": {"fixed": 1876, "known_affected": 95, "known_not_affected": 8426}, "imported": 1784190300.0, "vulnerability_id": "CVE-2025-22868", "vulnerability_url": "/vuln/CVE-2025-22868"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:21:22+00:00", "cve": "CVE-2026-9698", "id": "CVE-2026-9698", "initial_release_date": "2026-06-09T07:22:25.892000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "DBI: DBI: Buffer overflow in error handling can lead to arbitrary code execution", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-9698.json", "version": "3", "product_status": {"fixed": 52, "known_affected": 4}, "imported": 1784190082.0, "vulnerability_id": "CVE-2026-9698", "vulnerability_url": "/vuln/CVE-2026-9698"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:21:21+00:00", "cve": "CVE-2026-50589", "id": "CVE-2026-50589", "initial_release_date": "2026-06-04T23:59:20.118000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "openstack-ironic: OpenStack Ironic: Denial of Service via crafted JSON string", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-50589.json", "version": "3", "product_status": {"known_not_affected": 14}, "imported": 1784190081.0, "vulnerability_id": "CVE-2026-50589", "vulnerability_url": "/vuln/CVE-2026-50589"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T08:17:29+00:00", "cve": "CVE-2024-24786", "id": "CVE-2024-24786", "initial_release_date": "2024-03-05T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24786.json", "version": "3", "product_status": {"fixed": 2012, "known_affected": 115, "known_not_affected": 11938, "under_investigation": 58}, "imported": 1784189849.0, "vulnerability_id": "CVE-2024-24786", "vulnerability_url": "/vuln/CVE-2024-24786"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T08:17:27+00:00", "cve": "CVE-2024-24784", "id": "CVE-2024-24784", "initial_release_date": "2024-03-05T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang: net/mail: comments in display names are incorrectly handled", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json", "version": "3", "product_status": {"fixed": 1678, "known_affected": 56, "known_not_affected": 714}, "imported": 1784189847.0, "vulnerability_id": "CVE-2024-24784", "vulnerability_url": "/vuln/CVE-2024-24784"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T08:17:22+00:00", "cve": "CVE-2022-41715", "id": "CVE-2022-41715", "initial_release_date": "2022-10-04T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang: regexp/syntax: limit memory used by parsing regexps", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41715.json", "version": "3", "product_status": {"fixed": 2994, "known_affected": 91, "known_not_affected": 2693, "under_investigation": 1}, "imported": 1784189842.0, "vulnerability_id": "CVE-2022-41715", "vulnerability_url": "/vuln/CVE-2022-41715"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T08:17:22+00:00", "cve": "CVE-2022-30631", "id": "CVE-2022-30631", "initial_release_date": "2022-07-12T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang: compress/gzip: stack exhaustion in Reader.Read", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30631.json", "version": "3", "product_status": {"fixed": 4253, "known_affected": 91, "known_not_affected": 2159}, "imported": 1784189842.0, "vulnerability_id": "CVE-2022-30631", "vulnerability_url": "/vuln/CVE-2022-30631"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T08:17:21+00:00", "cve": "CVE-2026-59198", "id": "CVE-2026-59198", "initial_release_date": "2026-07-14T16:07:56.562000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "Pillow: Pillow: Information disclosure via TGA RLE encoder out-of-bounds read", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-59198.json", "version": "3", "product_status": {"known_affected": 66, "under_investigation": 25}, "imported": 1784189841.0, "vulnerability_id": "CVE-2026-59198", "vulnerability_url": "/vuln/CVE-2026-59198"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:12:33+00:00", "cve": "CVE-2026-59886", "id": "CVE-2026-59886", "initial_release_date": "2026-07-14T16:38:29.691000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "pyasn1: pyasn1: Denial of Service via crafted ASN.1 REAL values", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-59886.json", "version": "3", "product_status": {"known_affected": 56, "known_not_affected": 1, "under_investigation": 79}, "imported": 1784189553.0, "vulnerability_id": "CVE-2026-59886", "vulnerability_url": "/vuln/CVE-2026-59886"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T08:09:53+00:00", "cve": "CVE-2021-20329", "id": "CVE-2021-20329", "initial_release_date": "2021-03-30T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "mongo-go-driver: specific cstrings input may not be properly validated", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20329.json", "version": "3", "product_status": {"fixed": 252, "known_affected": 69, "known_not_affected": 3782}, "imported": 1784189393.0, "vulnerability_id": "CVE-2021-20329", "vulnerability_url": "/vuln/CVE-2021-20329"}, {"meta_source": "redhat_vex", "current_release_date": "2026-07-16T08:08:10+00:00", "cve": "CVE-2026-50144", "id": "CVE-2026-50144", "initial_release_date": "2026-07-15T20:04:07.099000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "ncnn: ncnn: Out-of-bounds write allows arbitrary code execution", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-50144.json", "version": "3", "product_status": {"known_not_affected": 1}, "imported": 1784189290.0, "vulnerability_id": "CVE-2026-50144", "vulnerability_url": "/vuln/CVE-2026-50144"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:08:08+00:00", "cve": "CVE-2026-27136", "id": "CVE-2026-27136", "initial_release_date": "2026-05-22T15:01:22.111000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27136.json", "version": "3", "product_status": {"fixed": 218, "known_affected": 417, "known_not_affected": 173, "under_investigation": 2}, "imported": 1784189288.0, "vulnerability_id": "CVE-2026-27136", "vulnerability_url": "/vuln/CVE-2026-27136"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T08:08:05+00:00", "cve": "CVE-2025-40026", "id": "CVE-2025-40026", "initial_release_date": "2025-10-28T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "kernel: KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40026.json", "version": "3", "product_status": {"known_affected": 260, "known_not_affected": 14}, "imported": 1784189285.0, "vulnerability_id": "CVE-2025-40026", "vulnerability_url": "/vuln/CVE-2025-40026"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:05:10+00:00", "cve": "CVE-2023-39325", "id": "CVE-2023-39325", "initial_release_date": "2023-10-10T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39325.json", "version": "3", "product_status": {"fixed": 4761, "known_affected": 244, "known_not_affected": 30354}, "imported": 1784189110.0, "vulnerability_id": "CVE-2023-39325", "vulnerability_url": "/vuln/CVE-2023-39325"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:04:37+00:00", "cve": "CVE-2025-61726", "id": "CVE-2025-61726", "initial_release_date": "2025-01-01T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61726.json", "version": "3", "product_status": {"fixed": 10108, "known_affected": 453, "known_not_affected": 16781}, "imported": 1784189077.0, "vulnerability_id": "CVE-2025-61726", "vulnerability_url": "/vuln/CVE-2025-61726"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:04:32+00:00", "cve": "CVE-2026-42582", "id": "CVE-2026-42582", "initial_release_date": "2026-05-13T18:06:55.559000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "netty: io.netty/netty-codec-http3: Netty: Denial of Service due to improper length validation in header block decoding", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42582.json", "version": "3", "product_status": {"known_affected": 1}, "imported": 1784189072.0, "vulnerability_id": "CVE-2026-42582", "vulnerability_url": "/vuln/CVE-2026-42582"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:02:19+00:00", "cve": "CVE-2026-15075", "id": "CVE-2026-15075", "initial_release_date": "2026-07-14T08:15:53.650000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "vertx-core: Eclipse Vert.x: Information disclosure via improper handling of HTTP 30x redirects", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-15075.json", "version": "3", "product_status": {"known_affected": 17, "under_investigation": 11}, "imported": 1784188939.0, "vulnerability_id": "CVE-2026-15075", "vulnerability_url": "/vuln/CVE-2026-15075"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:02:05+00:00", "cve": "CVE-2026-39830", "id": "CVE-2026-39830", "initial_release_date": "2026-05-22T02:31:27.208000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39830.json", "version": "3", "product_status": {"fixed": 605, "known_affected": 187, "known_not_affected": 508, "under_investigation": 4}, "imported": 1784188925.0, "vulnerability_id": "CVE-2026-39830", "vulnerability_url": "/vuln/CVE-2026-39830"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T08:01:57+00:00", "cve": "CVE-2026-34986", "id": "CVE-2026-34986", "initial_release_date": "2026-04-06T16:22:45.353000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34986.json", "version": "3", "product_status": {"fixed": 1888, "known_affected": 171, "known_not_affected": 10842, "under_investigation": 1}, "imported": 1784188917.0, "vulnerability_id": "CVE-2026-34986", "vulnerability_url": "/vuln/CVE-2026-34986"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T07:56:12+00:00", "cve": "CVE-2026-12382", "id": "CVE-2026-12382", "initial_release_date": "2026-07-15T17:12:31.720000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "aap-gateway: missing requestHeadersToRemove allows mTLS bypass via Subject header spoofing", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12382.json", "version": "3", "product_status": {"fixed": 1, "known_affected": 1, "known_not_affected": 323}, "imported": 1784188572.0, "vulnerability_id": "CVE-2026-12382", "vulnerability_url": "/vuln/CVE-2026-12382"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T07:55:37+00:00", "cve": "CVE-2026-54512", "id": "CVE-2026-54512", "initial_release_date": "2026-06-23T20:56:36.646000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-54512.json", "version": "3", "product_status": {"fixed": 1, "known_affected": 87, "known_not_affected": 79, "under_investigation": 3}, "imported": 1784188537.0, "vulnerability_id": "CVE-2026-54512", "vulnerability_url": "/vuln/CVE-2026-54512"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T07:54:18+00:00", "cve": "CVE-2026-55204", "id": "CVE-2026-55204", "initial_release_date": "2026-06-18T16:05:52.058000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "haproxy: HAProxy: Denial of Service via HPACK dynamic table insertions", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-55204.json", "version": "3", "product_status": {"known_affected": 27}, "imported": 1784188458.0, "vulnerability_id": "CVE-2026-55204", "vulnerability_url": "/vuln/CVE-2026-55204"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T07:48:28+00:00", "cve": "CVE-2026-42508", "id": "CVE-2026-42508", "initial_release_date": "2026-05-22T02:31:27.644000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42508.json", "version": "3", "product_status": {"fixed": 505, "known_affected": 47, "known_not_affected": 468, "under_investigation": 3}, "imported": 1784188108.0, "vulnerability_id": "CVE-2026-42508", "vulnerability_url": "/vuln/CVE-2026-42508"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T07:46:30+00:00", "cve": "CVE-2026-55203", "id": "CVE-2026-55203", "initial_release_date": "2026-06-18T16:05:20.100000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "haproxy: HAProxy: Response smuggling due to integer overflow in FastCGI record length handling", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-55203.json", "version": "3", "product_status": {"known_affected": 27}, "imported": 1784187990.0, "vulnerability_id": "CVE-2026-55203", "vulnerability_url": "/vuln/CVE-2026-55203"}, {"meta_source": "redhat_vex", "current_release_date": "2026-07-16T07:41:40+00:00", "cve": "CVE-2026-59733", "id": "CVE-2026-59733", "initial_release_date": "2026-07-14T21:38:37.116000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "rclone: Rclone: Unauthorized access to private repositories via directory traversal", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-59733.json", "version": "3", "product_status": {"known_not_affected": 1}, "imported": 1784187700.0, "vulnerability_id": "CVE-2026-59733", "vulnerability_url": "/vuln/CVE-2026-59733"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T07:31:18+00:00", "cve": "CVE-2026-49458", "id": "CVE-2026-49458", "initial_release_date": "2026-07-14T19:58:50.397000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "dompurify: DOMPurify: Cross-site scripting due to improper sanitization of DOM nodes", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49458.json", "version": "3", "product_status": {"known_affected": 13, "under_investigation": 35}, "imported": 1784187078.0, "vulnerability_id": "CVE-2026-49458", "vulnerability_url": "/vuln/CVE-2026-49458"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T07:26:17+00:00", "cve": "CVE-2026-49459", "id": "CVE-2026-49459", "initial_release_date": "2026-07-14T20:01:44.857000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "dompurify: DOMPurify: Cross-site scripting bypass allows arbitrary script execution", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49459.json", "version": "3", "product_status": {"known_affected": 13, "under_investigation": 35}, "imported": 1784186777.0, "vulnerability_id": "CVE-2026-49459", "vulnerability_url": "/vuln/CVE-2026-49459"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T07:26:08+00:00", "cve": "CVE-2026-48125", "id": "CVE-2026-48125", "initial_release_date": "2026-07-14T20:54:56.374000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "ua-parser-js: UAParser.js: Denial of Service via crafted Client Hints header", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48125.json", "version": "3", "product_status": {"known_affected": 19, "known_not_affected": 1}, "imported": 1784186768.0, "vulnerability_id": "CVE-2026-48125", "vulnerability_url": "/vuln/CVE-2026-48125"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T07:25:04+00:00", "cve": "CVE-2026-46209", "id": "CVE-2026-46209", "initial_release_date": "2026-05-28T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46209.json", "version": "3", "product_status": {"fixed": 884, "known_affected": 22, "known_not_affected": 42}, "imported": 1784186704.0, "vulnerability_id": "CVE-2026-46209", "vulnerability_url": "/vuln/CVE-2026-46209"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T07:25:03+00:00", "cve": "CVE-2026-43027", "id": "CVE-2026-43027", "initial_release_date": "2026-05-01T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43027.json", "version": "3", "product_status": {"fixed": 1930, "known_affected": 36, "known_not_affected": 28}, "imported": 1784186703.0, "vulnerability_id": "CVE-2026-43027", "vulnerability_url": "/vuln/CVE-2026-43027"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T07:25:00+00:00", "cve": "CVE-2026-53166", "id": "CVE-2026-53166", "initial_release_date": "2026-06-25T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53166.json", "version": "3", "product_status": {"fixed": 1487, "known_affected": 50, "known_not_affected": 14}, "imported": 1784186700.0, "vulnerability_id": "CVE-2026-53166", "vulnerability_url": "/vuln/CVE-2026-53166"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T07:24:58+00:00", "cve": "CVE-2026-46189", "id": "CVE-2026-46189", "initial_release_date": "2026-05-28T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "kernel: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46189.json", "version": "3", "product_status": {"fixed": 1623, "known_affected": 50, "known_not_affected": 14}, "imported": 1784186698.0, "vulnerability_id": "CVE-2026-46189", "vulnerability_url": "/vuln/CVE-2026-46189"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T07:24:49+00:00", "cve": "CVE-2026-31408", "id": "CVE-2026-31408", "initial_release_date": "2026-04-06T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31408.json", "version": "3", "product_status": {"fixed": 1980, "known_affected": 64}, "imported": 1784186689.0, "vulnerability_id": "CVE-2026-31408", "vulnerability_url": "/vuln/CVE-2026-31408"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T07:24:49+00:00", "cve": "CVE-2026-31613", "id": "CVE-2026-31613", "initial_release_date": "2026-04-24T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "kernel: smb: client: fix OOB reads parsing symlink error response", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31613.json", "version": "3", "product_status": {"fixed": 884, "known_affected": 22, "known_not_affected": 42}, "imported": 1784186689.0, "vulnerability_id": "CVE-2026-31613", "vulnerability_url": "/vuln/CVE-2026-31613"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T07:24:49+00:00", "cve": "CVE-2025-68183", "id": "CVE-2025-68183", "initial_release_date": "2025-12-16T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68183.json", "version": "3", "product_status": {"fixed": 1930, "known_affected": 33, "known_not_affected": 31}, "imported": 1784186689.0, "vulnerability_id": "CVE-2025-68183", "vulnerability_url": "/vuln/CVE-2025-68183"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T07:24:49+00:00", "cve": "CVE-2026-43499", "id": "CVE-2026-43499", "initial_release_date": "2026-05-21T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "kernel: rtmutex: Use waiter::task instead of current in remove_waiter()", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43499.json", "version": "3", "product_status": {"fixed": 1487, "known_affected": 64}, "imported": 1784186689.0, "vulnerability_id": "CVE-2026-43499", "vulnerability_url": "/vuln/CVE-2026-43499"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T07:01:34+00:00", "cve": "CVE-2026-15697", "id": "CVE-2026-15697", "initial_release_date": "2026-07-14T15:15:09.763000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "svg.js: svg.js: Remote object prototype pollution", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-15697.json", "version": "3", "product_status": {"under_investigation": 2}, "imported": 1784185294.0, "vulnerability_id": "CVE-2026-15697", "vulnerability_url": "/vuln/CVE-2026-15697"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T06:36:32+00:00", "cve": "CVE-2026-39835", "id": "CVE-2026-39835", "initial_release_date": "2026-05-22T02:31:26.982000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39835.json", "version": "3", "product_status": {"fixed": 680, "known_affected": 145, "known_not_affected": 339, "under_investigation": 1}, "imported": 1784183792.0, "vulnerability_id": "CVE-2026-39835", "vulnerability_url": "/vuln/CVE-2026-39835"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T06:26:03+00:00", "cve": "CVE-2026-27904", "id": "CVE-2026-27904", "initial_release_date": "2026-02-26T01:07:42.693000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27904.json", "version": "3", "product_status": {"fixed": 393, "known_affected": 77, "known_not_affected": 1107}, "imported": 1784183163.0, "vulnerability_id": "CVE-2026-27904", "vulnerability_url": "/vuln/CVE-2026-27904"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T06:25:59+00:00", "cve": "CVE-2026-59204", "id": "CVE-2026-59204", "initial_release_date": "2026-07-14T15:38:29.545000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "Pillow: Pillow: Denial of Service via crafted JPEG2000 image", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-59204.json", "version": "3", "product_status": {"known_affected": 66, "under_investigation": 25}, "imported": 1784183159.0, "vulnerability_id": "CVE-2026-59204", "vulnerability_url": "/vuln/CVE-2026-59204"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T06:11:09+00:00", "cve": "CVE-2026-6321", "id": "CVE-2026-6321", "initial_release_date": "2026-05-04T19:31:57.253000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6321.json", "version": "3", "product_status": {"fixed": 286, "known_affected": 32, "known_not_affected": 611}, "imported": 1784182269.0, "vulnerability_id": "CVE-2026-6321", "vulnerability_url": "/vuln/CVE-2026-6321"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T05:40:56+00:00", "cve": "CVE-2026-15809", "id": "CVE-2026-15809", "initial_release_date": "2026-07-15T10:18:17.941000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "github.com/cri-o/cri-o: Fix Bypass for CVE-2022-4318 \u2014 /etc/passwd Injection via HOME env", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-15809.json", "version": "3", "product_status": {"known_affected": 5}, "imported": 1784180456.0, "vulnerability_id": "CVE-2026-15809", "vulnerability_url": "/vuln/CVE-2026-15809"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T05:21:04+00:00", "cve": "CVE-2026-46595", "id": "CVE-2026-46595", "initial_release_date": "2026-05-22T02:31:27.894000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46595.json", "version": "3", "product_status": {"fixed": 209, "known_affected": 61, "known_not_affected": 914, "under_investigation": 3}, "imported": 1784179264.0, "vulnerability_id": "CVE-2026-46595", "vulnerability_url": "/vuln/CVE-2026-46595"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T04:58:47+00:00", "cve": "CVE-2026-40898", "id": "CVE-2026-40898", "initial_release_date": "2026-06-04T17:43:36.803000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "github.com/quic-go/quic-go: quic-go: Denial of Service via excessive memory allocation in HTTP/3 trailers", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40898.json", "version": "3", "product_status": {"fixed": 6, "known_affected": 14, "known_not_affected": 10}, "imported": 1784177927.0, "vulnerability_id": "CVE-2026-40898", "vulnerability_url": "/vuln/CVE-2026-40898"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-16T04:58:41+00:00", "cve": "CVE-2026-11525", "id": "CVE-2026-11525", "initial_release_date": "2026-06-17T17:31:03.163000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-11525.json", "version": "3", "product_status": {"fixed": 196, "known_affected": 47}, "imported": 1784177921.0, "vulnerability_id": "CVE-2026-11525", "vulnerability_url": "/vuln/CVE-2026-11525"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T04:58:29+00:00", "cve": "CVE-2026-5078", "id": "CVE-2026-5078", "initial_release_date": "2026-06-03T05:56:49.512000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "morgan: morgan: Log forgery due to unneutralized control characters", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5078.json", "version": "3", "product_status": {"fixed": 4, "known_affected": 18, "known_not_affected": 1, "under_investigation": 8}, "imported": 1784177909.0, "vulnerability_id": "CVE-2026-5078", "vulnerability_url": "/vuln/CVE-2026-5078"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T04:35:55+00:00", "cve": "CVE-2026-42587", "id": "CVE-2026-42587", "initial_release_date": "2026-05-13T18:22:21.699000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42587.json", "version": "3", "product_status": {"fixed": 26, "known_affected": 44, "known_not_affected": 145}, "imported": 1784176555.0, "vulnerability_id": "CVE-2026-42587", "vulnerability_url": "/vuln/CVE-2026-42587"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T03:45:07+00:00", "cve": "CVE-2026-44740", "id": "CVE-2026-44740", "initial_release_date": "2026-06-01T16:04:50.358000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "github.com/go-git/go-billy: Billy: Denial of Service via crafted input due to insufficient validation", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44740.json", "version": "3", "product_status": {"fixed": 121, "known_affected": 215, "known_not_affected": 70}, "imported": 1784173507.0, "vulnerability_id": "CVE-2026-44740", "vulnerability_url": "/vuln/CVE-2026-44740"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T03:44:02+00:00", "cve": "CVE-2026-44431", "id": "CVE-2026-44431", "initial_release_date": "2026-05-13T15:20:24.588000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44431.json", "version": "3", "product_status": {"fixed": 95, "known_affected": 136, "known_not_affected": 510}, "imported": 1784173442.0, "vulnerability_id": "CVE-2026-44431", "vulnerability_url": "/vuln/CVE-2026-44431"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T03:44:00+00:00", "cve": "CVE-2026-42257", "id": "CVE-2026-42257", "initial_release_date": "2026-05-09T19:39:48.398000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "net-imap: Net::IMAP: Arbitrary IMAP command injection via CRLF sequences in unvalidated input", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42257.json", "version": "3", "product_status": {"fixed": 12, "known_affected": 133}, "imported": 1784173440.0, "vulnerability_id": "CVE-2026-42257", "vulnerability_url": "/vuln/CVE-2026-42257"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T02:56:00+00:00", "cve": "CVE-2026-48524", "id": "CVE-2026-48524", "initial_release_date": "2026-05-28T15:07:35.162000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "python-pyjwt: PyJWT: Denial of Service via unverified JSON Web Token key IDs", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48524.json", "version": "3", "product_status": {"known_affected": 182, "known_not_affected": 7}, "imported": 1784170560.0, "vulnerability_id": "CVE-2026-48524", "vulnerability_url": "/vuln/CVE-2026-48524"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T02:51:58+00:00", "cve": "CVE-2026-42258", "id": "CVE-2026-42258", "initial_release_date": "2026-05-09T19:40:49.405000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42258.json", "version": "3", "product_status": {"fixed": 1909, "known_affected": 4, "known_not_affected": 11, "under_investigation": 9}, "imported": 1784170318.0, "vulnerability_id": "CVE-2026-42258", "vulnerability_url": "/vuln/CVE-2026-42258"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T02:48:22+00:00", "cve": "CVE-2025-66471", "id": "CVE-2025-66471", "initial_release_date": "2025-12-05T16:06:08.531000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "urllib3: urllib3 Streaming API improperly handles highly compressed data", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66471.json", "version": "3", "product_status": {"fixed": 1948, "known_affected": 359, "known_not_affected": 3318, "under_investigation": 1}, "imported": 1784170102.0, "vulnerability_id": "CVE-2025-66471", "vulnerability_url": "/vuln/CVE-2025-66471"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T02:31:03+00:00", "cve": "CVE-2026-39820", "id": "CVE-2026-39820", "initial_release_date": "2026-05-07T19:41:19.854000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39820.json", "version": "3", "product_status": {"fixed": 96, "known_affected": 143, "known_not_affected": 246, "under_investigation": 132}, "imported": 1784169063.0, "vulnerability_id": "CVE-2026-39820", "vulnerability_url": "/vuln/CVE-2026-39820"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T02:26:41+00:00", "cve": "CVE-2025-68121", "id": "CVE-2025-68121", "initial_release_date": "2025-01-01T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68121.json", "version": "3", "product_status": {"fixed": 6920, "known_affected": 203, "known_not_affected": 3906, "under_investigation": 42}, "imported": 1784168801.0, "vulnerability_id": "CVE-2025-68121", "vulnerability_url": "/vuln/CVE-2025-68121"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T02:22:14+00:00", "cve": "CVE-2026-42499", "id": "CVE-2026-42499", "initial_release_date": "2026-05-07T19:41:18.615000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42499.json", "version": "3", "product_status": {"fixed": 96, "known_affected": 157, "known_not_affected": 247, "under_investigation": 117}, "imported": 1784168534.0, "vulnerability_id": "CVE-2026-42499", "vulnerability_url": "/vuln/CVE-2026-42499"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T02:22:08+00:00", "cve": "CVE-2026-53550", "id": "CVE-2026-53550", "initial_release_date": "2026-06-22T14:59:14.906000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "js-yaml: js-yaml: Denial of Service via crafted YAML merge keys", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53550.json", "version": "3", "product_status": {"fixed": 8, "known_affected": 136, "known_not_affected": 51}, "imported": 1784168528.0, "vulnerability_id": "CVE-2026-53550", "vulnerability_url": "/vuln/CVE-2026-53550"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T02:17:40+00:00", "cve": "CVE-2026-48523", "id": "CVE-2026-48523", "initial_release_date": "2026-05-28T15:10:19.141000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "python-pyjwt: PyJWT: Verifier-side algorithm bypass leads to unauthorized information access", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48523.json", "version": "3", "product_status": {"known_affected": 179, "known_not_affected": 19}, "imported": 1784168260.0, "vulnerability_id": "CVE-2026-48523", "vulnerability_url": "/vuln/CVE-2026-48523"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T02:11:57+00:00", "cve": "CVE-2026-53606", "id": "CVE-2026-53606", "initial_release_date": "2026-06-12T20:50:47.085000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "apostrophecms sanitize-html: sanitize-html: Cross-Site Scripting (XSS) via insufficient URI scheme validation", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53606.json", "version": "3", "product_status": {"known_affected": 18, "under_investigation": 2}, "imported": 1784167917.0, "vulnerability_id": "CVE-2026-53606", "vulnerability_url": "/vuln/CVE-2026-53606"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-16T02:11:56+00:00", "cve": "CVE-2026-48525", "id": "CVE-2026-48525", "initial_release_date": "2026-05-28T15:11:12.483000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "python-pyjwt: PyJWT: Denial of Service via processing of crafted detached JWS tokens", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48525.json", "version": "3", "product_status": {"known_affected": 191, "known_not_affected": 7}, "imported": 1784167916.0, "vulnerability_id": "CVE-2026-48525", "vulnerability_url": "/vuln/CVE-2026-48525"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-16T02:11:49+00:00", "cve": "CVE-2026-44990", "id": "CVE-2026-44990", "initial_release_date": "2026-06-12T20:39:47.065000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "sanitize-html: `sanitize-html`: Stored Cross-Site Scripting via HTML sanitizer bypass", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44990.json", "version": "3", "product_status": {"fixed": 19, "known_affected": 12, "known_not_affected": 572}, "imported": 1784167909.0, "vulnerability_id": "CVE-2026-44990", "vulnerability_url": "/vuln/CVE-2026-44990"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-16T02:10:14+00:00", "cve": "CVE-2026-53537", "id": "CVE-2026-53537", "initial_release_date": "2026-06-22T16:57:21.496000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "multipart: Python-Multipart: Information disclosure via header parsing discrepancy", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53537.json", "version": "3", "product_status": {"known_affected": 51, "known_not_affected": 3}, "imported": 1784167814.0, "vulnerability_id": "CVE-2026-53537", "vulnerability_url": "/vuln/CVE-2026-53537"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-16T02:10:10+00:00", "cve": "CVE-2026-6733", "id": "CVE-2026-6733", "initial_release_date": "2026-06-17T17:14:50.991000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6733.json", "version": "3", "product_status": {"fixed": 200, "known_affected": 46}, "imported": 1784167810.0, "vulnerability_id": "CVE-2026-6733", "vulnerability_url": "/vuln/CVE-2026-6733"}]}
