VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
222233 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2025-48384 | redhat_vex | git: Git arbitrary code execution | fixed: 587 known affected: 13 known not affected: 655 | 2026-07-11T17:41:25+00:00 | Vulnerability · Source |
| CVE-2025-13888 | redhat_vex | openshift-gitops-operator: OpenShift GitOps: Namespace Admin Cluster Takeover via Privileged Jobs | fixed: 16 known not affected: 145 | 2026-07-11T17:40:59+00:00 | Vulnerability · Source |
| CVE-2025-5115 | redhat_vex | jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames | fixed: 36 known affected: 8 known not affected: 16 | 2026-07-11T17:40:49+00:00 | Vulnerability · Source |
| CVE-2025-47151 | redhat_vex | lasso: Type confusion in Entr'ouvert Lasso | fixed: 450 known affected: 3 | 2026-07-11T17:40:42+00:00 | Vulnerability · Source |
| CVE-2021-22555 | redhat_vex | kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c | fixed: 1259 known affected: 16 known not affected: 115 | 2026-07-11T17:40:34+00:00 | Vulnerability · Source |
| CVE-2025-32463 | redhat_vex | sudo: LPE via chroot option | fixed: 33 known not affected: 12 | 2026-07-11T17:40:26+00:00 | Vulnerability · Source |
| CVE-2026-4631 | redhat_vex | cockpit: Cockpit: Unauthenticated remote code execution due to SSH command-line argument injection | fixed: 102 known not affected: 13 | 2026-07-11T17:25:14+00:00 | Vulnerability · Source |
| CVE-2026-1709 | redhat_vex | keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication | fixed: 86 | 2026-07-11T17:25:14+00:00 | Vulnerability · Source |
| CVE-2026-22778 | redhat_vex | vLLM: vLLM: Remote code execution via invalid image processing in the multimodal endpoint. | fixed: 18 known affected: 4 known not affected: 670 | 2026-07-11T17:25:13+00:00 | Vulnerability · Source |
| CVE-2025-31125 | redhat_vex | vite: Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | known affected: 6 known not affected: 5 | 2026-07-11T17:25:08+00:00 | Vulnerability · Source |
| CVE-2026-47774 | redhat_vex | envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack | fixed: 20 known not affected: 88 | 2026-07-11T17:20:04+00:00 | Vulnerability · Source |
| CVE-2026-42208 | redhat_vex | LiteLLM: LiteLLM: Unauthorized data access and modification via SQL injection | known not affected: 4 | 2026-07-11T17:20:02+00:00 | Vulnerability · Source |
| CVE-2026-10536 | microsoft_vex | HTTP/2 stream-dependency tree UAF | known affected: 2 known not affected: 4 | 2026-07-11T14:38:42+00:00 | Vulnerability · Source |
| CVE-2026-14738 | redhat_vex | exo: Exo: Information disclosure due to weak hash algorithm | known not affected: 1 | 2026-07-11T08:54:57+00:00 | Vulnerability · Source |
| CVE-2026-54908 | microsoft_vex | Pion DTLS: Denial of service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message | fixed: 1 known affected: 1 | 2026-07-11T01:41:05+00:00 | Vulnerability · Source |
| CVE-2026-54886 | microsoft_vex | SSH SFTP server denial of service via extended channel data infinite loop | fixed: 1 known affected: 1 | 2026-07-11T01:40:30+00:00 | Vulnerability · Source |
| CVE-2026-45570 | microsoft_vex | go-git: Improper single-quote escaping in go-git SSH transport | fixed: 1 known affected: 3 | 2026-07-11T01:39:57+00:00 | Vulnerability · Source |
| CVE-2026-45571 | microsoft_vex | go-git: Crafted repositories may modify main and submodule .git directories | fixed: 1 known affected: 3 | 2026-07-11T01:39:50+00:00 | Vulnerability · Source |
| CVE-2024-7598 | microsoft_vex | Network restriction bypass via race condition during namespace termination | fixed: 1 known affected: 13 under investigation: 3 | 2026-07-11T01:38:52+00:00 | Vulnerability · Source |
| CVE-2026-56000 | microsoft_vex | xorg-x11-server / xwayland GLX contextTags Use-After-Free in CommonMakeCurrent() | known affected: 2 | 2026-07-11T01:08:33+00:00 | Vulnerability · Source |
| CVE-2026-59869 | microsoft_vex | js-yaml: YAML merge-key chains can force quadratic CPU consumption | known affected: 1 | 2026-07-11T01:07:43+00:00 | Vulnerability · Source |
| CVE-2026-59930 | microsoft_vex | Mistune toc / TableOfContents directive: heading IDs use predictable `toc_N` numbering with no slugification, allowing collision with attacker-controlled `id="toc_N"` content | known affected: 1 | 2026-07-11T01:07:18+00:00 | Vulnerability · Source |
| CVE-2026-59922 | microsoft_vex | Mistune plugins/formatting: quadratic-time parsing on long runs of `~~x~~`, `==x==`, and `^^x^^` markers (strikethrough / mark / insert) | known affected: 1 | 2026-07-11T01:07:11+00:00 | Vulnerability · Source |
| CVE-2026-59925 | microsoft_vex | inline_parser: quadratic-time parsing on long runs of `**x**` and `***x***` emphasis pairs | known affected: 1 | 2026-07-11T01:07:05+00:00 | Vulnerability · Source |
| CVE-2026-59926 | microsoft_vex | Mistune: XSS via unescaped class option in Admonition directive | known affected: 1 | 2026-07-11T01:06:59+00:00 | Vulnerability · Source |
| CVE-2026-59928 | microsoft_vex | Mistune block_parser: quadratic-time parsing on long lists of repeated reference-link definitions | known affected: 1 | 2026-07-11T01:06:53+00:00 | Vulnerability · Source |
| CVE-2026-14740 | microsoft_vex | DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment | known affected: 1 | 2026-07-11T01:06:45+00:00 | Vulnerability · Source |
| CVE-2026-14380 | microsoft_vex | DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile | known affected: 1 | 2026-07-11T01:06:39+00:00 | Vulnerability · Source |
| CVE-2026-14739 | microsoft_vex | DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders | known affected: 1 | 2026-07-11T01:06:33+00:00 | Vulnerability · Source |
| CVE-2026-59998 | microsoft_vex | sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory. | known affected: 1 | 2026-07-11T01:02:59+00:00 | Vulnerability · Source |
| CVE-2026-20244 | microsoft_vex | ClamAV DMG File Processing Denial of Service Vulnerability | known affected: 1 | 2026-07-11T01:02:00+00:00 | Vulnerability · Source |
| CVE-2026-20243 | microsoft_vex | ClamAV ALZ Archive Processing Denial of Service Vulnerability | known affected: 1 | 2026-07-11T01:01:53+00:00 | Vulnerability · Source |
| CVE-2026-20217 | microsoft_vex | ClamAV PESpin File Format Processing Out-of-Bounds Memory Corruption Vulnerability | known affected: 1 | 2026-07-11T01:01:47+00:00 | Vulnerability · Source |
| CVE-2026-20216 | microsoft_vex | ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerability | known affected: 1 | 2026-07-11T01:01:41+00:00 | Vulnerability · Source |
| CVE-2026-20215 | microsoft_vex | ClamAV 7Zip File Format Processing Out-of-Bounds Memory Corruption Vulnerability | known affected: 1 | 2026-07-11T01:01:35+00:00 | Vulnerability · Source |
| CVE-2026-20214 | microsoft_vex | ClamAV FSG File Format Processing Out-of-Bounds Memory Corruption Vulnerability | known affected: 1 | 2026-07-11T01:01:29+00:00 | Vulnerability · Source |
| CVE-2026-20213 | microsoft_vex | ClamAV PE File Format Processing Out-of-Bounds Memory Corruption Vulnerability | known affected: 1 | 2026-07-11T01:01:22+00:00 | Vulnerability · Source |
| CVE-2026-59856 | microsoft_vex | Vim: Arbitrary Code Execution via PHP Omni-Completion | known affected: 1 | 2026-07-11T01:01:16+00:00 | Vulnerability · Source |
| CVE-2025-56005 | redhat_vex | ply: python-ply: Unsafe pickle file handling in Ply | known affected: 434 known not affected: 32 | 2026-07-10T23:21:53+00:00 | Vulnerability · Source |
| CVE-2026-49980 | redhat_vex | github.com/rclone/rclone: Rclone: Remote Code Execution via unauthenticated requests when `rcd --rc-serve` is enabled | known not affected: 6 | 2026-07-10T22:04:55+00:00 | Vulnerability · Source |
| CVE-2026-47261 | redhat_vex | wasmtime-wasi: Wasmtime: Wasmtime: Access control bypass allows unauthorized file truncation via specific open flags. | known affected: 3 | 2026-07-10T21:29:54+00:00 | Vulnerability · Source |
| CVE-2025-4330 | redhat_vex | cpython: python: Extraction filter bypass for linking outside extraction directory | fixed: 1027 known affected: 71 known not affected: 49 | 2026-07-10T20:52:45+00:00 | Vulnerability · Source |
| CVE-2026-59882 | redhat_vex | guzzlehttp/psr7: guzzlehttp/psr7: URI host validation flaw can lead to security bypass or misrouting | known not affected: 1 | 2026-07-10T20:44:53+00:00 | Vulnerability · Source |
| CVE-2026-55404 | redhat_vex | yt-dlp: youtube-dl: yt-dlp/youtube-dl: Arbitrary Code Execution via Malicious Shortcut File Generation | known not affected: 1 | 2026-07-10T20:40:12+00:00 | Vulnerability · Source |
| CVE-2026-41901 | redhat_vex | thymeleaf: Thymeleaf: Server-Side Template Injection (SSTI) via expression execution bypass | known affected: 3 known not affected: 2 | 2026-07-10T20:14:55+00:00 | Vulnerability · Source |
| CVE-2026-53449 | redhat_vex | coturn: Coturn: Arbitrary file overwrite via CLI command | known not affected: 1 | 2026-07-10T20:10:05+00:00 | Vulnerability · Source |
| CVE-2026-53450 | redhat_vex | coturn: Coturn: Localhost services exposed via IPv4-mapped IPv6 address bypass | known not affected: 1 | 2026-07-10T20:09:57+00:00 | Vulnerability · Source |
| CVE-2026-53448 | redhat_vex | coturn: Coturn: Arbitrary code execution via SQL injection in HTTPS admin panel | known not affected: 1 | 2026-07-10T20:09:55+00:00 | Vulnerability · Source |
| CVE-2026-59180 | redhat_vex | apprise: Apprise: Information disclosure via HTTP redirect following with credential resending | known not affected: 1 | 2026-07-10T19:54:52+00:00 | Vulnerability · Source |
| CVE-2026-59871 | redhat_vex | node-tar: node-tar: Denial of Service due to incorrect PAX path handling | known affected: 160 known not affected: 1 | 2026-07-10T19:14:58+00:00 | Vulnerability · Source |