VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221785 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-54903 | redhat_vex | oj: Oj: Heap corruption and Denial of Service via integer overflow in JSON parsing | known not affected: 1 | 2026-07-07T10:34:00+00:00 | Vulnerability · Source |
| CVE-2026-54897 | redhat_vex | oj: Oj: Use-After-Free in Oj::Doc Iterators via reentrant close | known not affected: 1 | 2026-07-07T10:32:36+00:00 | Vulnerability · Source |
| CVE-2026-54896 | redhat_vex | oj: Oj: Heap buffer overflow in exception serialization | known not affected: 1 | 2026-07-07T10:32:29+00:00 | Vulnerability · Source |
| CVE-2026-54899 | redhat_vex | oj: Oj: Use-After-Free in parser symbol key cache toggle | known not affected: 1 | 2026-07-07T10:27:12+00:00 | Vulnerability · Source |
| CVE-2022-36033 | redhat_vex | jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled | fixed: 136 known affected: 25 known not affected: 12 | 2026-07-07T09:58:51+00:00 | Vulnerability · Source |
| CVE-2021-22573 | redhat_vex | google-oauth-client: Token signature not verified | fixed: 4 known affected: 7 known not affected: 8 | 2026-07-07T09:23:35+00:00 | Vulnerability · Source |
| CVE-2026-53094 | redhat_vex | kernel: bpf: Fix stale offload->prog pointer after constant blinding | known affected: 184 known not affected: 90 | 2026-07-07T08:50:32+00:00 | Vulnerability · Source |
| CVE-2026-41240 | redhat_vex | DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization | fixed: 49 known affected: 19 known not affected: 386 | 2026-07-07T07:59:56+00:00 | Vulnerability · Source |
| CVE-2026-44580 | redhat_vex | next.js: Next.js: Cross-site scripting allows arbitrary code execution via untrusted script content | known affected: 6 known not affected: 59 | 2026-07-07T07:57:08+00:00 | Vulnerability · Source |
| CVE-2026-44581 | redhat_vex | next.js: Next.js: Stored Cross-Site Scripting via malformed nonce values in cached responses | known affected: 22 | 2026-07-07T07:57:01+00:00 | Vulnerability · Source |
| CVE-2026-12491 | redhat_vex | vllm: vllm: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations | known affected: 28 | 2026-07-07T07:44:28+00:00 | Vulnerability · Source |
| CVE-2026-44288 | redhat_vex | protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences | known affected: 44 known not affected: 1 | 2026-07-07T06:26:33+00:00 | Vulnerability · Source |
| CVE-2026-45991 | redhat_vex | kernel: udf: fix partition descriptor append bookkeeping | known affected: 232 known not affected: 28 under investigation: 14 | 2026-07-07T06:18:03+00:00 | Vulnerability · Source |
| CVE-2026-54231 | redhat_vex | abrt: unsanitized systemd journal content written to dump directory files enables content injection | known affected: 59 | 2026-07-07T05:17:10+00:00 | Vulnerability · Source |
| CVE-2026-3184 | redhat_vex | util-linux: util-linux: Access control bypass due to improper hostname canonicalization | fixed: 3 known not affected: 56 | 2026-07-07T04:11:59+00:00 | Vulnerability · Source |
| CVE-2025-69277 | redhat_vex | libsodium: pynacl: libsodium: Improper validation of elliptic curve points could lead to data integrity or information disclosure. | fixed: 4 known affected: 211 | 2026-07-07T03:40:58+00:00 | Vulnerability · Source |
| CVE-2025-67873 | redhat_vex | capstone: Capstone: Heap buffer overflow via skipdata callback allows denial of service or arbitrary code execution. | fixed: 238 known not affected: 129 | 2026-07-07T03:40:32+00:00 | Vulnerability · Source |
| CVE-2026-40227 | redhat_vex | systemd: systemd: Denial of Service via malicious IPC API call with null element | fixed: 4 known not affected: 131 | 2026-07-07T02:37:39+00:00 | Vulnerability · Source |
| CVE-2026-26131 | redhat_vex | dotnet: .NET: Privilege escalation via incorrect default permissions | fixed: 1 known affected: 30 known not affected: 124 | 2026-07-07T02:32:12+00:00 | Vulnerability · Source |
| CVE-2026-12243 | redhat_vex | nltk: NLTK: Information disclosure via path traversal vulnerability | known affected: 8 known not affected: 3 | 2026-07-07T02:27:32+00:00 | Vulnerability · Source |
| CVE-2026-12252 | redhat_vex | nltk: nltk: Arbitrary Code Execution via Untrusted JAR File Loading | known affected: 1 known not affected: 10 under investigation: 1 | 2026-07-07T02:17:56+00:00 | Vulnerability · Source |
| CVE-2025-62408 | redhat_vex | c-ares: c-ares: Denial of Service due to query termination after maximum attempts | fixed: 3 known affected: 88 | 2026-07-07T02:07:13+00:00 | Vulnerability · Source |
| CVE-2025-58436 | redhat_vex | cups: Slow client communication leads to a possible DoS attack | fixed: 32 known affected: 15 known not affected: 248 | 2026-07-07T02:02:32+00:00 | Vulnerability · Source |
| CVE-2025-40780 | redhat_vex | bind: Cache poisoning due to weak PRNG | fixed: 803 known not affected: 49 | 2026-07-07T01:52:20+00:00 | Vulnerability · Source |
| CVE-2025-40778 | redhat_vex | bind: Cache poisoning attacks with unsolicited RRs | fixed: 1369 known not affected: 439 | 2026-07-07T01:52:14+00:00 | Vulnerability · Source |
| CVE-2025-8291 | redhat_vex | cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked | fixed: 657 known affected: 88 known not affected: 36 | 2026-07-07T01:47:17+00:00 | Vulnerability · Source |
| CVE-2025-8677 | redhat_vex | bind: Resource exhaustion via malformed DNSKEY handling | fixed: 392 known not affected: 59 | 2026-07-07T01:47:09+00:00 | Vulnerability · Source |
| CVE-2025-58060 | redhat_vex | cups: Authentication Bypass in CUPS Authorization Handling | fixed: 1004 known affected: 6 known not affected: 15 | 2026-07-07T01:42:22+00:00 | Vulnerability · Source |
| CVE-2025-58364 | redhat_vex | cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS | fixed: 586 known affected: 15 known not affected: 15 | 2026-07-07T01:42:21+00:00 | Vulnerability · Source |
| CVE-2026-39827 | microsoft_vex | Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh | fixed: 16 known affected: 21 known not affected: 2 | 2026-07-07T01:40:36+00:00 | Vulnerability · Source |
| CVE-2026-25681 | microsoft_vex | Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html | fixed: 35 known affected: 44 known not affected: 2 | 2026-07-07T01:40:29+00:00 | Vulnerability · Source |
| CVE-2025-7039 | redhat_vex | glib: Buffer Under-read on GLib through glib/gfileutils.c via get_tmp_file() | fixed: 3 known affected: 64 | 2026-07-07T01:37:21+00:00 | Vulnerability · Source |
| CVE-2026-23216 | redhat_vex | kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() | fixed: 1776 known affected: 98 known not affected: 14 | 2026-07-07T01:20:50+00:00 | Vulnerability · Source |
| CVE-2026-14647 | microsoft_vex | onnx onnxruntime old.cc convPoolShapeInference_opset19 out-of-bounds | known affected: 1 | 2026-07-07T01:01:44+00:00 | Vulnerability · Source |
| CVE-2026-14604 | redhat_vex | assimp: Assimp: Denial of Service vulnerability in PLY Model Handler | known affected: 4 known not affected: 4 | 2026-07-07T00:38:09+00:00 | Vulnerability · Source |
| CVE-2026-22008 | redhat_vex | openjdk: Improved Arena allocations (Oracle CPU 2026-04) | fixed: 338 known affected: 39 known not affected: 201 | 2026-07-07T00:18:11+00:00 | Vulnerability · Source |
| CVE-2025-71305 | redhat_vex | kernel: drm/display/dp_mst: Add protection against 0 vcpi | known affected: 232 known not affected: 42 | 2026-07-07T00:04:15+00:00 | Vulnerability · Source |
| CVE-2026-46244 | redhat_vex | kernel: netfilter: nft_inner: Fix IPv6 inner_thoff desync | fixed: 1457 known affected: 22 known not affected: 90 | 2026-07-06T23:24:13+00:00 | Vulnerability · Source |
| CVE-2026-14570 | redhat_vex | Crypt::DSA: Crypt::DSA: Private key recovery due to biased random number generation | known not affected: 1 | 2026-07-06T22:08:36+00:00 | Vulnerability · Source |
| CVE-2026-11850 | redhat_vex | krb5: krb5: integer underflow in berval2tl_data() leads to heap out-of-bounds read | fixed: 3 known affected: 43 | 2026-07-06T22:00:27+00:00 | Vulnerability · Source |
| CVE-2026-9545 | redhat_vex | libcurl: libcurl: Information disclosure via cached SSL session and early data | known affected: 2 known not affected: 16 | 2026-07-06T21:43:18+00:00 | Vulnerability · Source |
| CVE-2026-48142 | redhat_vex | nginx: NGINX: Memory disclosure or denial of service via ngx_http_charset_module heap buffer over-read | fixed: 4 known affected: 54 | 2026-07-06T21:33:31+00:00 | Vulnerability · Source |
| CVE-2026-53305 | redhat_vex | kernel: usb: typec: ps883x: Fix Oops at unbind | known not affected: 274 | 2026-07-06T20:56:29+00:00 | Vulnerability · Source |
| CVE-2026-53304 | redhat_vex | kernel: scsi: sg: Resolve soft lockup issue when opening /dev/sgX | known affected: 274 | 2026-07-06T20:56:28+00:00 | Vulnerability · Source |
| CVE-2026-13323 | redhat_vex | openvsx: Open VSX Registry: Supply chain attack via cross-site scripting | known affected: 1 | 2026-07-06T20:56:21+00:00 | Vulnerability · Source |
| CVE-2026-52943 | redhat_vex | kernel: net: skbuff: fix missing zerocopy reference in pskb_carve helpers | known not affected: 274 | 2026-07-06T20:55:55+00:00 | Vulnerability · Source |
| CVE-2026-53316 | redhat_vex | kernel: drm/amd/ras: Fix NULL deref in ras_core_ras_interrupt_detected() | known not affected: 274 | 2026-07-06T20:44:48+00:00 | Vulnerability · Source |
| CVE-2026-53314 | redhat_vex | kernel: padata: Put CPU offline callback in ONLINE section to allow failure | known affected: 232 known not affected: 42 | 2026-07-06T20:44:44+00:00 | Vulnerability · Source |
| CVE-2026-53310 | redhat_vex | kernel: soc/tegra: cbb: Fix cross-fabric target timeout lookup | known affected: 76 known not affected: 198 | 2026-07-06T20:44:42+00:00 | Vulnerability · Source |
| CVE-2026-53311 | redhat_vex | kernel: fuse: fix uninit-value in fuse_dentry_revalidate() | known affected: 14 known not affected: 260 | 2026-07-06T20:44:39+00:00 | Vulnerability · Source |