VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221670 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-46209 redhat_vex kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() fixed: 812 known affected: 22 known not affected: 42 2026-07-15T15:59:43+00:00 Vulnerability · Source
CVE-2026-46135 redhat_vex kernel: nvmet-tcp: fix race between ICReq handling and queue teardown fixed: 1625 known affected: 22 known not affected: 42 2026-07-15T15:59:36+00:00 Vulnerability · Source
CVE-2026-43027 redhat_vex kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup fixed: 1691 known affected: 36 known not affected: 28 2026-07-15T15:59:34+00:00 Vulnerability · Source
CVE-2026-31684 redhat_vex kernel: net: sched: act_csum: validate nested VLAN headers fixed: 812 known affected: 50 known not affected: 14 2026-07-15T15:59:31+00:00 Vulnerability · Source
CVE-2026-31613 redhat_vex kernel: smb: client: fix OOB reads parsing symlink error response fixed: 812 known affected: 22 known not affected: 42 2026-07-15T15:59:27+00:00 Vulnerability · Source
CVE-2025-68183 redhat_vex kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr fixed: 1858 known affected: 33 known not affected: 31 2026-07-15T15:59:26+00:00 Vulnerability · Source
CVE-2026-53166 redhat_vex kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock fixed: 943 known affected: 50 known not affected: 14 2026-07-15T15:59:25+00:00 Vulnerability · Source
CVE-2026-46189 redhat_vex kernel: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path fixed: 1551 known affected: 50 known not affected: 14 2026-07-15T15:59:23+00:00 Vulnerability · Source
CVE-2026-43499 redhat_vex kernel: rtmutex: Use waiter::task instead of current in remove_waiter() fixed: 943 known affected: 64 2026-07-15T15:59:20+00:00 Vulnerability · Source
CVE-2026-32281 redhat_vex crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation fixed: 1127 known affected: 260 known not affected: 1104 2026-07-15T15:54:45+00:00 Vulnerability · Source
CVE-2026-40898 redhat_vex github.com/quic-go/quic-go: quic-go: Denial of Service via excessive memory allocation in HTTP/3 trailers fixed: 3 known affected: 15 known not affected: 10 2026-07-15T15:52:03+00:00 Vulnerability · Source
CVE-2026-33815 redhat_vex github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability fixed: 106 known affected: 58 known not affected: 565 2026-07-15T15:51:38+00:00 Vulnerability · Source
CVE-2026-54283 redhat_vex starlette: Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS fixed: 3 known affected: 60 known not affected: 11 2026-07-15T15:51:31+00:00 Vulnerability · Source
CVE-2026-33186 redhat_vex google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation fixed: 2457 known affected: 409 known not affected: 27379 under investigation: 1 2026-07-15T15:48:29+00:00 Vulnerability · Source
CVE-2025-61729 redhat_vex crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate fixed: 7441 known affected: 440 known not affected: 4587 under investigation: 2 2026-07-15T15:47:56+00:00 Vulnerability · Source
CVE-2026-25679 redhat_vex net/url: Incorrect parsing of IPv6 host literals in net/url fixed: 8878 known affected: 164 known not affected: 4229 under investigation: 1 2026-07-15T15:47:27+00:00 Vulnerability · Source
CVE-2026-53488 redhat_vex github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin fixed: 56 known affected: 162 known not affected: 176 2026-07-15T15:47:22+00:00 Vulnerability · Source
CVE-2026-29181 redhat_vex github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers fixed: 4 known affected: 6 known not affected: 124 under investigation: 2 2026-07-15T15:46:05+00:00 Vulnerability · Source
CVE-2026-39828 redhat_vex golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions fixed: 241 known affected: 150 known not affected: 407 under investigation: 1 2026-07-15T15:41:45+00:00 Vulnerability · Source
CVE-2026-52725 redhat_vex @angular/core: @angular/core: Cross-Site Scripting (XSS) via dynamic component creation bypass known affected: 3 known not affected: 79 2026-07-15T15:41:29+00:00 Vulnerability · Source
CVE-2026-54268 redhat_vex @angular/common: Angular @angular/common: Denial of Service via crafted date format string known affected: 1 known not affected: 81 2026-07-15T15:41:21+00:00 Vulnerability · Source
CVE-2026-46597 redhat_vex golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs fixed: 128 known affected: 175 known not affected: 117 under investigation: 73 2026-07-15T15:36:23+00:00 Vulnerability · Source
CVE-2026-49477 redhat_vex soupsieve: Soupsieve: Denial of Service via crafted CSS selector strings fixed: 5 known affected: 27 known not affected: 2 under investigation: 8 2026-07-15T15:31:28+00:00 Vulnerability · Source
CVE-2026-49476 redhat_vex soupsieve: python-soupsieve: Soupsieve: Denial of Service via crafted CSS selector string fixed: 5 known affected: 39 known not affected: 1 2026-07-15T15:31:24+00:00 Vulnerability · Source
CVE-2026-27136 redhat_vex golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass fixed: 218 known affected: 418 known not affected: 172 under investigation: 2 2026-07-15T15:26:59+00:00 Vulnerability · Source
CVE-2026-28390 redhat_vex openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing fixed: 301 known affected: 307 known not affected: 283 under investigation: 7 2026-07-15T15:21:36+00:00 Vulnerability · Source
CVE-2026-54399 redhat_vex org.apache.httpcomponents.core5/httpcore5: Apache HttpComponents Core: Denial of Service via excessive HTTP headers known affected: 50 known not affected: 15 2026-07-15T15:21:29+00:00 Vulnerability · Source
CVE-2026-0636 redhat_vex bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java fixed: 29 known affected: 30 known not affected: 293 2026-07-15T15:21:24+00:00 Vulnerability · Source
CVE-2025-14813 redhat_vex bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly fixed: 31 known affected: 33 known not affected: 496 2026-07-15T15:21:22+00:00 Vulnerability · Source
CVE-2026-5588 redhat_vex bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid fixed: 131 known affected: 18 known not affected: 185 2026-07-15T15:21:19+00:00 Vulnerability · Source
CVE-2026-9697 redhat_vex undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy fixed: 132 known affected: 36 known not affected: 150 2026-07-15T15:16:31+00:00 Vulnerability · Source
CVE-2026-50193 redhat_vex jackson-databind: Jackson-databind: Denial of Service via deeply nested JSON processing known affected: 66 known not affected: 94 2026-07-15T15:12:30+00:00 Vulnerability · Source
CVE-2026-9073 redhat_vex foreman-mcp-server: MCP Server: Insecure Sensitive HTTP Header Sanitization fixed: 2 2026-07-15T15:08:51+00:00 Vulnerability · Source
CVE-2026-10879 redhat_vex perl-DBI: perl-DBI: Heap overflow in SQL preparsing can lead to denial of service or arbitrary code execution. known affected: 10 2026-07-15T15:08:47+00:00 Vulnerability · Source
CVE-2026-34986 redhat_vex github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object fixed: 1888 known affected: 171 known not affected: 10842 under investigation: 1 2026-07-15T15:08:36+00:00 Vulnerability · Source
CVE-2026-47429 redhat_vex vitest: Vitest: Arbitrary code execution and information disclosure via path traversal fixed: 3 known not affected: 9 2026-07-15T15:04:44+00:00 Vulnerability · Source
CVE-2026-47428 redhat_vex vitest: Vitest: Arbitrary code execution via crafted browser-runner URL fixed: 3 known not affected: 7 2026-07-15T15:04:43+00:00 Vulnerability · Source
CVE-2026-6322 redhat_vex fast-uri: fast-uri: URI authority bypass due to improper delimiter handling fixed: 115 known affected: 56 known not affected: 4905 2026-07-15T15:02:02+00:00 Vulnerability · Source
CVE-2026-46243 redhat_vex kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions fixed: 2434 2026-07-15T15:01:51+00:00 Vulnerability · Source
CVE-2026-33811 redhat_vex net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME fixed: 501 known affected: 261 known not affected: 516 under investigation: 17 2026-07-15T15:01:35+00:00 Vulnerability · Source
CVE-2026-9698 redhat_vex DBI: DBI: Buffer overflow in error handling can lead to arbitrary code execution fixed: 52 known affected: 4 2026-07-15T15:01:08+00:00 Vulnerability · Source
CVE-2026-58494 redhat_vex wasmtime: Wasmtime: Overwrite host files via insufficient permission checks in wasmtime-wasi known affected: 3 2026-07-15T15:00:20+00:00 Vulnerability · Source
CVE-2026-48525 redhat_vex python-pyjwt: PyJWT: Denial of Service via processing of crafted detached JWS tokens known affected: 192 known not affected: 6 2026-07-15T15:00:12+00:00 Vulnerability · Source
CVE-2026-48523 redhat_vex python-pyjwt: PyJWT: Verifier-side algorithm bypass leads to unauthorized information access known affected: 180 known not affected: 18 2026-07-15T15:00:07+00:00 Vulnerability · Source
CVE-2026-9678 redhat_vex undici: Undici: Information disclosure due to improper cache-control header parsing fixed: 160 known affected: 38 known not affected: 8 2026-07-15T15:00:04+00:00 Vulnerability · Source
CVE-2026-44216 redhat_vex wasmtime: Wasmtime: Denial of Service via large WebAssembly table allocation known affected: 1 known not affected: 1 2026-07-15T14:59:30+00:00 Vulnerability · Source
CVE-2026-59869 redhat_vex js-yaml: js-yaml: Denial of Service via crafted YAML documents fixed: 23 known affected: 67 known not affected: 4 under investigation: 122 2026-07-15T14:59:18+00:00 Vulnerability · Source
CVE-2025-68121 redhat_vex crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption fixed: 6918 known affected: 203 known not affected: 3880 under investigation: 42 2026-07-15T14:57:34+00:00 Vulnerability · Source
CVE-2026-53492 redhat_vex github.com/containerd/containerd: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration. fixed: 13 known affected: 203 known not affected: 79 2026-07-15T14:57:09+00:00 Vulnerability · Source
CVE-2026-5260 redhat_vex gnutls: gnutls: Information disclosure via heap overread in RSA key exchange fixed: 700 known affected: 6 known not affected: 61 under investigation: 1 2026-07-15T14:56:52+00:00 Vulnerability · Source