VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221785 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-53144 | redhat_vex | kernel: drm/amdkfd: fix NULL dereference in get_queue_ids() | known not affected: 274 | 2026-07-07T16:45:39+00:00 | Vulnerability · Source |
| CVE-2026-14935 | redhat_vex | gstreamer: gstreamer: webrtcbin accepts remote SDP without a=fingerprint due to inverted presence check | known affected: 24 | 2026-07-07T16:24:23+00:00 | Vulnerability · Source |
| CVE-2026-58371 | redhat_vex | github.com/seaweedfs/seaweedfs: SeaweedFS: Information disclosure via unvalidated JSONP callback parameter | known affected: 1 | 2026-07-07T16:24:22+00:00 | Vulnerability · Source |
| CVE-2024-3884 | redhat_vex | undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded | fixed: 212 known affected: 5 known not affected: 2698 under investigation: 14 | 2026-07-07T15:54:08+00:00 | Vulnerability · Source |
| CVE-2026-24260 | redhat_vex | NVIDIA Container Toolkit: NVIDIA Container Toolkit: Privilege escalation and code execution via race condition | known not affected: 2 | 2026-07-07T15:51:11+00:00 | Vulnerability · Source |
| CVE-2026-13311 | redhat_vex | shell-quote: shell-quote/parse: shell-quote: Denial of Service due to inefficient input parsing | known affected: 57 known not affected: 24 | 2026-07-07T15:41:49+00:00 | Vulnerability · Source |
| CVE-2026-54316 | redhat_vex | claude-code: Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch | known affected: 1 | 2026-07-07T15:37:40+00:00 | Vulnerability · Source |
| CVE-2026-35397 | redhat_vex | jupyter-server: Jupyter Server: Unauthorized File Access via Path Traversal Vulnerability | known affected: 14 known not affected: 2 | 2026-07-07T15:31:38+00:00 | Vulnerability · Source |
| CVE-2026-44727 | redhat_vex | jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers | known affected: 14 known not affected: 2 | 2026-07-07T15:31:02+00:00 | Vulnerability · Source |
| CVE-2026-14620 | redhat_vex | webpack-dev-server: webpack-dev-server: Arbitrary file opening and denial of service via exposed developer endpoints | known affected: 80 | 2026-07-07T15:29:46+00:00 | Vulnerability · Source |
| CVE-2018-10902 | redhat_vex | kernel: MIDI driver race condition leads to a double-free | fixed: 554 known affected: 1 known not affected: 41 | 2026-07-07T15:28:16+00:00 | Vulnerability · Source |
| CVE-2026-38970 | redhat_vex | github.com/pdfcpu/pdfcpu: pdfcpu: Denial of Service via uncontrolled recursion in PDF parsing | known not affected: 1 | 2026-07-07T15:17:54+00:00 | Vulnerability · Source |
| CVE-2026-14534 | redhat_vex | fickling: python: fickling: Arbitrary code execution due to incomplete denylist in deserialization | known affected: 5 | 2026-07-07T15:16:29+00:00 | Vulnerability · Source |
| CVE-2026-54886 | redhat_vex | erlang: Erlang OTP ssh: Denial of Service via infinite loop in SFTP channel | known affected: 41 | 2026-07-07T15:12:28+00:00 | Vulnerability · Source |
| CVE-2026-41642 | redhat_vex | github.com/osrg/gobgp: golang: GoBGP: Denial of Service via malformed BGP UPDATE message | known not affected: 1 | 2026-07-07T15:10:48+00:00 | Vulnerability · Source |
| CVE-2026-42285 | redhat_vex | github.com/osrg/gobgp: golang: GoBGP: Denial of Service due to specially crafted BGP UPDATE message | known not affected: 1 | 2026-07-07T15:10:07+00:00 | Vulnerability · Source |
| CVE-2026-44628 | redhat_vex | DCMTK: DCMTK: Denial of Service via crafted query | known not affected: 1 | 2026-07-07T15:08:50+00:00 | Vulnerability · Source |
| CVE-2026-54891 | redhat_vex | erlang: Erlang SSL: Unauthenticated data injection during TLS handshake | known affected: 41 | 2026-07-07T15:06:33+00:00 | Vulnerability · Source |
| CVE-2026-55952 | redhat_vex | erlang: Erlang/OTP: Denial of Service in TLS 1.3 session ticket handling | known affected: 41 | 2026-07-07T15:00:42+00:00 | Vulnerability · Source |
| CVE-2026-14742 | redhat_vex | langgraph: Langgraph: Information Disclosure via Weak Hash in Task Result Cache | known affected: 7 | 2026-07-07T14:40:01+00:00 | Vulnerability · Source |
| CVE-2024-9341 | redhat_vex | Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library | fixed: 535 known affected: 4 known not affected: 2798 | 2026-07-07T14:24:52+00:00 | Vulnerability · Source |
| CVE-2026-46181 | redhat_vex | kernel: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() | fixed: 1457 known affected: 33 known not affected: 76 under investigation: 14 | 2026-07-07T14:15:12+00:00 | Vulnerability · Source |
| CVE-2026-41516 | redhat_vex | OP-TEE: OP-TEE: Information disclosure via Bleichenbacher-style padding oracle in RSA PKCS#1 v1.5 decryption | known not affected: 1 | 2026-07-07T13:46:43+00:00 | Vulnerability · Source |
| CVE-2026-42778 | redhat_vex | Apache MINA: deserialization of untrusted data (incomplete fix for CVE-2026-41409) | known affected: 5 known not affected: 22 | 2026-07-07T13:32:53+00:00 | Vulnerability · Source |
| CVE-2026-41409 | redhat_vex | Apache MINA: Apache MINA: Arbitrary code execution via incomplete deserialization fix | known affected: 8 known not affected: 19 | 2026-07-07T13:32:52+00:00 | Vulnerability · Source |
| CVE-2026-46303 | redhat_vex | kernel: isofs: validate Rock Ridge CE continuation extent against volume size | known affected: 76 known not affected: 198 | 2026-07-07T13:12:10+00:00 | Vulnerability · Source |
| CVE-2026-46323 | redhat_vex | kernel: Linux kernel: Use-After-Free in net/gro due to improper handling of zerocopy skbs | fixed: 1148 known affected: 78 known not affected: 112 | 2026-07-07T13:02:41+00:00 | Vulnerability · Source |
| CVE-2026-41515 | redhat_vex | optee_os: OP-TEE: Information disclosure via padding oracle in RSA-OAEP decryption | known not affected: 1 | 2026-07-07T12:43:08+00:00 | Vulnerability · Source |
| CVE-2026-41434 | redhat_vex | OP-TEE: OP-TEE: Denial of Service via unbounded recursion in PKCS#11 TA | known not affected: 1 | 2026-07-07T12:43:07+00:00 | Vulnerability · Source |
| CVE-2026-42546 | redhat_vex | OP-TEE: OP-TEE: Denial of Service due to resource leak in shared memory cleanup | known not affected: 1 | 2026-07-07T12:43:07+00:00 | Vulnerability · Source |
| CVE-2026-53763 | redhat_vex | OP-TEE: OP-TEE: Data integrity compromise due to integer overflow in AES-GCM | known not affected: 1 | 2026-07-07T12:42:17+00:00 | Vulnerability · Source |
| CVE-2026-44362 | redhat_vex | optee: OP-TEE: Subkey rollback protection bypass allows loading of unauthorized Trusted Applications | known not affected: 1 | 2026-07-07T12:42:14+00:00 | Vulnerability · Source |
| CVE-2026-41514 | redhat_vex | optee: OP-TEE: Information disclosure via padding oracle in RSA-OAEP decryption | known not affected: 1 | 2026-07-07T12:42:12+00:00 | Vulnerability · Source |
| CVE-2026-40257 | redhat_vex | optee: OP-TEE: Memory corruption due to heap overflow in ARM Crypto Extensions SHA-3 implementation | known not affected: 1 | 2026-07-07T12:42:03+00:00 | Vulnerability · Source |
| CVE-2025-49795 | redhat_vex | libxml: Null pointer dereference leads to Denial of service (DoS) | fixed: 57 known affected: 5 known not affected: 13 | 2026-07-07T12:21:30+00:00 | Vulnerability · Source |
| CVE-2026-48936 | redhat_vex | nodejs: Node.js: Local server can be started without network permission via Permission API flaw | fixed: 20 known affected: 40 | 2026-07-07T12:06:41+00:00 | Vulnerability · Source |
| CVE-2026-55686 | redhat_vex | github.com/containers/podman: Podman: Host filesystem modification via malicious container image WORKDIR symlink | fixed: 4 known affected: 37 | 2026-07-07T12:04:57+00:00 | Vulnerability · Source |
| CVE-2026-30923 | redhat_vex | libModSecurity3: ModSecurity: ModSecurity: Denial of Service via crafted query string parameter in t:hexDecode transformation | known not affected: 8 | 2026-07-07T11:48:27+00:00 | Vulnerability · Source |
| CVE-2026-44283 | redhat_vex | etcd: etcd: Authenticated user can bypass RBAC for unauthorized data access | known affected: 3 under investigation: 4 | 2026-07-07T11:42:22+00:00 | Vulnerability · Source |
| CVE-2026-41293 | redhat_vex | tomcat-coyote: Apache Tomcat: HTTP/2 request headers not validated | known affected: 66 known not affected: 2 under investigation: 14 | 2026-07-07T11:42:21+00:00 | Vulnerability · Source |
| CVE-2026-54902 | redhat_vex | Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback | known not affected: 1 | 2026-07-07T11:33:11+00:00 | Vulnerability · Source |
| CVE-2026-54901 | redhat_vex | Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking | known not affected: 1 | 2026-07-07T11:33:09+00:00 | Vulnerability · Source |
| CVE-2026-54502 | redhat_vex | Oj: Stack Buffer Overflow in Oj.dump via Large Indent | known not affected: 1 | 2026-07-07T11:33:08+00:00 | Vulnerability · Source |
| CVE-2026-8450 | redhat_vex | perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in send_file() | fixed: 6 known affected: 1 | 2026-07-07T11:25:14+00:00 | Vulnerability · Source |
| CVE-2026-14476 | redhat_vex | sssd: sssd: GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication bypass | known affected: 163 | 2026-07-07T11:09:15+00:00 | Vulnerability · Source |
| CVE-2026-14474 | redhat_vex | sssd: sssd: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation | known affected: 163 | 2026-07-07T11:09:08+00:00 | Vulnerability · Source |
| CVE-2026-54500 | redhat_vex | oj: Oj: Information disclosure via uninitialized stack memory read | known not affected: 1 | 2026-07-07T10:34:59+00:00 | Vulnerability · Source |
| CVE-2026-54898 | redhat_vex | oj: Oj: Denial of Service via input string mutation during JSON parsing | known not affected: 1 | 2026-07-07T10:34:55+00:00 | Vulnerability · Source |
| CVE-2026-54900 | redhat_vex | oj: Oj: Heap corruption via crafted JSON object key | known not affected: 1 | 2026-07-07T10:34:07+00:00 | Vulnerability · Source |
| CVE-2026-54592 | redhat_vex | oj: Oj: Denial of Service via deeply nested JSON input | known not affected: 1 | 2026-07-07T10:34:01+00:00 | Vulnerability · Source |