VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221679 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-34183 redhat_vex openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler fixed: 104 known affected: 1 known not affected: 52 2026-07-15T13:12:25+00:00 Vulnerability · Source
CVE-2026-34182 redhat_vex openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages fixed: 104 known affected: 1 known not affected: 52 2026-07-15T13:12:21+00:00 Vulnerability · Source
CVE-2026-31790 redhat_vex openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key fixed: 248 known affected: 6 known not affected: 48 under investigation: 1 2026-07-15T13:12:19+00:00 Vulnerability · Source
CVE-2026-5450 redhat_vex glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width fixed: 8703 known affected: 3 known not affected: 1 2026-07-15T13:12:16+00:00 Vulnerability · Source
CVE-2026-0915 redhat_vex glibc: glibc: Information disclosure via zero-valued network query fixed: 2047 known affected: 22 known not affected: 1008 2026-07-15T13:10:24+00:00 Vulnerability · Source
CVE-2025-5278 redhat_vex coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification fixed: 75 known affected: 8 known not affected: 11 2026-07-15T13:10:22+00:00 Vulnerability · Source
CVE-2026-45447 redhat_vex openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() fixed: 265 known affected: 14 known not affected: 42 under investigation: 4 2026-07-15T13:09:50+00:00 Vulnerability · Source
CVE-2026-4878 redhat_vex libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() fixed: 363 known affected: 7 known not affected: 3 under investigation: 1 2026-07-15T13:09:49+00:00 Vulnerability · Source
CVE-2026-15779 redhat_vex samba-winbind: samba: pam_winbind mkhomedir chowns critical system paths without validation known affected: 5 2026-07-15T13:06:57+00:00 Vulnerability · Source
CVE-2026-59874 redhat_vex tar: Node-tar: Denial of Service via malformed tar archive header known affected: 144 known not affected: 23 2026-07-15T13:01:00+00:00 Vulnerability · Source
CVE-2026-59873 redhat_vex tar: node-tar: Denial of Service via crafted gzip bomb known affected: 143 known not affected: 24 2026-07-15T13:00:57+00:00 Vulnerability · Source
CVE-2026-3832 redhat_vex gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response fixed: 209 known affected: 7 known not affected: 20 under investigation: 1 2026-07-15T12:50:11+00:00 Vulnerability · Source
CVE-2025-21834 redhat_vex kernel: seccomp: passthrough uretprobe systemcall without filtering known affected: 104 known not affected: 170 2026-07-15T12:50:10+00:00 Vulnerability · Source
CVE-2026-53537 redhat_vex multipart: Python-Multipart: Information disclosure via header parsing discrepancy known affected: 52 known not affected: 2 2026-07-15T12:50:07+00:00 Vulnerability · Source
CVE-2026-33551 redhat_vex openstack-keystone: OpenStack Keystone: Privilege escalation through EC2 credential creation fixed: 6 known affected: 6 known not affected: 11 2026-07-15T12:50:05+00:00 Vulnerability · Source
CVE-2026-25680 redhat_vex golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing fixed: 144 known affected: 489 known not affected: 170 under investigation: 2 2026-07-15T12:49:55+00:00 Vulnerability · Source
CVE-2026-42257 redhat_vex net-imap: Net::IMAP: Arbitrary IMAP command injection via CRLF sequences in unvalidated input fixed: 8 known affected: 134 2026-07-15T12:49:32+00:00 Vulnerability · Source
CVE-2026-46635 redhat_vex twig/twig: Twig: Information disclosure via column filter in template language known not affected: 1 2026-07-15T12:49:31+00:00 Vulnerability · Source
CVE-2026-47730 redhat_vex twig/twig: Twig: Cross-site Scripting (XSS) vulnerability in HTML profiler dump known not affected: 1 2026-07-15T12:49:30+00:00 Vulnerability · Source
CVE-2026-48808 redhat_vex twig/twig: Twig: Information Disclosure via Sandbox Bypass in Column Filter known not affected: 1 2026-07-15T12:49:30+00:00 Vulnerability · Source
CVE-2026-5078 redhat_vex morgan: morgan: Log forgery due to unneutralized control characters fixed: 4 known affected: 19 under investigation: 8 2026-07-15T12:49:30+00:00 Vulnerability · Source
CVE-2026-48805 redhat_vex twig/twig: Twig: Sandbox bypass vulnerability via deprecated internal wrappers known not affected: 1 2026-07-15T12:49:28+00:00 Vulnerability · Source
CVE-2026-9679 redhat_vex undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding fixed: 4 known affected: 73 2026-07-15T12:49:23+00:00 Vulnerability · Source
CVE-2026-48817 redhat_vex starlette: Starlette: Information disclosure and unintended method execution via non-standard HTTP methods known affected: 72 known not affected: 2 2026-07-15T12:49:22+00:00 Vulnerability · Source
CVE-2026-47241 redhat_vex net-imap: rubygem-net-imap: Net::IMAP: Denial of Service via malformed command input fixed: 8 known affected: 1 known not affected: 133 2026-07-15T12:49:17+00:00 Vulnerability · Source
CVE-2026-53539 redhat_vex python-multipart: Python-Multipart: Denial of Service via crafted form-urlencoded bodies known affected: 10 known not affected: 2 2026-07-15T12:49:16+00:00 Vulnerability · Source
CVE-2026-40683 redhat_vex OpenStack Keystone: OpenStack Keystone: Unauthorized access due to incorrect LDAP user status handling fixed: 3 known affected: 8 known not affected: 1 2026-07-15T12:48:59+00:00 Vulnerability · Source
CVE-2022-41724 redhat_vex golang: crypto/tls: large handshake records may cause panics fixed: 1716 known affected: 86 known not affected: 2714 2026-07-15T12:39:13+00:00 Vulnerability · Source
CVE-2026-53633 redhat_vex @vitest/browser: vite-plus: Vitest: Remote code execution via exposed Chrome DevTools Protocol API known not affected: 1 2026-07-15T12:35:56+00:00 Vulnerability · Source
CVE-2026-49978 redhat_vex dompurify: DOMPurify: Cross-site scripting vulnerability allows code execution known affected: 13 under investigation: 34 2026-07-15T12:32:55+00:00 Vulnerability · Source
CVE-2026-50651 redhat_vex dotnet: SocketsHttpHandler Http2Connection - HTTP/2 SETTINGS/PING ACK flood causing OOM fixed: 6 known affected: 10 known not affected: 17 under investigation: 130 2026-07-15T12:32:42+00:00 Vulnerability · Source
CVE-2026-23490 redhat_vex pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID fixed: 1821 known affected: 26 known not affected: 6113 2026-07-15T12:32:07+00:00 Vulnerability · Source
CVE-2026-25681 redhat_vex golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting fixed: 290 known affected: 414 known not affected: 523 under investigation: 2 2026-07-15T12:31:25+00:00 Vulnerability · Source
CVE-2026-48806 redhat_vex twig/twig: Twig: Information disclosure and limited data modification via sandbox bypass known not affected: 1 2026-07-15T12:29:14+00:00 Vulnerability · Source
CVE-2026-46633 redhat_vex twig/twig: Twig: Arbitrary code execution via crafted template name known not affected: 1 2026-07-15T12:29:13+00:00 Vulnerability · Source
CVE-2026-49981 redhat_vex twig/twig: Twig: Information disclosure via sandbox bypass known not affected: 1 2026-07-15T12:28:51+00:00 Vulnerability · Source
CVE-2026-46639 redhat_vex twig/twig: Twig: Sandbox bypass allows information disclosure and method invocation known not affected: 1 2026-07-15T12:27:46+00:00 Vulnerability · Source
CVE-2026-46638 redhat_vex twig/twig: Twig: Security bypass allows unauthorized template execution known not affected: 1 2026-07-15T12:25:18+00:00 Vulnerability · Source
CVE-2026-46640 redhat_vex twig/twig: Twig: Arbitrary code execution via improper handling of dynamic attributes known not affected: 1 2026-07-15T12:24:57+00:00 Vulnerability · Source
CVE-2026-48807 redhat_vex twig/twig: Twig: Sandbox bypass allows information disclosure known not affected: 1 2026-07-15T12:24:43+00:00 Vulnerability · Source
CVE-2026-47732 redhat_vex twig/twig: Twig: Security policy bypass leads to information disclosure known not affected: 1 2026-07-15T12:24:34+00:00 Vulnerability · Source
CVE-2026-8177 redhat_vex perl-XML-LibXML: XML::LibXML: Denial of Service via truncated UTF-8 in XML node names fixed: 39 known affected: 2 known not affected: 1 2026-07-15T12:23:45+00:00 Vulnerability · Source
CVE-2026-34881 redhat_vex openstack-glance: OpenStack Glance: Server-Side Request Forgery leading to unauthorized internal network access fixed: 3 known affected: 6 2026-07-15T12:23:36+00:00 Vulnerability · Source
CVE-2026-42790 redhat_vex erlang: Erlang OTP public_key: Certificate validation bypass allows hostname spoofing fixed: 30 known affected: 40 2026-07-15T12:20:32+00:00 Vulnerability · Source
CVE-2026-42789 redhat_vex erlang: Erlang OTP public_key: Certificate chain forgery via improper trust chain validation fixed: 30 known affected: 40 2026-07-15T12:20:28+00:00 Vulnerability · Source
CVE-2026-43001 redhat_vex OpenStack Keystone: OpenStack Keystone: Unauthorized cross-project access due to improper validation in EC2 credential creation fixed: 3 known affected: 5 known not affected: 4 2026-07-15T12:11:28+00:00 Vulnerability · Source
CVE-2026-42342 redhat_vex react-router: @remix-run/server-runtime: React Router / Remix: Denial of Service via unbounded path expansion in __manifest endpoint known affected: 148 known not affected: 26 2026-07-15T10:31:14+00:00 Vulnerability · Source
CVE-2026-45736 redhat_vex ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray` fixed: 29 known affected: 58 known not affected: 383 2026-07-15T10:31:05+00:00 Vulnerability · Source
CVE-2026-43514 redhat_vex tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy fixed: 4 known affected: 28 2026-07-15T10:19:37+00:00 Vulnerability · Source
CVE-2026-47736 redhat_vex puma: Puma: Denial of Service due to unbounded memory growth in PROXY protocol v1 known not affected: 19 2026-07-15T10:17:11+00:00 Vulnerability · Source