VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221679 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-54433 | redhat_vex | roundcubemail: Roundcube Webmail: Arbitrary code execution via zero-click cross-site scripting | known not affected: 1 | 2026-07-14T17:38:40+00:00 | Vulnerability · Source |
| CVE-2026-46316 | redhat_vex | kernel: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry | fixed: 1224 known affected: 24 known not affected: 90 | 2026-07-14T17:33:06+00:00 | Vulnerability · Source |
| CVE-2026-46242 | redhat_vex | kernel: eventpoll: fix ep_remove struct eventpoll / struct file UAF | fixed: 1504 known affected: 23 known not affected: 90 | 2026-07-14T17:33:00+00:00 | Vulnerability · Source |
| CVE-2026-43074 | redhat_vex | kernel: eventpoll: defer struct eventpoll free to RCU grace period | fixed: 1504 known affected: 22 known not affected: 76 under investigation: 14 | 2026-07-14T17:32:55+00:00 | Vulnerability · Source |
| CVE-2026-46116 | redhat_vex | kernel: xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete | fixed: 760 known affected: 126 under investigation: 14 | 2026-07-14T17:32:42+00:00 | Vulnerability · Source |
| CVE-2026-41159 | redhat_vex | mermaid: Mermaid: Information disclosure and page defacement via CSS injection | known affected: 3 | 2026-07-14T16:31:17+00:00 | Vulnerability · Source |
| CVE-2026-44897 | redhat_vex | mistune: Mistune: Cross-site scripting (XSS) via improper sanitization of HTML heading ID attribute | known affected: 23 known not affected: 2 | 2026-07-14T16:31:15+00:00 | Vulnerability · Source |
| CVE-2026-9358 | redhat_vex | postcss-selector-parser: Postcss: Denial of Service via uncontrolled recursion in AST Serialization | fixed: 4 known affected: 164 known not affected: 57 | 2026-07-14T16:31:03+00:00 | Vulnerability · Source |
| CVE-2026-53439 | redhat_vex | jenkins: Jenkins: Information Disclosure via Missing Permission Checks | known affected: 1 | 2026-07-14T16:30:56+00:00 | Vulnerability · Source |
| CVE-2026-52962 | redhat_vex | kernel: ceph: fix a buffer leak in __ceph_setxattr() | known affected: 260 known not affected: 14 | 2026-07-14T16:28:48+00:00 | Vulnerability · Source |
| CVE-2026-56140 | redhat_vex | org.apache.camel/camel-aws2-sns: Apache Camel AWS SNS Component: Defense-in-depth hardening due to improper input validation | known not affected: 4 | 2026-07-14T16:28:46+00:00 | Vulnerability · Source |
| CVE-2026-48775 | redhat_vex | langgraph: langgraph-checkpoint: LangGraph: Arbitrary code execution via insecure deserialization of modified checkpoint bytes | known affected: 7 | 2026-07-14T16:28:40+00:00 | Vulnerability · Source |
| CVE-2025-71330 | redhat_vex | image-size: image-size: Denial of Service via crafted ICNS image buffer | known affected: 28 | 2026-07-14T16:28:38+00:00 | Vulnerability · Source |
| CVE-2026-52963 | redhat_vex | kernel: ALSA: usb-audio: Bound MIDI endpoint descriptor scans | known affected: 246 known not affected: 28 | 2026-07-14T16:28:35+00:00 | Vulnerability · Source |
| CVE-2026-48776 | redhat_vex | langgraph: langgraph-sdk: LangGraph Python SDK: Unsafe URL path construction leads to unauthorized resource access | known affected: 7 | 2026-07-14T16:28:32+00:00 | Vulnerability · Source |
| CVE-2026-12199 | redhat_vex | nltk: NLTK: Remote unauthenticated denial of service in WordNet Browser HTTP server | known affected: 11 | 2026-07-14T16:28:27+00:00 | Vulnerability · Source |
| CVE-2026-52964 | redhat_vex | kernel: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans | known affected: 184 known not affected: 90 | 2026-07-14T16:28:24+00:00 | Vulnerability · Source |
| CVE-2026-10142 | redhat_vex | kafka-python: kafka-python: Denial of Service due to crafted frame length in protocol parser | known affected: 2 | 2026-07-14T16:28:14+00:00 | Vulnerability · Source |
| CVE-2025-71329 | redhat_vex | image-size: image-size: Denial of Service via crafted image buffer with zero-valued size field | known affected: 5 known not affected: 23 | 2026-07-14T16:28:13+00:00 | Vulnerability · Source |
| CVE-2026-42567 | redhat_vex | svelte: Svelte: Regular Expression Denial of Service (ReDoS) | known affected: 2 | 2026-07-14T16:28:09+00:00 | Vulnerability · Source |
| CVE-2026-10732 | redhat_vex | decompress: Decompress: Arbitrary file write leading to remote code execution via crafted ZIP archive (Zip Slip) | known affected: 6 known not affected: 16 | 2026-07-14T16:28:02+00:00 | Vulnerability · Source |
| CVE-2026-53364 | redhat_vex | kernel: Bluetooth: hci_conn: Fix memory leak in hci_le_big_terminate() | known affected: 184 known not affected: 90 | 2026-07-14T16:22:38+00:00 | Vulnerability · Source |
| CVE-2026-54060 | redhat_vex | python-pillow: Pillow: Denial of Service via excessive memory allocation when processing font files | fixed: 52 known affected: 79 known not affected: 5 | 2026-07-14T16:17:28+00:00 | Vulnerability · Source |
| CVE-2026-6653 | redhat_vex | libxml2: mingw-libxml2: libxml2: Denial of Service via crafted XML input due to use-after-free | known affected: 14 known not affected: 11 | 2026-07-14T16:17:24+00:00 | Vulnerability · Source |
| CVE-2026-55379 | redhat_vex | python-pillow: Pillow: Denial of Service via crafted BDF font file | fixed: 52 known affected: 79 known not affected: 5 | 2026-07-14T16:16:54+00:00 | Vulnerability · Source |
| CVE-2024-21529 | redhat_vex | dset: Prototype Pollution | fixed: 1 known not affected: 4 | 2026-07-14T16:06:30+00:00 | Vulnerability · Source |
| CVE-2026-40977 | redhat_vex | Spring Boot: Spring Boot: Local file corruption via PID file manipulation | fixed: 1 known affected: 21 | 2026-07-14T16:03:28+00:00 | Vulnerability · Source |
| CVE-2026-42041 | redhat_vex | axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling | fixed: 142 known affected: 37 known not affected: 2448 | 2026-07-14T15:56:21+00:00 | Vulnerability · Source |
| CVE-2026-48815 | redhat_vex | sigstore: Sigstore: Unauthorized certificates accepted due to ignored `certificateOIDs` verification option | known not affected: 1 | 2026-07-14T15:46:44+00:00 | Vulnerability · Source |
| CVE-2026-48816 | redhat_vex | sigstore-js: sigstore-js: Insufficient verification of data authenticity allows timestamp manipulation | known not affected: 1 | 2026-07-14T15:46:35+00:00 | Vulnerability · Source |
| CVE-2026-48758 | redhat_vex | sigstore-core: @sigstore/core: Signature bypass due to incorrect encoding in preAuthEncoding | known not affected: 1 | 2026-07-14T15:46:28+00:00 | Vulnerability · Source |
| CVE-2026-35172 | redhat_vex | github.com/distribution/distribution: Distribution: Information disclosure via stale references after content deletion | fixed: 122 known affected: 3 known not affected: 2374 under investigation: 4 | 2026-07-14T15:41:22+00:00 | Vulnerability · Source |
| CVE-2026-44973 | redhat_vex | github.com/go-git/go-billy: Go-billy: Arbitrary file access due to path traversal vulnerability | under investigation: 2 | 2026-07-14T15:41:04+00:00 | Vulnerability · Source |
| CVE-2026-44293 | redhat_vex | protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors | fixed: 29 known affected: 20 known not affected: 2159 | 2026-07-14T15:21:20+00:00 | Vulnerability · Source |
| CVE-2026-9595 | redhat_vex | webpack-dev-server: webpack-dev-server: Information disclosure and denial of service via improper proxy configuration | fixed: 12 known affected: 68 known not affected: 1972 | 2026-07-14T15:21:03+00:00 | Vulnerability · Source |
| CVE-2026-11332 | redhat_vex | ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution | known affected: 47 under investigation: 12 | 2026-07-14T15:01:48+00:00 | Vulnerability · Source |
| CVE-2026-39245 | redhat_vex | decompress: decompress: path traversal via indexOf containment bypass allows arbitrary file write (bypass of CVE-2020-12265 fix) | fixed: 3 known affected: 1 known not affected: 2 | 2026-07-14T14:58:03+00:00 | Vulnerability · Source |
| CVE-2026-42771 | redhat_vex | openssl: Possible Out of Bounds Read in X509_VERIFY_PARAM_set1_email() | known affected: 56 known not affected: 5 | 2026-07-14T14:21:22+00:00 | Vulnerability · Source |
| CVE-2026-15605 | redhat_vex | wandb: wandb: Information disclosure due to weak hash in artifact integrity validation | known affected: 3 | 2026-07-14T14:14:12+00:00 | Vulnerability · Source |
| CVE-2025-8224 | redhat_vex | binutils: Binutils BFD Null Pointer Dereference | known affected: 10 known not affected: 67 | 2026-07-14T14:14:03+00:00 | Vulnerability · Source |
| CVE-2025-66382 | redhat_vex | libexpat: libexpat: Denial of service via crafted file processing | known affected: 44 | 2026-07-14T14:14:03+00:00 | Vulnerability · Source |
| CVE-2025-26465 | redhat_vex | openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled | fixed: 285 known affected: 18 known not affected: 9 | 2026-07-14T14:13:58+00:00 | Vulnerability · Source |
| CVE-2025-46836 | redhat_vex | net-tools: net-tools Stack Buffer Overflow | known affected: 4 known not affected: 2 | 2026-07-14T14:13:56+00:00 | Vulnerability · Source |
| CVE-2025-7545 | redhat_vex | binutils: Binutils: Heap Buffer Overflow | known affected: 53 known not affected: 24 | 2026-07-14T14:13:05+00:00 | Vulnerability · Source |
| CVE-2026-23103 | redhat_vex | kernel: ipvlan: Make the addrs_lock be per port | known affected: 232 known not affected: 42 | 2026-07-14T14:13:03+00:00 | Vulnerability · Source |
| CVE-2026-22992 | redhat_vex | kernel: libceph: return the handler error from mon_handle_auth_done() | known affected: 232 known not affected: 42 | 2026-07-14T14:13:02+00:00 | Vulnerability · Source |
| CVE-2026-22980 | redhat_vex | kernel: nfsd: provide locking for v4_end_grace | known affected: 274 | 2026-07-14T14:12:58+00:00 | Vulnerability · Source |
| CVE-2026-41080 | redhat_vex | libexpat: expat: libexpat: Denial of Service via hash flooding with crafted XML | fixed: 3 known affected: 21 | 2026-07-14T14:07:47+00:00 | Vulnerability · Source |
| CVE-2026-23273 | redhat_vex | kernel: macvlan: observe an RCU grace period in macvlan_common_newlink() error path | known affected: 14 known not affected: 260 | 2026-07-14T14:07:45+00:00 | Vulnerability · Source |
| CVE-2026-46174 | redhat_vex | kernel: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache | known affected: 260 known not affected: 14 | 2026-07-14T14:07:44+00:00 | Vulnerability · Source |