VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

222233 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-59152 redhat_vex langsmith: LangSmith SDK TracingMiddleware: Information Disclosure via Arbitrary Server-Side File Read known affected: 14 2026-07-10T10:00:54+00:00 Vulnerability · Source
CVE-2026-53511 redhat_vex calibre: Calibre: Arbitrary code execution via malicious e-book file processing known not affected: 1 2026-07-10T09:55:40+00:00 Vulnerability · Source
CVE-2026-58374 redhat_vex hostapd: hostapd: Denial of Service via malformed Wi-Fi 7 Multi-Link Operation association request known affected: 3 2026-07-10T09:50:26+00:00 Vulnerability · Source
CVE-2026-14362 redhat_vex github.com/hashicorp/memberlist: HashiCorp memberlist: Denial of Service via push/pull state handling known affected: 15 known not affected: 32 2026-07-10T09:30:01+00:00 Vulnerability · Source
CVE-2026-44512 redhat_vex onnx: ONNX: Denial of Service via crafted untrusted models known affected: 16 2026-07-10T07:54:47+00:00 Vulnerability · Source
CVE-2026-54528 redhat_vex jupyterlab-git: JupyterLab Git: Information disclosure via case-sensitivity bypass in excluded path enforcement known affected: 15 2026-07-10T07:09:53+00:00 Vulnerability · Source
CVE-2026-59925 redhat_vex mistune: Mistune: Denial of Service via crafted Markdown input known affected: 25 2026-07-10T07:05:12+00:00 Vulnerability · Source
CVE-2024-12125 redhat_vex 3scale-porta: Readonly fields not validated server-side known affected: 1 2026-07-10T06:25:28+00:00 Vulnerability · Source
CVE-2024-28176 redhat_vex jose: resource exhaustion fixed: 584 known affected: 3 known not affected: 2423 2026-07-10T04:58:12+00:00 Vulnerability · Source
CVE-2023-24536 redhat_vex golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption fixed: 1648 known affected: 101 known not affected: 1097 2026-07-10T04:58:01+00:00 Vulnerability · Source
CVE-2026-42198 redhat_vex jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication fixed: 8 known affected: 6 2026-07-10T01:19:46+00:00 Vulnerability · Source
CVE-2026-53916 redhat_vex activemq-stomp: Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec known affected: 121 2026-07-10T01:14:51+00:00 Vulnerability · Source
CVE-2026-33747 redhat_vex BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend fixed: 137 known affected: 46 known not affected: 335 2026-07-10T01:04:59+00:00 Vulnerability · Source
CVE-2026-49432 redhat_vex org.apache.activemq/activemq: org.apache.activemq/activemq-all: org.apache.activemq/activemq-stomp: Apache ActiveMQ: Denial of Service via improper input validation in STOMP connector known affected: 122 2026-07-10T01:04:53+00:00 Vulnerability · Source
CVE-2026-33748 redhat_vex github.com/moby/buildkit: BuildKit: Unauthorized file access via Git URL fragment subdir components fixed: 133 known affected: 42 known not affected: 310 2026-07-09T23:28:58+00:00 Vulnerability · Source
CVE-2025-53643 redhat_vex aiohttp: AIOHTTP HTTP Request/Response Smuggling fixed: 36 known affected: 17 known not affected: 859 2026-07-09T23:10:42+00:00 Vulnerability · Source
CVE-2026-44291 redhat_vex protobufjs: protobufjs: Arbitrary Code Execution via prototype pollution known affected: 33 known not affected: 12 2026-07-09T22:57:26+00:00 Vulnerability · Source
CVE-2026-44292 redhat_vex protobufjs: protobufjs: Data integrity impact due to prototype pollution known affected: 35 known not affected: 10 2026-07-09T22:57:23+00:00 Vulnerability · Source
CVE-2026-46331 redhat_vex kernel: net/sched: act_pedit: extend the writable skb range per key fixed: 2297 known not affected: 43 2026-07-09T22:51:24+00:00 Vulnerability · Source
CVE-2026-1519 redhat_vex bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone fixed: 1136 known not affected: 434 2026-07-09T22:50:25+00:00 Vulnerability · Source
CVE-2026-9563 redhat_vex org.eclipse.parsson/parsson: Eclipse Parsson: Denial of Service via uncontrolled resource consumption in JSON parsing known affected: 17 known not affected: 12 2026-07-09T22:19:54+00:00 Vulnerability · Source
CVE-2026-53435 redhat_vex jenkins: Jenkins: Arbitrary code execution via deserialization of attacker-controlled configuration known affected: 1 2026-07-09T22:09:44+00:00 Vulnerability · Source
CVE-2026-49975 redhat_vex httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack fixed: 323 known not affected: 94 2026-07-09T22:04:45+00:00 Vulnerability · Source
CVE-2026-35536 redhat_vex tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments fixed: 121 known affected: 26 known not affected: 242 under investigation: 1 2026-07-09T21:14:56+00:00 Vulnerability · Source
CVE-2026-33699 redhat_vex pypdf: pypdf: Denial of Service via crafted PDF in non-strict mode fixed: 2 known affected: 7 known not affected: 234 2026-07-09T21:14:50+00:00 Vulnerability · Source
CVE-2026-31958 redhat_vex tornado-python: Tornado: Denial of Service via large multipart bodies fixed: 253 known affected: 11 known not affected: 576 2026-07-09T21:14:41+00:00 Vulnerability · Source
CVE-2026-28684 redhat_vex python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following fixed: 30 known affected: 45 known not affected: 769 2026-07-09T21:14:40+00:00 Vulnerability · Source
CVE-2026-42035 redhat_vex axios: Axios: Arbitrary HTTP header injection via prototype pollution fixed: 172 known affected: 42 known not affected: 2576 2026-07-09T21:09:40+00:00 Vulnerability · Source
CVE-2026-41242 redhat_vex protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields fixed: 14 known affected: 27 known not affected: 458 under investigation: 14 2026-07-09T21:06:40+00:00 Vulnerability · Source
CVE-2026-40192 redhat_vex Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing fixed: 150 known affected: 25 known not affected: 1573 2026-07-09T21:06:36+00:00 Vulnerability · Source
CVE-2026-34070 redhat_vex langchain: path traversal in legacy load_prompt functions in langchain-core fixed: 8 known affected: 3 known not affected: 330 2026-07-09T21:06:25+00:00 Vulnerability · Source
CVE-2026-33236 redhat_vex nltk: NLTK: Arbitrary file overwrite and creation via path traversal in XML index files fixed: 6 known affected: 10 known not affected: 698 2026-07-09T21:06:21+00:00 Vulnerability · Source
CVE-2026-33231 redhat_vex nltk: NLTK: Denial of Service via unauthenticated remote shutdown fixed: 6 known affected: 9 known not affected: 699 2026-07-09T21:06:15+00:00 Vulnerability · Source
CVE-2026-32640 redhat_vex simpleeval: SimpleEval: Arbitrary code execution via sandbox escape due to improper object handling fixed: 6 known affected: 4 known not affected: 437 2026-07-09T21:06:01+00:00 Vulnerability · Source
CVE-2026-32597 redhat_vex pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation) fixed: 1175 known affected: 25 known not affected: 1960 2026-07-09T21:05:58+00:00 Vulnerability · Source
CVE-2026-28356 redhat_vex multipart: denial of service via maliciously crafted HTTP or multipart segment headers fixed: 12 known affected: 21 known not affected: 468 2026-07-09T21:05:46+00:00 Vulnerability · Source
CVE-2026-27893 redhat_vex vllm: vLLM: Remote code execution due to hardcoded trust_remote_code setting fixed: 20 known affected: 6 known not affected: 683 2026-07-09T21:05:45+00:00 Vulnerability · Source
CVE-2026-5241 redhat_vex python-transformers: python-transformers: Arbitrary code execution due to overridden trust_remote_code setting fixed: 21 known affected: 44 known not affected: 545 2026-07-09T21:05:28+00:00 Vulnerability · Source
CVE-2026-2614 redhat_vex mlflow: mlflow: Arbitrary file read via bypassed source path validation fixed: 7 known affected: 14 known not affected: 550 2026-07-09T21:05:20+00:00 Vulnerability · Source
CVE-2026-1462 redhat_vex keras: Keras: Arbitrary Code Execution Vulnerability Bypassing Safe Mode fixed: 8 known affected: 1 known not affected: 439 2026-07-09T21:05:14+00:00 Vulnerability · Source
CVE-2025-62718 redhat_vex axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization fixed: 157 known affected: 62 known not affected: 1678 2026-07-09T21:02:33+00:00 Vulnerability · Source
CVE-2026-42570 redhat_vex devalue: devalue: Excessive memory consumption via deserialization of sparse arrays fixed: 1 known not affected: 9 under investigation: 1 2026-07-09T21:02:01+00:00 Vulnerability · Source
CVE-2026-40175 redhat_vex axios: Axios: Remote Code Execution via Prototype Pollution escalation fixed: 139 known affected: 13 known not affected: 4880 2026-07-09T21:00:45+00:00 Vulnerability · Source
CVE-2026-29074 redhat_vex svgo: SVGO: Denial of Service via XML entity expansion fixed: 108 known affected: 23 known not affected: 1723 2026-07-09T21:00:28+00:00 Vulnerability · Source
CVE-2026-42043 redhat_vex axios: Axios: NO_PROXY bypass via crafted URL fixed: 142 known affected: 34 known not affected: 2451 2026-07-09T20:58:23+00:00 Vulnerability · Source
CVE-2026-42033 redhat_vex axios: Axios: HTTP Transport Hijacking via Prototype Pollution fixed: 142 known affected: 40 known not affected: 2446 2026-07-09T20:58:06+00:00 Vulnerability · Source
CVE-2026-40895 redhat_vex follow-redirects: follow-redirects: Information disclosure via cross-domain redirects fixed: 187 known affected: 43 known not affected: 2942 2026-07-09T20:58:00+00:00 Vulnerability · Source
CVE-2026-59936 redhat_vex pypdf: pypdf: Denial of Service via crafted PDF inline image known affected: 11 2026-07-09T20:55:00+00:00 Vulnerability · Source
CVE-2026-13320 redhat_vex gitlab: GitLab: Arbitrary script execution via improper input sanitization known not affected: 4 2026-07-09T20:45:24+00:00 Vulnerability · Source
CVE-2026-46090 redhat_vex kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop fixed: 2073 known affected: 33 under investigation: 14 2026-07-09T20:40:53+00:00 Vulnerability · Source