VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221679 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-44918 | redhat_vex | openstack-ironic: Prevent rehoming resources to nodes with different owner | known affected: 10 known not affected: 4 | 2026-07-14T20:10:42+00:00 | Vulnerability · Source |
| CVE-2026-15713 | redhat_vex | libsoup: SoupCache: libsoup: HTTP/2 frame window exhaustion remote denial of service via memory leak | known affected: 16 | 2026-07-14T20:06:07+00:00 | Vulnerability · Source |
| CVE-2026-15714 | redhat_vex | libsoup: SoupMultipartInputStream: libsoup: Out-of-bounds read in soup_multipart_input_stream_read_headers via an oversized multipart boundary string | known affected: 16 | 2026-07-14T20:06:06+00:00 | Vulnerability · Source |
| CVE-2026-15709 | redhat_vex | SoupWebsocketExtensionDeflate: libsoup: libsoup: WebSocket permessage-deflate Unbounded Decompression Remote Denial of Service | known affected: 16 | 2026-07-14T20:06:02+00:00 | Vulnerability · Source |
| CVE-2026-52747 | redhat_vex | ModSecurity: ModSecurity: Security rule bypass due to incorrect handling of line breaks in form data | known affected: 8 | 2026-07-14T20:05:57+00:00 | Vulnerability · Source |
| CVE-2026-15711 | redhat_vex | libsoup: SoupWebsocketConnection: libsoup: WebSocket remote denial of service via oversized control frame protocol violation | known affected: 16 | 2026-07-14T20:05:55+00:00 | Vulnerability · Source |
| CVE-2026-48069 | redhat_vex | grpc-js: @grpc/grpc-js: Client or server crash via malformed compressed message | known affected: 5 | 2026-07-14T20:05:46+00:00 | Vulnerability · Source |
| CVE-2026-52761 | redhat_vex | ModSecurity: ModSecurity: Web Application Firewall rules bypass due to incorrect UTF-8 to Unicode transformation | known affected: 8 | 2026-07-14T19:56:03+00:00 | Vulnerability · Source |
| CVE-2024-4367 | redhat_vex | Mozilla: Arbitrary JavaScript execution in PDF.js | fixed: 234 known affected: 32 | 2026-07-14T19:55:47+00:00 | Vulnerability · Source |
| CVE-2026-52970 | redhat_vex | kernel: netfilter: nft_ct: fix missing expect put in obj eval | known affected: 184 known not affected: 90 | 2026-07-14T19:55:45+00:00 | Vulnerability · Source |
| CVE-2026-53042 | redhat_vex | kernel: fwctl: Fix class init ordering to avoid NULL pointer dereference on device removal | known affected: 76 known not affected: 198 | 2026-07-14T19:45:52+00:00 | Vulnerability · Source |
| CVE-2026-53037 | redhat_vex | kernel: HID: usbhid: fix deadlock in hid_post_reset() | known affected: 274 | 2026-07-14T19:45:47+00:00 | Vulnerability · Source |
| CVE-2026-53038 | redhat_vex | kernel: ima_fs: Correctly create securityfs files for unsupported hash algos | known affected: 76 known not affected: 198 | 2026-07-14T19:45:44+00:00 | Vulnerability · Source |
| CVE-2026-53032 | redhat_vex | kernel: bpf: Fix NULL deref in map_kptr_match_type for scalar regs | known affected: 184 known not affected: 90 | 2026-07-14T19:45:42+00:00 | Vulnerability · Source |
| CVE-2026-44843 | redhat_vex | langchain: LangChain: Information disclosure and data integrity compromise via insecure deserialization | known affected: 14 | 2026-07-14T19:35:53+00:00 | Vulnerability · Source |
| CVE-2026-53007 | redhat_vex | kernel: ice: fix potential NULL pointer deref in error path of ice_set_ringparam() | known affected: 184 known not affected: 90 | 2026-07-14T19:30:41+00:00 | Vulnerability · Source |
| CVE-2026-53008 | redhat_vex | kernel: ice: fix race condition in TX timestamp ring cleanup | known affected: 184 known not affected: 90 | 2026-07-14T19:16:08+00:00 | Vulnerability · Source |
| CVE-2026-15712 | redhat_vex | SoupClientMessageIOHTTP2: libsoup3: libsoup: HTTP/2 GOAWAY frame parsing heap buffer over-read via invalid NUL-termination assumption | known affected: 4 | 2026-07-14T19:06:41+00:00 | Vulnerability · Source |
| CVE-2026-34993 | redhat_vex | aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load() | fixed: 24 known affected: 76 known not affected: 767 under investigation: 6 | 2026-07-14T18:56:42+00:00 | Vulnerability · Source |
| CVE-2026-54512 | redhat_vex | jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass | fixed: 1 known affected: 86 known not affected: 79 under investigation: 3 | 2026-07-14T18:51:04+00:00 | Vulnerability · Source |
| CVE-2026-21441 | redhat_vex | urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) | fixed: 1938 known affected: 394 known not affected: 2918 under investigation: 1 | 2026-07-14T18:44:01+00:00 | Vulnerability · Source |
| CVE-2026-55380 | redhat_vex | python-pillow: Pillow: Denial of Service via crafted GD 2.x image file | fixed: 52 known affected: 82 known not affected: 5 under investigation: 4 | 2026-07-14T18:26:14+00:00 | Vulnerability · Source |
| CVE-2026-44545 | redhat_vex | daphne: daphne: Denial of Service via excessive WebSocket message size | known affected: 12 | 2026-07-14T18:26:03+00:00 | Vulnerability · Source |
| CVE-2026-52985 | redhat_vex | kernel: netdevsim: zero initialize struct iphdr in dummy sk_buff | known affected: 232 known not affected: 42 | 2026-07-14T18:08:10+00:00 | Vulnerability · Source |
| CVE-2026-52949 | redhat_vex | kernel: drm/ttm: Fix ttm_bo_shrink() infinite LRU walk on backup failure | known affected: 184 known not affected: 90 | 2026-07-14T18:08:07+00:00 | Vulnerability · Source |
| CVE-2026-52948 | redhat_vex | kernel: i2c: dev: prevent integer overflow in I2C_TIMEOUT ioctl | known affected: 274 | 2026-07-14T18:08:02+00:00 | Vulnerability · Source |
| CVE-2026-52984 | redhat_vex | kernel: net/sched: netem: fix queue limit check to include reordered packets | known affected: 198 known not affected: 76 | 2026-07-14T18:08:02+00:00 | Vulnerability · Source |
| CVE-2026-53012 | redhat_vex | kernel: nexthop: fix IPv6 route referencing IPv4 nexthop | known affected: 184 known not affected: 90 | 2026-07-14T18:07:09+00:00 | Vulnerability · Source |
| CVE-2026-52961 | redhat_vex | kernel: ceph: fix BUG_ON in __ceph_build_xattrs_blob() due to stale blob size | known affected: 232 known not affected: 42 | 2026-07-14T18:05:08+00:00 | Vulnerability · Source |
| CVE-2026-54432 | redhat_vex | roundcubemail: Roundcube Webmail: Stored Cross-Site Scripting via unescaped attachment MIME type | known not affected: 1 | 2026-07-14T18:05:07+00:00 | Vulnerability · Source |
| CVE-2026-52990 | redhat_vex | kernel: fsnotify: fix inode reference leak in fsnotify_recalc_mask() | known affected: 184 known not affected: 90 | 2026-07-14T18:05:06+00:00 | Vulnerability · Source |
| CVE-2026-62641 | redhat_vex | roundcubemail: Roundcube Webmail: Denial of Service via crafted TNEF compressed-RTF size | known not affected: 1 | 2026-07-14T18:05:04+00:00 | Vulnerability · Source |
| CVE-2026-52977 | redhat_vex | kernel: futex: Prevent lockup in requeue-PI during signal/ timeout wakeup | known affected: 184 known not affected: 90 | 2026-07-14T18:05:03+00:00 | Vulnerability · Source |
| CVE-2026-52980 | redhat_vex | kernel: sched/fair: Clear rel_deadline when initializing forked entities | known affected: 76 known not affected: 198 | 2026-07-14T18:05:02+00:00 | Vulnerability · Source |
| CVE-2026-62644 | redhat_vex | roundcubemail: Roundcube Webmail: Account takeover via username spoofing in password plugin | known not affected: 1 | 2026-07-14T18:05:01+00:00 | Vulnerability · Source |
| CVE-2026-62642 | redhat_vex | roundcubemail: Roundcube Webmail: Denial of Service via infinite loop in TNEF decoder | known not affected: 1 | 2026-07-14T18:05:01+00:00 | Vulnerability · Source |
| CVE-2026-46173 | redhat_vex | kernel: exit: prevent preemption of oopsing TASK_DEAD task | fixed: 1658 known affected: 36 known not affected: 76 | 2026-07-14T18:04:39+00:00 | Vulnerability · Source |
| CVE-2026-43414 | redhat_vex | kernel: scsi: qla2xxx: Completely fix fcport double free | fixed: 1224 known affected: 36 known not affected: 76 | 2026-07-14T18:04:33+00:00 | Vulnerability · Source |
| CVE-2026-43330 | redhat_vex | kernel: crypto: caam - fix overflow on long hmac keys | fixed: 616 known not affected: 198 | 2026-07-14T18:04:31+00:00 | Vulnerability · Source |
| CVE-2026-31408 | redhat_vex | kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold | fixed: 1908 known affected: 64 | 2026-07-14T18:04:25+00:00 | Vulnerability · Source |
| CVE-2025-68724 | redhat_vex | kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id | fixed: 1930 known affected: 23 known not affected: 42 | 2026-07-14T18:04:21+00:00 | Vulnerability · Source |
| CVE-2025-38653 | redhat_vex | kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al | fixed: 1503 known affected: 36 known not affected: 76 | 2026-07-14T18:04:17+00:00 | Vulnerability · Source |
| CVE-2026-46086 | redhat_vex | kernel: net: bridge: use a stable FDB dst snapshot in RCU readers | fixed: 453 known affected: 140 | 2026-07-14T18:04:13+00:00 | Vulnerability · Source |
| CVE-2026-27143 | redhat_vex | golang: cmd/compile: possible memory corruption after bound check elimination | fixed: 3329 known affected: 5 known not affected: 226 | 2026-07-14T17:54:24+00:00 | Vulnerability · Source |
| CVE-2026-27144 | redhat_vex | golang: cmd/compile: no-op interface conversion bypasses overlap checking | fixed: 3333 known affected: 5 known not affected: 222 | 2026-07-14T17:54:24+00:00 | Vulnerability · Source |
| CVE-2026-42583 | redhat_vex | netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder | fixed: 5 known affected: 36 known not affected: 87 | 2026-07-14T17:42:10+00:00 | Vulnerability · Source |
| CVE-2026-24308 | redhat_vex | Apache ZooKeeper: Apache ZooKeeper: Information disclosure via improper handling of configuration values | fixed: 6 known affected: 7 known not affected: 210 | 2026-07-14T17:41:40+00:00 | Vulnerability · Source |
| CVE-2026-62643 | redhat_vex | roundcubemail: Roundcube Webmail: Server-Side Request Forgery via insufficient CSS sanitization | known not affected: 1 | 2026-07-14T17:40:12+00:00 | Vulnerability · Source |
| CVE-2026-44825 | redhat_vex | solr: Apache Solr: Remote attacker gains administrative access via hardcoded credentials in Basic Authentication setup. | known not affected: 2 | 2026-07-14T17:38:46+00:00 | Vulnerability · Source |
| CVE-2026-52972 | redhat_vex | kernel: crypto: af_alg - Cap AEAD AD length to 0x80000000 | known affected: 232 known not affected: 42 | 2026-07-14T17:38:42+00:00 | Vulnerability · Source |