VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221754 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-52998 | microsoft_vex | netfilter: nfnetlink_osf: fix potential NULL dereference in ttl check | fixed: 1 known affected: 1 | 2026-07-09T14:40:04+00:00 | Vulnerability · Source |
| CVE-2026-53023 | microsoft_vex | fs/ntfs3: terminate the cached volume label after UTF-8 conversion | fixed: 1 known affected: 1 | 2026-07-09T14:39:55+00:00 | Vulnerability · Source |
| CVE-2026-53223 | microsoft_vex | net: guard timestamp cmsgs to real error queue skbs | fixed: 1 known affected: 1 | 2026-07-09T14:39:54+00:00 | Vulnerability · Source |
| CVE-2026-53075 | microsoft_vex | ppp: require CAP_NET_ADMIN in target netns for unattached ioctls | fixed: 1 known affected: 1 | 2026-07-09T14:39:47+00:00 | Vulnerability · Source |
| CVE-2026-12413 | microsoft_vex | IKEv2 Denial of Service via malformed fragmentation | fixed: 1 known affected: 1 | 2026-07-09T14:39:45+00:00 | Vulnerability · Source |
| CVE-2026-53011 | microsoft_vex | net/sched: taprio: fix use-after-free in advance_sched() on schedule switch | fixed: 1 known affected: 1 | 2026-07-09T14:39:39+00:00 | Vulnerability · Source |
| CVE-2026-50722 | microsoft_vex | IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload | fixed: 1 known affected: 1 | 2026-07-09T14:39:37+00:00 | Vulnerability · Source |
| CVE-2026-53077 | microsoft_vex | net/rds: Restrict use of RDS/IB to the initial network namespace | fixed: 1 known affected: 1 | 2026-07-09T14:39:30+00:00 | Vulnerability · Source |
| CVE-2026-50721 | microsoft_vex | IKEv1 Denial of Service via RSA-SHA1 (PKCS#1 Version 1.5 Encrypted) authentication payload | fixed: 1 known affected: 1 | 2026-07-09T14:39:28+00:00 | Vulnerability · Source |
| CVE-2026-52936 | microsoft_vex | crypto: jitterentropy - replace long-held spinlock with mutex | fixed: 1 known affected: 1 | 2026-07-09T14:39:21+00:00 | Vulnerability · Source |
| CVE-2026-12912 | microsoft_vex | Libtiff: libtiff: heap-based buffer overflow via crafted pixarlog-compressed tiff image | fixed: 1 known affected: 1 | 2026-07-09T14:39:20+00:00 | Vulnerability · Source |
| CVE-2026-53003 | microsoft_vex | pppoe: drop PFC frames | fixed: 1 known affected: 1 | 2026-07-09T14:39:13+00:00 | Vulnerability · Source |
| CVE-2026-14164 | microsoft_vex | Libarchive: double-free vulnerability in rar5 decompression logic via dangling filtered_buf pointer in init_unpack() | fixed: 1 known affected: 1 | 2026-07-09T14:39:11+00:00 | Vulnerability · Source |
| CVE-2026-53082 | microsoft_vex | net: hamradio: 6pack: fix uninit-value in sixpack_receive_buf | fixed: 1 known affected: 1 | 2026-07-09T14:39:05+00:00 | Vulnerability · Source |
| CVE-2026-52920 | microsoft_vex | netfilter: xt_policy: fix strict mode inbound policy matching | fixed: 1 known affected: 1 | 2026-07-09T14:38:56+00:00 | Vulnerability · Source |
| CVE-2026-53357 | microsoft_vex | Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del() | fixed: 1 known affected: 1 | 2026-07-09T14:38:55+00:00 | Vulnerability · Source |
| CVE-2026-53086 | microsoft_vex | net: bcmgenet: fix racing timeout handler | fixed: 1 known affected: 1 | 2026-07-09T14:38:48+00:00 | Vulnerability · Source |
| CVE-2026-37555 | microsoft_vex | An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) cast, but the WAV code path (line 235) and close path (line 167) were not. When samplesperblock (int) * blocks (int) exceeds INT_MAX, the 32-bit multiplication overflows before being assigned to sf.frames (sf_count_t/int64). With samplesperblock=50000 and blocks=50000, the product 2500000000 overflows to -1794967296. This causes incorrect frame count leading to heap buffer overflow or denial of service. Both values come from the WAV file header and are attacker-controlled. This issue was discovered after an incomplete fix for CVE-2022-33065. | fixed: 1 known affected: 2 | 2026-07-09T14:38:36+00:00 | Vulnerability · Source |
| CVE-2026-42765 | redhat_vex | openssl: NULL Dereference in Certificate Verification with OCSP Checking | known not affected: 1 | 2026-07-09T14:31:15+00:00 | Vulnerability · Source |
| CVE-2026-43303 | redhat_vex | kernel: mm/page_alloc: clear page->private in free_pages_prepare() | fixed: 1658 known affected: 36 known not affected: 76 | 2026-07-09T13:55:08+00:00 | Vulnerability · Source |
| CVE-2026-30892 | redhat_vex | crun: crun: Privilege escalation due to incorrect parsing of the `--user` option | fixed: 71 known affected: 1 known not affected: 2 | 2026-07-09T13:53:06+00:00 | Vulnerability · Source |
| CVE-2026-32289 | redhat_vex | html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals | fixed: 29 known affected: 354 | 2026-07-09T13:42:21+00:00 | Vulnerability · Source |
| CVE-2026-44332 | redhat_vex | github.com/gofiber/fiber: GoFiber: Remote Username Enumeration via BasicAuth Middleware Short-Circuit Evaluation | known not affected: 1 | 2026-07-09T13:35:03+00:00 | Vulnerability · Source |
| CVE-2026-59927 | redhat_vex | mistune: Mistune: Denial of Service via unbounded recursion in Markdown include directive | known affected: 1 under investigation: 24 | 2026-07-09T13:30:36+00:00 | Vulnerability · Source |
| CVE-2026-31488 | redhat_vex | kernel: drm/amd/display: Do not skip unrelated mode changes in DSC validation | fixed: 453 known affected: 98 known not affected: 42 | 2026-07-09T13:30:33+00:00 | Vulnerability · Source |
| CVE-2026-46150 | redhat_vex | kernel: fanotify: fix false positive on permission events | known affected: 274 | 2026-07-09T13:14:03+00:00 | Vulnerability · Source |
| CVE-2026-41606 | redhat_vex | Apache Thrift: Apache Thrift: Denial of Service via uncontrolled recursion | fixed: 36 known affected: 13 known not affected: 439 | 2026-07-09T13:07:23+00:00 | Vulnerability · Source |
| CVE-2026-41603 | redhat_vex | Apache Thrift: apache.com/apache/thrift: Apache Thrift: Security Bypass via Improper Certificate Hostname Validation | fixed: 36 known affected: 14 known not affected: 438 | 2026-07-09T13:07:08+00:00 | Vulnerability · Source |
| CVE-2025-3110 | redhat_vex | OpenVPN Access Server: OpenVPN Access Server: HTTP request smuggling via bare line-feed sequences in HTTP headers | known not affected: 1 | 2026-07-09T12:55:22+00:00 | Vulnerability · Source |
| CVE-2026-54591 | redhat_vex | asyncssh: AsyncSSH: Arbitrary file write via path traversal in SCP client | known not affected: 1 | 2026-07-09T12:45:11+00:00 | Vulnerability · Source |
| CVE-2026-59892 | redhat_vex | @opentelemetry/propagator-jaeger: OpenTelemetry JavaScript: Denial of Service via malformed HTTP header decoding | known affected: 11 | 2026-07-09T12:05:07+00:00 | Vulnerability · Source |
| CVE-2026-59928 | redhat_vex | mistune: Mistune: Denial of Service via crafted Markdown document with reference-link definitions | known affected: 25 | 2026-07-09T11:55:15+00:00 | Vulnerability · Source |
| CVE-2026-54267 | redhat_vex | @angular/core: Angular Client Hydration DOM Clobbering & Response-Cache Poisoning | known not affected: 81 | 2026-07-09T11:11:08+00:00 | Vulnerability · Source |
| CVE-2026-59691 | redhat_vex | gstreamer: gstreamer: rfbsrc/librfb Hextile heap out-of-bounds write with 16bpp framebuffer | known affected: 24 | 2026-07-09T11:06:10+00:00 | Vulnerability · Source |
| CVE-2026-59692 | redhat_vex | gstreamer: gstreamer: DTLS certificate Subject DN stack buffer overflow in openssl_verify_callback | known affected: 24 | 2026-07-09T11:05:32+00:00 | Vulnerability · Source |
| CVE-2026-53262 | redhat_vex | kernel: l2tp: pppol2tp: hold reference to session in pppol2tp_ioctl() | known affected: 274 | 2026-07-09T10:45:28+00:00 | Vulnerability · Source |
| CVE-2026-13201 | redhat_vex | kubevirt: virt-handler-rhel9: kubevirt: safepath symlink following in virt-handler enables notify socket hijacking and node-level VM disruption | known affected: 2 | 2026-07-09T10:20:24+00:00 | Vulnerability · Source |
| CVE-2026-11827 | redhat_vex | gitlab-ee: GitLab EE: Information disclosure via improper authorization controls | known affected: 4 | 2026-07-09T09:35:35+00:00 | Vulnerability · Source |
| CVE-2026-54906 | redhat_vex | concurrent-ruby: rubygem-concurrent-ruby: concurrent-ruby: Synchronization flaw in ReadWriteLock allows unauthorized lock release and denial of service | known not affected: 20 | 2026-07-09T09:22:36+00:00 | Vulnerability · Source |
| CVE-2026-54753 | redhat_vex | Nx: Nx: `nx graph` dev server permissive CORS policy | known affected: 7 | 2026-07-09T09:22:21+00:00 | Vulnerability · Source |
| CVE-2026-45692 | redhat_vex | github.com/caddyserver/caddy/v2: Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization | known not affected: 1 | 2026-07-09T09:22:01+00:00 | Vulnerability · Source |
| CVE-2026-46056 | redhat_vex | kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers | fixed: 762 known affected: 64 | 2026-07-09T09:21:00+00:00 | Vulnerability · Source |
| CVE-2026-53705 | redhat_vex | gstreamer1-plugins-good: GStreamer: Heap buffer overflow in WavPack decoder via integer overflow | fixed: 82 known affected: 2 | 2026-07-09T08:54:08+00:00 | Vulnerability · Source |
| CVE-2026-50021 | redhat_vex | pnpm: pnpm: Integrity bypass allows installation of altered packages via modified lockfile | known affected: 1 known not affected: 3 | 2026-07-09T08:44:40+00:00 | Vulnerability · Source |
| CVE-2026-50016 | redhat_vex | pnpm: pnpm: Arbitrary code execution due to path traversal in dependency aliases | known affected: 1 known not affected: 3 | 2026-07-09T08:40:10+00:00 | Vulnerability · Source |
| CVE-2026-55698 | redhat_vex | pnpm: pnpm: Arbitrary code execution via malicious package-manager lockfile | known affected: 1 known not affected: 3 | 2026-07-09T08:39:53+00:00 | Vulnerability · Source |
| CVE-2026-55697 | redhat_vex | pnpm: pnpm: Arbitrary code execution via improper handling of config dependencies | known affected: 1 known not affected: 3 | 2026-07-09T08:35:54+00:00 | Vulnerability · Source |
| CVE-2026-43866 | redhat_vex | camel-jms: Apache Camel JMS components: Arbitrary Exchange state injection | known affected: 1 known not affected: 1 | 2026-07-09T08:21:11+00:00 | Vulnerability · Source |
| CVE-2026-48995 | redhat_vex | pnpm: pnpm: Supply chain compromise from unverified dependencies | known affected: 1 known not affected: 3 | 2026-07-09T08:20:01+00:00 | Vulnerability · Source |
| CVE-2026-55700 | redhat_vex | pnpm: pnpm: Unauthorized file modification via crafted package manifest | known affected: 1 known not affected: 3 | 2026-07-09T08:10:40+00:00 | Vulnerability · Source |