VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221683 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-42216 | redhat_vex | OpenEXR: OpenEXR: Information disclosure and denial of service via malformed EXR files | fixed: 214 known affected: 3 known not affected: 7 | 2026-07-13T23:11:46+00:00 | Vulnerability · Source |
| CVE-2026-41142 | redhat_vex | OpenEXR: OpenEXR: Arbitrary code execution via integer overflow in image resizing | fixed: 214 known not affected: 10 | 2026-07-13T23:11:42+00:00 | Vulnerability · Source |
| CVE-2026-56372 | redhat_vex | ImageMagick: ImageMagick: Information Disclosure and Denial of Service | known affected: 14 | 2026-07-13T22:25:36+00:00 | Vulnerability · Source |
| CVE-2026-61465 | redhat_vex | ImageMagick: ImageMagick: Denial of Service via crafted image due to missing memory allocation check | known affected: 14 | 2026-07-13T22:25:35+00:00 | Vulnerability · Source |
| CVE-2026-61858 | redhat_vex | ImageMagick: ImageMagick: Policy bypass allows unauthorized file writing via APNG encoder | known affected: 14 | 2026-07-13T22:15:55+00:00 | Vulnerability · Source |
| CVE-2026-61857 | redhat_vex | ImageMagick: ImageMagick: Application crashes via malicious XMP profiles | known affected: 14 | 2026-07-13T22:15:54+00:00 | Vulnerability · Source |
| CVE-2026-61861 | redhat_vex | ImageMagick: ImageMagick: Use-after-free vulnerability leading to denial of service or code execution | known affected: 14 | 2026-07-13T22:15:48+00:00 | Vulnerability · Source |
| CVE-2026-61870 | redhat_vex | ImageMagick: ImageMagick: Denial of Service via specially crafted VIFF images | known affected: 14 | 2026-07-13T22:15:46+00:00 | Vulnerability · Source |
| CVE-2025-61732 | redhat_vex | cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy | fixed: 5141 known affected: 3 known not affected: 985 | 2026-07-13T21:12:42+00:00 | Vulnerability · Source |
| CVE-2025-14087 | redhat_vex | glib: GLib: Buffer underflow in GVariant parser leads to heap corruption | fixed: 933 known affected: 20 known not affected: 24 under investigation: 1 | 2026-07-13T21:10:51+00:00 | Vulnerability · Source |
| CVE-2026-3833 | redhat_vex | gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison | fixed: 700 known affected: 12 known not affected: 55 under investigation: 1 | 2026-07-13T21:10:32+00:00 | Vulnerability · Source |
| CVE-2026-53489 | redhat_vex | github.com/containerd/containerd: containerd: Arbitrary host file read via symlink following in CRI checkpoint restore | fixed: 9 known affected: 17 known not affected: 187 under investigation: 4 | 2026-07-13T20:59:10+00:00 | Vulnerability · Source |
| CVE-2026-6845 | redhat_vex | binutils: Binutils: Denial of Service via crafted ELF file | fixed: 3 known affected: 73 | 2026-07-13T20:58:49+00:00 | Vulnerability · Source |
| CVE-2026-3442 | redhat_vex | binutils: GNU Binutils: Information disclosure or denial of service via out-of-bounds read in bfd linker | fixed: 3 known affected: 2 known not affected: 71 | 2026-07-13T20:58:44+00:00 | Vulnerability · Source |
| CVE-2026-6846 | redhat_vex | binutils: Binutils: Arbitrary code execution via malformed XCOFF object file processing | fixed: 3 known affected: 17 known not affected: 56 | 2026-07-13T20:58:34+00:00 | Vulnerability · Source |
| CVE-2026-6476 | redhat_vex | postgresql: PostgreSQL: SQL injection in pg_createsubscriber allows arbitrary SQL execution as superuser | fixed: 4 known not affected: 187 | 2026-07-13T20:58:34+00:00 | Vulnerability · Source |
| CVE-2026-3441 | redhat_vex | binutils: GNU Binutils: Information disclosure via specially crafted XCOFF object file | fixed: 3 known affected: 2 known not affected: 71 | 2026-07-13T20:58:29+00:00 | Vulnerability · Source |
| CVE-2025-11082 | redhat_vex | binutils: GNU Binutils Linker heap-based overflow | fixed: 97 known affected: 62 known not affected: 13 | 2026-07-13T20:58:29+00:00 | Vulnerability · Source |
| CVE-2025-11083 | redhat_vex | binutils: GNU Binutils Linker heap-based overflow | fixed: 700 known affected: 19 known not affected: 27 | 2026-07-13T20:58:29+00:00 | Vulnerability · Source |
| CVE-2026-27141 | redhat_vex | golang.org/x/net/http2: golang.org/x/net/http2: Denial of Service due to malformed HTTP/2 frames | fixed: 121 known affected: 2 known not affected: 160 under investigation: 278 | 2026-07-13T20:50:48+00:00 | Vulnerability · Source |
| CVE-2026-33245 | redhat_vex | react-router: React Router: Cross-Site Scripting vulnerability via untrusted React Server Component redirects | fixed: 44 known affected: 65 known not affected: 520 under investigation: 93 | 2026-07-13T19:20:43+00:00 | Vulnerability · Source |
| CVE-2026-34077 | redhat_vex | react-router: React Router: Denial of Service via client-side Cross-Site Scripting in RSC redirect handling | known affected: 65 known not affected: 8 under investigation: 101 | 2026-07-13T19:20:42+00:00 | Vulnerability · Source |
| CVE-2026-22979 | redhat_vex | kernel: Linux kernel: Memory leak in networking due to incorrect GRO packet handling | fixed: 303 known affected: 160 known not affected: 28 | 2026-07-13T17:39:20+00:00 | Vulnerability · Source |
| CVE-2025-27144 | redhat_vex | go-jose: Go JOSE's Parsing Vulnerable to Denial of Service | fixed: 796 known affected: 29 known not affected: 5241 | 2026-07-13T17:33:57+00:00 | Vulnerability · Source |
| CVE-2026-50031 | redhat_vex | freeipmi: FreeIPMI: Denial of service via buffer overflow in ipmi-oem client | fixed: 427 known affected: 9 | 2026-07-13T17:32:25+00:00 | Vulnerability · Source |
| CVE-2026-33554 | redhat_vex | freeipmi: buffer overflows on response messages via ipmi-oem | fixed: 561 known affected: 9 | 2026-07-13T17:32:25+00:00 | Vulnerability · Source |
| CVE-2026-43279 | redhat_vex | kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing | fixed: 1623 known affected: 64 | 2026-07-13T17:32:06+00:00 | Vulnerability · Source |
| CVE-2026-44289 | redhat_vex | protobufjs: protobufjs: Denial of Service via uncontrolled recursion in protobuf decoding | known affected: 33 known not affected: 8 | 2026-07-13T17:15:58+00:00 | Vulnerability · Source |
| CVE-2025-67030 | redhat_vex | org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method | fixed: 470 known affected: 214 known not affected: 357 | 2026-07-13T17:09:44+00:00 | Vulnerability · Source |
| CVE-2026-46152 | redhat_vex | kernel: wifi: mac80211: drop stray 'static' from fast-RX rx_result | fixed: 1300 known affected: 22 known not affected: 28 under investigation: 14 | 2026-07-13T17:07:03+00:00 | Vulnerability · Source |
| CVE-2026-45984 | redhat_vex | kernel: gfs2: Fix use-after-free in iomap inline data write path | fixed: 1041 known affected: 50 known not affected: 76 under investigation: 17 | 2026-07-13T17:06:53+00:00 | Vulnerability · Source |
| CVE-2026-4046 | redhat_vex | glibc: glibc: Denial of Service via iconv() function with specific character sets | fixed: 3045 known affected: 22 known not affected: 2 under investigation: 1 | 2026-07-13T16:37:08+00:00 | Vulnerability · Source |
| CVE-2025-47913 | redhat_vex | golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS | fixed: 1917 known affected: 86 known not affected: 827 under investigation: 1 | 2026-07-13T16:36:45+00:00 | Vulnerability · Source |
| CVE-2026-33845 | redhat_vex | gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment | fixed: 738 known affected: 1 known not affected: 67 under investigation: 1 | 2026-07-13T16:36:23+00:00 | Vulnerability · Source |
| CVE-2026-4437 | redhat_vex | glibc: glibc: Incorrect DNS response parsing via crafted DNS server response | fixed: 2028 known affected: 237 known not affected: 2 under investigation: 1 | 2026-07-13T16:27:53+00:00 | Vulnerability · Source |
| CVE-2026-42011 | redhat_vex | gnutls: gnutls: Security bypass due to incorrect name constraint handling | fixed: 700 known affected: 12 known not affected: 55 under investigation: 1 | 2026-07-13T16:27:30+00:00 | Vulnerability · Source |
| CVE-2026-33846 | redhat_vex | gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly | fixed: 738 known affected: 1 known not affected: 67 under investigation: 1 | 2026-07-13T16:26:36+00:00 | Vulnerability · Source |
| CVE-2026-39833 | redhat_vex | golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation | fixed: 143 known affected: 907 known not affected: 224 under investigation: 3 | 2026-07-13T16:23:24+00:00 | Vulnerability · Source |
| CVE-2026-44024 | redhat_vex | fluentd: Fluentd: Remote Code Execution via arbitrary file write due to insufficient tag validation | known not affected: 1 | 2026-07-13T16:20:42+00:00 | Vulnerability · Source |
| CVE-2026-4740 | redhat_vex | rhacm: Open Cluster Management (OCM): Cross-cluster privilege escalation via improper Kubernetes client certificate renewal validation | under investigation: 7 | 2026-07-13T16:01:17+00:00 | Vulnerability · Source |
| CVE-2026-54293 | redhat_vex | nltk: NLTK: Information Disclosure via Path Traversal in `nltk.data.load()` | known affected: 8 known not affected: 3 | 2026-07-13T15:56:32+00:00 | Vulnerability · Source |
| CVE-2026-56366 | redhat_vex | ImageMagick: ImageMagick: Denial of Service via memory leak in APP1JPEG image processing | known affected: 14 | 2026-07-13T15:27:12+00:00 | Vulnerability · Source |
| CVE-2026-56373 | redhat_vex | ImageMagick: ImageMagick: Use-after-free vulnerability in PDB decoder allows denial of service or limited data corruption. | known affected: 14 | 2026-07-13T15:26:59+00:00 | Vulnerability · Source |
| CVE-2026-54911 | redhat_vex | UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps() | known not affected: 1 | 2026-07-13T15:21:09+00:00 | Vulnerability · Source |
| CVE-2026-54518 | redhat_vex | jackson-databind: jackson-databind: Information disclosure and data manipulation via view-based access control bypass | known affected: 88 known not affected: 14 | 2026-07-13T15:16:19+00:00 | Vulnerability · Source |
| CVE-2026-59876 | redhat_vex | protobufjs: protobufjs: Prototype pollution vulnerability in Text Format extension | known not affected: 5 under investigation: 32 | 2026-07-13T15:16:15+00:00 | Vulnerability · Source |
| CVE-2026-59818 | redhat_vex | etcd: etcd: Authentication bypass due to improper Certificate Revocation List enforcement on gRPC listener | known affected: 4 | 2026-07-13T15:05:46+00:00 | Vulnerability · Source |
| CVE-2026-50168 | redhat_vex | @angular/platform-server: Angular @angular/platform-server: Server-Side Request Forgery (SSRF) via malformed URL parsing | known not affected: 1 | 2026-07-13T15:00:27+00:00 | Vulnerability · Source |
| CVE-2026-54514 | redhat_vex | jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution | known affected: 101 known not affected: 1 | 2026-07-13T14:55:58+00:00 | Vulnerability · Source |
| CVE-2026-58459 | redhat_vex | gpsd: gpsd: Command Injection via GPS device subtype allows arbitrary code execution | known affected: 7 | 2026-07-13T14:55:43+00:00 | Vulnerability · Source |