VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221637 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2025-68121 | redhat_vex | crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption | fixed: 6918 known affected: 204 known not affected: 3880 under investigation: 42 | 2026-07-15T07:51:31+00:00 | Vulnerability · Source |
| CVE-2026-42264 | redhat_vex | axios: Axios: Prototype pollution allows information disclosure and request manipulation | fixed: 44 known affected: 47 known not affected: 176 | 2026-07-15T07:51:06+00:00 | Vulnerability · Source |
| CVE-2026-34986 | redhat_vex | github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object | fixed: 1888 known affected: 169 known not affected: 10840 under investigation: 1 | 2026-07-15T07:42:02+00:00 | Vulnerability · Source |
| CVE-2026-39835 | redhat_vex | golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate | fixed: 653 known affected: 151 known not affected: 313 under investigation: 1 | 2026-07-15T07:16:20+00:00 | Vulnerability · Source |
| CVE-2026-14251 | redhat_vex | gitops-operator: gitops-operator: Missing allowedNamespace check in ReconcilerHook for ClusterRole/Role cases enables potential privilege escalation and DoS | known affected: 2 | 2026-07-15T07:00:53+00:00 | Vulnerability · Source |
| CVE-2026-10846 | redhat_vex | ldns: ldns: Off-path poisoning attacks due to insufficient query-response matching | known affected: 25 | 2026-07-15T06:55:46+00:00 | Vulnerability · Source |
| CVE-2026-44740 | redhat_vex | github.com/go-git/go-billy: Billy: Denial of Service via crafted input due to insufficient validation | fixed: 112 known affected: 218 known not affected: 70 | 2026-07-15T05:51:28+00:00 | Vulnerability · Source |
| CVE-2026-12325 | redhat_vex | firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component | fixed: 260 known affected: 8 | 2026-07-15T05:48:54+00:00 | Vulnerability · Source |
| CVE-2026-12324 | redhat_vex | firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component | fixed: 260 known affected: 8 | 2026-07-15T05:48:51+00:00 | Vulnerability · Source |
| CVE-2026-39244 | redhat_vex | adm-zip: adm-zip: Denial of Service via crafted ZIP file leading to excessive memory allocation | known affected: 15 under investigation: 7 | 2026-07-15T05:48:37+00:00 | Vulnerability · Source |
| CVE-2026-12330 | redhat_vex | firefox: thunderbird: Incorrect boundary conditions in the Internationalization component | fixed: 260 known affected: 8 | 2026-07-15T05:47:54+00:00 | Vulnerability · Source |
| CVE-2026-12327 | redhat_vex | firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 | fixed: 260 known affected: 8 | 2026-07-15T05:47:51+00:00 | Vulnerability · Source |
| CVE-2026-12315 | redhat_vex | firefox: thunderbird: Mitigation bypass in the DOM: Security component | fixed: 260 known affected: 8 | 2026-07-15T05:47:48+00:00 | Vulnerability · Source |
| CVE-2026-12314 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:47:47+00:00 | Vulnerability · Source |
| CVE-2026-12313 | redhat_vex | firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component | fixed: 260 known affected: 8 | 2026-07-15T05:47:46+00:00 | Vulnerability · Source |
| CVE-2026-12312 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:47:41+00:00 | Vulnerability · Source |
| CVE-2026-12311 | redhat_vex | firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component | fixed: 260 known affected: 8 | 2026-07-15T05:47:39+00:00 | Vulnerability · Source |
| CVE-2026-12310 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:47:37+00:00 | Vulnerability · Source |
| CVE-2026-12309 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:47:34+00:00 | Vulnerability · Source |
| CVE-2026-12308 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:47:31+00:00 | Vulnerability · Source |
| CVE-2026-12307 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:47:27+00:00 | Vulnerability · Source |
| CVE-2026-12306 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:47:26+00:00 | Vulnerability · Source |
| CVE-2026-12305 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:47:24+00:00 | Vulnerability · Source |
| CVE-2026-12302 | redhat_vex | firefox: thunderbird: Mitigation bypass in the DOM: Security component | fixed: 260 known affected: 8 | 2026-07-15T05:47:21+00:00 | Vulnerability · Source |
| CVE-2026-12304 | redhat_vex | firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component | fixed: 260 known affected: 8 | 2026-07-15T05:47:21+00:00 | Vulnerability · Source |
| CVE-2026-27136 | redhat_vex | golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass | fixed: 218 known affected: 422 known not affected: 168 under investigation: 2 | 2026-07-15T05:47:02+00:00 | Vulnerability · Source |
| CVE-2026-42504 | redhat_vex | mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header | known affected: 117 known not affected: 26 under investigation: 240 | 2026-07-15T05:41:25+00:00 | Vulnerability · Source |
| CVE-2026-46597 | redhat_vex | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs | fixed: 128 known affected: 179 known not affected: 113 under investigation: 73 | 2026-07-15T05:41:23+00:00 | Vulnerability · Source |
| CVE-2026-39832 | redhat_vex | golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions | fixed: 580 known affected: 95 known not affected: 189 under investigation: 3 | 2026-07-15T05:41:08+00:00 | Vulnerability · Source |
| CVE-2026-39831 | redhat_vex | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check | fixed: 128 known affected: 176 known not affected: 113 under investigation: 74 | 2026-07-15T05:37:18+00:00 | Vulnerability · Source |
| CVE-2026-33811 | redhat_vex | net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME | fixed: 497 known affected: 262 known not affected: 516 under investigation: 17 | 2026-07-15T05:37:12+00:00 | Vulnerability · Source |
| CVE-2026-39820 | redhat_vex | net/mail: golang: Go net/mail: Denial of Service via crafted email inputs | fixed: 85 known affected: 148 known not affected: 225 under investigation: 132 | 2026-07-15T05:37:07+00:00 | Vulnerability · Source |
| CVE-2026-32281 | redhat_vex | crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation | fixed: 1123 known affected: 261 known not affected: 1104 | 2026-07-15T05:34:17+00:00 | Vulnerability · Source |
| CVE-2025-61728 | redhat_vex | golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip | fixed: 6567 known affected: 110 known not affected: 4103 | 2026-07-15T05:33:36+00:00 | Vulnerability · Source |
| CVE-2026-39830 | redhat_vex | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses | fixed: 578 known affected: 191 known not affected: 484 under investigation: 4 | 2026-07-15T05:33:22+00:00 | Vulnerability · Source |
| CVE-2026-39828 | redhat_vex | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions | fixed: 241 known affected: 154 known not affected: 403 under investigation: 1 | 2026-07-15T05:33:18+00:00 | Vulnerability · Source |
| CVE-2026-39829 | redhat_vex | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters | fixed: 628 known affected: 171 known not affected: 525 under investigation: 3 | 2026-07-15T05:33:08+00:00 | Vulnerability · Source |
| CVE-2026-42508 | redhat_vex | golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey | fixed: 496 known affected: 51 known not affected: 261 under investigation: 3 | 2026-07-15T05:33:05+00:00 | Vulnerability · Source |
| CVE-2026-46595 | redhat_vex | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation | fixed: 207 known affected: 60 known not affected: 889 under investigation: 3 | 2026-07-15T05:31:47+00:00 | Vulnerability · Source |
| CVE-2026-39821 | redhat_vex | golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing | fixed: 603 known affected: 259 known not affected: 1002 under investigation: 5 | 2026-07-15T05:31:43+00:00 | Vulnerability · Source |
| CVE-2026-12329 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:31:38+00:00 | Vulnerability · Source |
| CVE-2026-12328 | redhat_vex | firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 | fixed: 260 known affected: 8 | 2026-07-15T05:31:33+00:00 | Vulnerability · Source |
| CVE-2026-12299 | redhat_vex | firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component | fixed: 260 known affected: 8 | 2026-07-15T05:31:28+00:00 | Vulnerability · Source |
| CVE-2026-12298 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:31:24+00:00 | Vulnerability · Source |
| CVE-2026-12297 | redhat_vex | firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component | fixed: 260 known affected: 8 | 2026-07-15T05:31:18+00:00 | Vulnerability · Source |
| CVE-2026-12296 | redhat_vex | firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component | fixed: 260 known affected: 8 | 2026-07-15T05:31:14+00:00 | Vulnerability · Source |
| CVE-2026-12295 | redhat_vex | firefox: thunderbird: Sandbox escape in the DOM: Navigation component | fixed: 260 known affected: 8 | 2026-07-15T05:31:06+00:00 | Vulnerability · Source |
| CVE-2026-12294 | redhat_vex | firefox: thunderbird: Sandbox escape in the DOM: Workers component | fixed: 260 known affected: 8 | 2026-07-15T05:31:00+00:00 | Vulnerability · Source |
| CVE-2026-12292 | redhat_vex | firefox: thunderbird: Incorrect boundary conditions in the Web Audio component | fixed: 260 known affected: 8 | 2026-07-15T05:30:53+00:00 | Vulnerability · Source |
| CVE-2026-12291 | redhat_vex | firefox: thunderbird: Use-after-free in the Networking: HTTP component | fixed: 260 known affected: 8 | 2026-07-15T05:30:47+00:00 | Vulnerability · Source |