VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221665 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-52969 | redhat_vex | kernel: KVM: Reject wrapped offset in kvm_reset_dirty_gfn() | known not affected: 274 | 2026-07-15T01:25:51+00:00 | Vulnerability · Source |
| CVE-2025-14813 | redhat_vex | bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly | fixed: 31 known affected: 35 known not affected: 494 | 2026-07-15T01:16:11+00:00 | Vulnerability · Source |
| CVE-2026-52910 | redhat_vex | kernel: bpf: Free reuseport cBPF prog after RCU grace period | known affected: 246 known not affected: 28 | 2026-07-15T01:12:54+00:00 | Vulnerability · Source |
| CVE-2026-53437 | redhat_vex | jenkins: Jenkins: Phishing attack via improper redirect URL validation | known affected: 1 | 2026-07-15T01:11:23+00:00 | Vulnerability · Source |
| CVE-2026-6748 | redhat_vex | firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component | fixed: 368 known affected: 8 | 2026-07-15T01:08:09+00:00 | Vulnerability · Source |
| CVE-2026-9697 | redhat_vex | undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy | fixed: 132 known affected: 37 known not affected: 149 | 2026-07-15T01:08:07+00:00 | Vulnerability · Source |
| CVE-2026-8389 | redhat_vex | firefox: JIT miscompilation in the JavaScript Engine: JIT component | known not affected: 12 | 2026-07-15T01:08:05+00:00 | Vulnerability · Source |
| CVE-2026-8388 | redhat_vex | firefox: thunderbird: Incorrect boundary conditions in the JavaScript Engine: JIT component | fixed: 260 known affected: 8 | 2026-07-15T01:08:02+00:00 | Vulnerability · Source |
| CVE-2026-8947 | redhat_vex | firefox: thunderbird: Use-after-free in the DOM: Bindings (WebIDL) component | fixed: 260 known affected: 8 | 2026-07-15T01:07:59+00:00 | Vulnerability · Source |
| CVE-2026-8948 | redhat_vex | firefox: thunderbird: Same-origin policy bypass in the DOM: Networking component | known not affected: 23 | 2026-07-15T01:07:56+00:00 | Vulnerability · Source |
| CVE-2026-8401 | redhat_vex | firefox: thunderbird: Sandbox escape in the Profile Backup component | fixed: 260 known affected: 8 | 2026-07-15T01:07:42+00:00 | Vulnerability · Source |
| CVE-2026-8975 | redhat_vex | firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 | fixed: 260 known affected: 8 | 2026-07-15T01:07:31+00:00 | Vulnerability · Source |
| CVE-2026-6749 | redhat_vex | firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component | fixed: 368 known affected: 8 | 2026-07-15T01:07:25+00:00 | Vulnerability · Source |
| CVE-2026-6734 | redhat_vex | undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing | fixed: 132 known affected: 35 known not affected: 151 | 2026-07-15T01:06:46+00:00 | Vulnerability · Source |
| CVE-2026-8391 | redhat_vex | firefox: thunderbird: Other issue in the JavaScript Engine component | fixed: 260 known affected: 8 | 2026-07-15T01:06:35+00:00 | Vulnerability · Source |
| CVE-2026-6752 | redhat_vex | firefox: thunderbird: Incorrect boundary conditions in the WebRTC component | fixed: 368 known affected: 8 | 2026-07-15T01:06:22+00:00 | Vulnerability · Source |
| CVE-2026-15308 | microsoft_vex | Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations | known affected: 2 | 2026-07-15T01:03:21+00:00 | Vulnerability · Source |
| CVE-2026-57215 | microsoft_vex | RabbitMQ: Direct-reply-to binding persistence can lead to unauthorized reply-channel injection and persistent phantom | known affected: 1 | 2026-07-15T01:03:16+00:00 | Vulnerability · Source |
| CVE-2026-57211 | microsoft_vex | RabbitMQ: UNC SSRF affecting the management UI on Windows | known affected: 1 | 2026-07-15T01:03:10+00:00 | Vulnerability · Source |
| CVE-2026-57216 | microsoft_vex | RabbitMQ: AMQP 1.0, AMQP 0-9-1, Stream Protocol loopback enforcement can lead to remote guest sessions due to listener-address loopback checks | known affected: 1 | 2026-07-15T01:02:45+00:00 | Vulnerability · Source |
| CVE-2026-57213 | microsoft_vex | RabbitMQ: Stored XSS federation management plugin via unsanitized consumer_tag rendering | known affected: 1 | 2026-07-15T01:02:32+00:00 | Vulnerability · Source |
| CVE-2026-57217 | microsoft_vex | RabbitMQ: Topic authorization can lead to cross-tenant routing-key bypass | known affected: 1 | 2026-07-15T01:02:26+00:00 | Vulnerability · Source |
| CVE-2026-57220 | microsoft_vex | RabbitMQ: Stream listener does not enforce configured frame-size limit during authentication, permitting unauth'd mem-exhaust DoS | known affected: 1 | 2026-07-15T01:02:20+00:00 | Vulnerability · Source |
| CVE-2026-57219 | microsoft_vex | RabbitMQ: Unauthenticated disclosure of OAuth client credentials via an HTTP API endpoint with certain less common OAuth 2 configurations | known affected: 1 | 2026-07-15T01:02:14+00:00 | Vulnerability · Source |
| CVE-2026-59831 | microsoft_vex | GitHub CLI `gh codespace jupyter` could allow remote code execution when connecting to a malicious Codespace | known affected: 1 | 2026-07-15T01:02:07+00:00 | Vulnerability · Source |
| CVE-2026-59875 | microsoft_vex | node-tar: Uncaught Exception DoS via NUL byte in PAX path/linkpath records | known affected: 1 | 2026-07-15T01:01:52+00:00 | Vulnerability · Source |
| CVE-2026-42505 | microsoft_vex | Invoking Encrypted Client Hello privacy leak in crypto/tls | known affected: 2 | 2026-07-15T01:01:45+00:00 | Vulnerability · Source |
| CVE-2026-39822 | microsoft_vex | Root escape via symlink plus trailing slash in os | known affected: 2 | 2026-07-15T01:01:36+00:00 | Vulnerability · Source |
| CVE-2026-13221 | microsoft_vex | Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk | fixed: 1 known affected: 1 | 2026-07-15T01:01:27+00:00 | Vulnerability · Source |
| CVE-2026-57432 | microsoft_vex | Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack | fixed: 1 known affected: 1 | 2026-07-15T01:01:20+00:00 | Vulnerability · Source |
| CVE-2026-44431 | redhat_vex | urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers | fixed: 90 known affected: 142 known not affected: 505 | 2026-07-15T00:41:30+00:00 | Vulnerability · Source |
| CVE-2024-22047 | redhat_vex | audited: race condition can lead to audit logs being incorrectly attributed to the wrong user | fixed: 2 known not affected: 1862 | 2026-07-15T00:08:17+00:00 | Vulnerability · Source |
| CVE-2026-60103 | redhat_vex | blender: Blender: Denial of Service and information disclosure via crafted .blend file | known not affected: 1 | 2026-07-15T00:07:46+00:00 | Vulnerability · Source |
| CVE-2026-31790 | redhat_vex | openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key | fixed: 244 known affected: 6 known not affected: 47 under investigation: 1 | 2026-07-15T00:07:04+00:00 | Vulnerability · Source |
| CVE-2026-28390 | redhat_vex | openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing | fixed: 301 known affected: 307 known not affected: 283 under investigation: 7 | 2026-07-15T00:07:03+00:00 | Vulnerability · Source |
| CVE-2026-34980 | redhat_vex | cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network | fixed: 19 known affected: 15 known not affected: 261 | 2026-07-15T00:06:57+00:00 | Vulnerability · Source |
| CVE-2026-48914 | redhat_vex | qemu-kvm: Heap buffer overflow in virtio-blk SCSI request handling | fixed: 116 known affected: 59 | 2026-07-15T00:06:50+00:00 | Vulnerability · Source |
| CVE-2026-39246 | redhat_vex | decompress: decompress: arbitrary symlink creation during archive extraction leads to information disclosure | known affected: 4 | 2026-07-15T00:00:53+00:00 | Vulnerability · Source |
| CVE-2026-48523 | redhat_vex | python-pyjwt: PyJWT: Verifier-side algorithm bypass leads to unauthorized information access | fixed: 4 known affected: 179 known not affected: 18 | 2026-07-14T23:54:34+00:00 | Vulnerability · Source |
| CVE-2026-53550 | redhat_vex | js-yaml: js-yaml: Denial of Service via crafted YAML merge keys | fixed: 4 known affected: 138 known not affected: 50 | 2026-07-14T23:54:34+00:00 | Vulnerability · Source |
| CVE-2026-6637 | redhat_vex | postgresql: PostgreSQL: Arbitrary code execution vulnerability in 'refint' module | fixed: 559 known affected: 111 known not affected: 75 | 2026-07-14T23:41:18+00:00 | Vulnerability · Source |
| CVE-2026-6479 | redhat_vex | postgresql: PostgreSQL: Denial of Service via uncontrolled recursion in SSL/GSS negotiation | fixed: 306 known affected: 49 known not affected: 137 | 2026-07-14T23:41:15+00:00 | Vulnerability · Source |
| CVE-2026-45822 | redhat_vex | decode-uri-component: decode-uri-component: Denial of Service via crafted input | known affected: 13 known not affected: 30 | 2026-07-14T22:56:53+00:00 | Vulnerability · Source |
| CVE-2026-53016 | redhat_vex | kernel: crypto: ccp - copy IV using skcipher ivsize | fixed: 612 known affected: 70 known not affected: 42 | 2026-07-14T22:23:01+00:00 | Vulnerability · Source |
| CVE-2026-56117 | redhat_vex | dhcpcd: dhcpcd: Local heap use-after-free vulnerability leads to denial of service. | known affected: 1 | 2026-07-14T22:10:45+00:00 | Vulnerability · Source |
| CVE-2026-56113 | redhat_vex | dhcpcd: dhcpcd: Denial of Service via crafted DHCPv6 RENEW reply | known affected: 1 | 2026-07-14T22:05:55+00:00 | Vulnerability · Source |
| CVE-2026-56114 | redhat_vex | dhcpcd: dhcpcd: Denial of Service due to stack out-of-bounds write via crafted DHCPv6 message | known affected: 1 | 2026-07-14T22:05:53+00:00 | Vulnerability · Source |
| CVE-2026-47099 | redhat_vex | telejson: TeleJSON: Arbitrary code execution via DOM-based cross-site scripting | known affected: 5 | 2026-07-14T22:05:52+00:00 | Vulnerability · Source |
| CVE-2026-48864 | redhat_vex | libsolv: Heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data | fixed: 326 known affected: 11 known not affected: 1 | 2026-07-14T21:36:10+00:00 | Vulnerability · Source |
| CVE-2025-6170 | redhat_vex | libxml2: Stack Buffer Overflow in xmllint Interactive Shell Command Handling | fixed: 146 known affected: 12 | 2026-07-14T21:21:37+00:00 | Vulnerability · Source |