VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
222233 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-59152 | redhat_vex | langsmith: LangSmith SDK TracingMiddleware: Information Disclosure via Arbitrary Server-Side File Read | known affected: 14 | 2026-07-10T10:00:54+00:00 | Vulnerability · Source |
| CVE-2026-53511 | redhat_vex | calibre: Calibre: Arbitrary code execution via malicious e-book file processing | known not affected: 1 | 2026-07-10T09:55:40+00:00 | Vulnerability · Source |
| CVE-2026-58374 | redhat_vex | hostapd: hostapd: Denial of Service via malformed Wi-Fi 7 Multi-Link Operation association request | known affected: 3 | 2026-07-10T09:50:26+00:00 | Vulnerability · Source |
| CVE-2026-14362 | redhat_vex | github.com/hashicorp/memberlist: HashiCorp memberlist: Denial of Service via push/pull state handling | known affected: 15 known not affected: 32 | 2026-07-10T09:30:01+00:00 | Vulnerability · Source |
| CVE-2026-44512 | redhat_vex | onnx: ONNX: Denial of Service via crafted untrusted models | known affected: 16 | 2026-07-10T07:54:47+00:00 | Vulnerability · Source |
| CVE-2026-54528 | redhat_vex | jupyterlab-git: JupyterLab Git: Information disclosure via case-sensitivity bypass in excluded path enforcement | known affected: 15 | 2026-07-10T07:09:53+00:00 | Vulnerability · Source |
| CVE-2026-59925 | redhat_vex | mistune: Mistune: Denial of Service via crafted Markdown input | known affected: 25 | 2026-07-10T07:05:12+00:00 | Vulnerability · Source |
| CVE-2024-12125 | redhat_vex | 3scale-porta: Readonly fields not validated server-side | known affected: 1 | 2026-07-10T06:25:28+00:00 | Vulnerability · Source |
| CVE-2024-28176 | redhat_vex | jose: resource exhaustion | fixed: 584 known affected: 3 known not affected: 2423 | 2026-07-10T04:58:12+00:00 | Vulnerability · Source |
| CVE-2023-24536 | redhat_vex | golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption | fixed: 1648 known affected: 101 known not affected: 1097 | 2026-07-10T04:58:01+00:00 | Vulnerability · Source |
| CVE-2026-42198 | redhat_vex | jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication | fixed: 8 known affected: 6 | 2026-07-10T01:19:46+00:00 | Vulnerability · Source |
| CVE-2026-53916 | redhat_vex | activemq-stomp: Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec | known affected: 121 | 2026-07-10T01:14:51+00:00 | Vulnerability · Source |
| CVE-2026-33747 | redhat_vex | BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend | fixed: 137 known affected: 46 known not affected: 335 | 2026-07-10T01:04:59+00:00 | Vulnerability · Source |
| CVE-2026-49432 | redhat_vex | org.apache.activemq/activemq: org.apache.activemq/activemq-all: org.apache.activemq/activemq-stomp: Apache ActiveMQ: Denial of Service via improper input validation in STOMP connector | known affected: 122 | 2026-07-10T01:04:53+00:00 | Vulnerability · Source |
| CVE-2026-33748 | redhat_vex | github.com/moby/buildkit: BuildKit: Unauthorized file access via Git URL fragment subdir components | fixed: 133 known affected: 42 known not affected: 310 | 2026-07-09T23:28:58+00:00 | Vulnerability · Source |
| CVE-2025-53643 | redhat_vex | aiohttp: AIOHTTP HTTP Request/Response Smuggling | fixed: 36 known affected: 17 known not affected: 859 | 2026-07-09T23:10:42+00:00 | Vulnerability · Source |
| CVE-2026-44291 | redhat_vex | protobufjs: protobufjs: Arbitrary Code Execution via prototype pollution | known affected: 33 known not affected: 12 | 2026-07-09T22:57:26+00:00 | Vulnerability · Source |
| CVE-2026-44292 | redhat_vex | protobufjs: protobufjs: Data integrity impact due to prototype pollution | known affected: 35 known not affected: 10 | 2026-07-09T22:57:23+00:00 | Vulnerability · Source |
| CVE-2026-46331 | redhat_vex | kernel: net/sched: act_pedit: extend the writable skb range per key | fixed: 2297 known not affected: 43 | 2026-07-09T22:51:24+00:00 | Vulnerability · Source |
| CVE-2026-1519 | redhat_vex | bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone | fixed: 1136 known not affected: 434 | 2026-07-09T22:50:25+00:00 | Vulnerability · Source |
| CVE-2026-9563 | redhat_vex | org.eclipse.parsson/parsson: Eclipse Parsson: Denial of Service via uncontrolled resource consumption in JSON parsing | known affected: 17 known not affected: 12 | 2026-07-09T22:19:54+00:00 | Vulnerability · Source |
| CVE-2026-53435 | redhat_vex | jenkins: Jenkins: Arbitrary code execution via deserialization of attacker-controlled configuration | known affected: 1 | 2026-07-09T22:09:44+00:00 | Vulnerability · Source |
| CVE-2026-49975 | redhat_vex | httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack | fixed: 323 known not affected: 94 | 2026-07-09T22:04:45+00:00 | Vulnerability · Source |
| CVE-2026-35536 | redhat_vex | tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments | fixed: 121 known affected: 26 known not affected: 242 under investigation: 1 | 2026-07-09T21:14:56+00:00 | Vulnerability · Source |
| CVE-2026-33699 | redhat_vex | pypdf: pypdf: Denial of Service via crafted PDF in non-strict mode | fixed: 2 known affected: 7 known not affected: 234 | 2026-07-09T21:14:50+00:00 | Vulnerability · Source |
| CVE-2026-31958 | redhat_vex | tornado-python: Tornado: Denial of Service via large multipart bodies | fixed: 253 known affected: 11 known not affected: 576 | 2026-07-09T21:14:41+00:00 | Vulnerability · Source |
| CVE-2026-28684 | redhat_vex | python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following | fixed: 30 known affected: 45 known not affected: 769 | 2026-07-09T21:14:40+00:00 | Vulnerability · Source |
| CVE-2026-42035 | redhat_vex | axios: Axios: Arbitrary HTTP header injection via prototype pollution | fixed: 172 known affected: 42 known not affected: 2576 | 2026-07-09T21:09:40+00:00 | Vulnerability · Source |
| CVE-2026-41242 | redhat_vex | protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields | fixed: 14 known affected: 27 known not affected: 458 under investigation: 14 | 2026-07-09T21:06:40+00:00 | Vulnerability · Source |
| CVE-2026-40192 | redhat_vex | Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing | fixed: 150 known affected: 25 known not affected: 1573 | 2026-07-09T21:06:36+00:00 | Vulnerability · Source |
| CVE-2026-34070 | redhat_vex | langchain: path traversal in legacy load_prompt functions in langchain-core | fixed: 8 known affected: 3 known not affected: 330 | 2026-07-09T21:06:25+00:00 | Vulnerability · Source |
| CVE-2026-33236 | redhat_vex | nltk: NLTK: Arbitrary file overwrite and creation via path traversal in XML index files | fixed: 6 known affected: 10 known not affected: 698 | 2026-07-09T21:06:21+00:00 | Vulnerability · Source |
| CVE-2026-33231 | redhat_vex | nltk: NLTK: Denial of Service via unauthenticated remote shutdown | fixed: 6 known affected: 9 known not affected: 699 | 2026-07-09T21:06:15+00:00 | Vulnerability · Source |
| CVE-2026-32640 | redhat_vex | simpleeval: SimpleEval: Arbitrary code execution via sandbox escape due to improper object handling | fixed: 6 known affected: 4 known not affected: 437 | 2026-07-09T21:06:01+00:00 | Vulnerability · Source |
| CVE-2026-32597 | redhat_vex | pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation) | fixed: 1175 known affected: 25 known not affected: 1960 | 2026-07-09T21:05:58+00:00 | Vulnerability · Source |
| CVE-2026-28356 | redhat_vex | multipart: denial of service via maliciously crafted HTTP or multipart segment headers | fixed: 12 known affected: 21 known not affected: 468 | 2026-07-09T21:05:46+00:00 | Vulnerability · Source |
| CVE-2026-27893 | redhat_vex | vllm: vLLM: Remote code execution due to hardcoded trust_remote_code setting | fixed: 20 known affected: 6 known not affected: 683 | 2026-07-09T21:05:45+00:00 | Vulnerability · Source |
| CVE-2026-5241 | redhat_vex | python-transformers: python-transformers: Arbitrary code execution due to overridden trust_remote_code setting | fixed: 21 known affected: 44 known not affected: 545 | 2026-07-09T21:05:28+00:00 | Vulnerability · Source |
| CVE-2026-2614 | redhat_vex | mlflow: mlflow: Arbitrary file read via bypassed source path validation | fixed: 7 known affected: 14 known not affected: 550 | 2026-07-09T21:05:20+00:00 | Vulnerability · Source |
| CVE-2026-1462 | redhat_vex | keras: Keras: Arbitrary Code Execution Vulnerability Bypassing Safe Mode | fixed: 8 known affected: 1 known not affected: 439 | 2026-07-09T21:05:14+00:00 | Vulnerability · Source |
| CVE-2025-62718 | redhat_vex | axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization | fixed: 157 known affected: 62 known not affected: 1678 | 2026-07-09T21:02:33+00:00 | Vulnerability · Source |
| CVE-2026-42570 | redhat_vex | devalue: devalue: Excessive memory consumption via deserialization of sparse arrays | fixed: 1 known not affected: 9 under investigation: 1 | 2026-07-09T21:02:01+00:00 | Vulnerability · Source |
| CVE-2026-40175 | redhat_vex | axios: Axios: Remote Code Execution via Prototype Pollution escalation | fixed: 139 known affected: 13 known not affected: 4880 | 2026-07-09T21:00:45+00:00 | Vulnerability · Source |
| CVE-2026-29074 | redhat_vex | svgo: SVGO: Denial of Service via XML entity expansion | fixed: 108 known affected: 23 known not affected: 1723 | 2026-07-09T21:00:28+00:00 | Vulnerability · Source |
| CVE-2026-42043 | redhat_vex | axios: Axios: NO_PROXY bypass via crafted URL | fixed: 142 known affected: 34 known not affected: 2451 | 2026-07-09T20:58:23+00:00 | Vulnerability · Source |
| CVE-2026-42033 | redhat_vex | axios: Axios: HTTP Transport Hijacking via Prototype Pollution | fixed: 142 known affected: 40 known not affected: 2446 | 2026-07-09T20:58:06+00:00 | Vulnerability · Source |
| CVE-2026-40895 | redhat_vex | follow-redirects: follow-redirects: Information disclosure via cross-domain redirects | fixed: 187 known affected: 43 known not affected: 2942 | 2026-07-09T20:58:00+00:00 | Vulnerability · Source |
| CVE-2026-59936 | redhat_vex | pypdf: pypdf: Denial of Service via crafted PDF inline image | known affected: 11 | 2026-07-09T20:55:00+00:00 | Vulnerability · Source |
| CVE-2026-13320 | redhat_vex | gitlab: GitLab: Arbitrary script execution via improper input sanitization | known not affected: 4 | 2026-07-09T20:45:24+00:00 | Vulnerability · Source |
| CVE-2026-46090 | redhat_vex | kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop | fixed: 2073 known affected: 33 under investigation: 14 | 2026-07-09T20:40:53+00:00 | Vulnerability · Source |