VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221679 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-48524 | redhat_vex | python-pyjwt: PyJWT: Denial of Service via unverified JSON Web Token key IDs | known affected: 184 known not affected: 5 | 2026-07-15T05:04:22+00:00 | Vulnerability · Source |
| CVE-2026-12505 | redhat_vex | cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall | fixed: 143 known affected: 5 | 2026-07-15T04:44:40+00:00 | Vulnerability · Source |
| CVE-2025-43213 | redhat_vex | webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash | fixed: 509 known affected: 4 known not affected: 5 | 2026-07-15T03:16:38+00:00 | Vulnerability · Source |
| CVE-2021-47952 | redhat_vex | python-jsonpickle: python-jsonpickle: Arbitrary Code Execution via Malicious JSON Deserialization | known not affected: 2 | 2026-07-15T03:16:31+00:00 | Vulnerability · Source |
| CVE-2026-1207 | redhat_vex | Django: Django: SQL Injection via RasterField band index parameter | fixed: 122 known affected: 6 known not affected: 4552 | 2026-07-15T03:13:09+00:00 | Vulnerability · Source |
| CVE-2026-0877 | redhat_vex | firefox: thunderbird: Mitigation bypass in the DOM: Security component | fixed: 320 known affected: 7 | 2026-07-15T03:13:07+00:00 | Vulnerability · Source |
| CVE-2025-70974 | redhat_vex | fastjson: Fastjson: Remote Code Execution via JNDI Injection due to autoType mishandling | known not affected: 14 | 2026-07-15T03:13:03+00:00 | Vulnerability · Source |
| CVE-2025-43441 | redhat_vex | webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash | fixed: 482 known affected: 4 known not affected: 5 | 2026-07-15T03:12:35+00:00 | Vulnerability · Source |
| CVE-2026-8946 | redhat_vex | firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component | fixed: 260 known affected: 8 | 2026-07-15T03:00:00+00:00 | Vulnerability · Source |
| CVE-2026-48779 | redhat_vex | ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments | fixed: 101 known affected: 58 known not affected: 295 under investigation: 30 | 2026-07-15T03:00:00+00:00 | Vulnerability · Source |
| CVE-2026-45829 | redhat_vex | chromadb: ChromaDB Python Project: Arbitrary code execution via pre-authentication code injection | known not affected: 4 | 2026-07-15T03:00:00+00:00 | Vulnerability · Source |
| CVE-2026-13149 | redhat_vex | brace-expansion: Brace-expansion: Denial of Service due to exponential-time complexity | fixed: 12 known affected: 183 known not affected: 65 | 2026-07-15T03:00:00+00:00 | Vulnerability · Source |
| CVE-2026-24869 | redhat_vex | firefox: Use-after-free in the Layout: Scrolling and Overflow component | known not affected: 12 | 2026-07-15T02:42:36+00:00 | Vulnerability · Source |
| CVE-2026-2447 | redhat_vex | libvpx: Heap buffer overflow in libvpx | fixed: 721 known affected: 7 | 2026-07-15T02:42:24+00:00 | Vulnerability · Source |
| CVE-2026-23868 | redhat_vex | giflib: Giflib: Double-free vulnerability leading to memory corruption | fixed: 480 known affected: 3 | 2026-07-15T02:42:01+00:00 | Vulnerability · Source |
| CVE-2026-25521 | redhat_vex | locutus: Locutus is vulnerable to Prototype Pollution | known not affected: 6 | 2026-07-15T02:41:27+00:00 | Vulnerability · Source |
| CVE-2026-2797 | redhat_vex | firefox: thunderbird: Use-after-free in the JavaScript: GC component | known not affected: 18 | 2026-07-15T02:38:06+00:00 | Vulnerability · Source |
| CVE-2026-2759 | redhat_vex | firefox: thunderbird: Incorrect boundary conditions in the Graphics: ImageLib component | fixed: 320 known affected: 6 | 2026-07-15T02:38:02+00:00 | Vulnerability · Source |
| CVE-2026-2611 | redhat_vex | mlflow: MLflow: Arbitrary Code Execution via Improper Origin Validation | known not affected: 19 | 2026-07-15T02:37:51+00:00 | Vulnerability · Source |
| CVE-2026-2761 | redhat_vex | firefox: thunderbird: Sandbox escape in the Graphics: WebRender component | fixed: 320 known affected: 6 | 2026-07-15T02:36:52+00:00 | Vulnerability · Source |
| CVE-2026-2651 | redhat_vex | github.com/mlflow/mlflow: MLflow: Arbitrary code execution via unauthorized multipart upload access | known not affected: 19 | 2026-07-15T02:36:38+00:00 | Vulnerability · Source |
| CVE-2026-2766 | redhat_vex | firefox: thunderbird: Use-after-free in the JavaScript Engine: JIT component | fixed: 320 known affected: 8 | 2026-07-15T02:36:21+00:00 | Vulnerability · Source |
| CVE-2026-31837 | redhat_vex | istio: Istio: Information disclosure and authentication bypass via JWKS resolver unavailability | fixed: 36 known affected: 9 known not affected: 271 | 2026-07-15T02:32:38+00:00 | Vulnerability · Source |
| CVE-2026-33870 | redhat_vex | io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values | fixed: 67 known affected: 33 known not affected: 460 | 2026-07-15T02:26:36+00:00 | Vulnerability · Source |
| CVE-2026-37555 | redhat_vex | libsndfile: integer overflow in ima_reader_init() | fixed: 328 known affected: 7 | 2026-07-15T02:23:27+00:00 | Vulnerability · Source |
| CVE-2026-3505 | redhat_vex | bouncycastle: BC-JAVA: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion | fixed: 17 known affected: 14 known not affected: 218 | 2026-07-15T02:23:21+00:00 | Vulnerability · Source |
| CVE-2026-41044 | redhat_vex | org.apache.activemq/activemq-broker: org.apache.activemq/activemq-all: Apache ActiveMQ: Arbitrary code execution via improper input validation in admin console | known affected: 1 known not affected: 13 | 2026-07-15T02:22:26+00:00 | Vulnerability · Source |
| CVE-2026-40860 | redhat_vex | Apache Camel: camel-jms: camel-sjms: camel-sjms2: camel-amqp: camel-activemq: camel-activemq6: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage | fixed: 2 known affected: 2 known not affected: 7 | 2026-07-15T02:22:22+00:00 | Vulnerability · Source |
| CVE-2026-42258 | redhat_vex | ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments | fixed: 1913 known affected: 3 known not affected: 11 under investigation: 9 | 2026-07-15T02:17:56+00:00 | Vulnerability · Source |
| CVE-2026-4698 | redhat_vex | firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component | fixed: 320 known affected: 8 | 2026-07-15T02:07:35+00:00 | Vulnerability · Source |
| CVE-2026-58253 | microsoft_vex | NATS Server: Route API Auth Bypass | fixed: 1 known affected: 1 | 2026-07-15T01:41:30+00:00 | Vulnerability · Source |
| CVE-2026-58209 | microsoft_vex | NATS Server: MQTT retained and QoS replay bypass subscribe deny filters | fixed: 1 known affected: 1 | 2026-07-15T01:41:23+00:00 | Vulnerability · Source |
| CVE-2026-58252 | microsoft_vex | NATS Server: Subscribe Authz Bypass via Wildcard-Overlap | fixed: 1 known affected: 1 | 2026-07-15T01:41:15+00:00 | Vulnerability · Source |
| CVE-2026-58250 | microsoft_vex | NATS Server: Pre-auth server crash via double INFO in leafnode handshake | fixed: 1 known affected: 1 | 2026-07-15T01:41:08+00:00 | Vulnerability · Source |
| CVE-2026-58208 | microsoft_vex | NATS Server: MQTT-over-WebSocket Path Can Crash WebSocket-Only JetStream Servers Before MQTT Is Enabled | fixed: 1 known affected: 1 | 2026-07-15T01:41:00+00:00 | Vulnerability · Source |
| CVE-2026-58251 | microsoft_vex | NATS Server: Queue Subscribe Authz Bypass | fixed: 1 known affected: 1 | 2026-07-15T01:40:53+00:00 | Vulnerability · Source |
| CVE-2026-58207 | microsoft_vex | NATS Server: Remote crash via integer overflow in Connz pagination | fixed: 1 known affected: 1 | 2026-07-15T01:40:45+00:00 | Vulnerability · Source |
| CVE-2026-56288 | microsoft_vex | NULL Pointer Dereference in GNU patch | fixed: 1 known affected: 2 | 2026-07-15T01:40:21+00:00 | Vulnerability · Source |
| CVE-2026-56289 | microsoft_vex | Loop with Unreachable Exit Condition in GNU patch | fixed: 1 known affected: 2 | 2026-07-15T01:40:12+00:00 | Vulnerability · Source |
| CVE-2026-43966 | microsoft_vex | HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2 | fixed: 1 known affected: 2 | 2026-07-15T01:39:37+00:00 | Vulnerability · Source |
| CVE-2026-44839 | microsoft_vex | RabbitMQ: Unsanitized vhost names allow for XSS in management UI | fixed: 1 known affected: 3 | 2026-07-15T01:39:24+00:00 | Vulnerability · Source |
| CVE-2025-44904 | microsoft_vex | hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function. | fixed: 1 known affected: 4 | 2026-07-15T01:39:09+00:00 | Vulnerability · Source |
| CVE-2026-52969 | redhat_vex | kernel: KVM: Reject wrapped offset in kvm_reset_dirty_gfn() | known not affected: 274 | 2026-07-15T01:25:51+00:00 | Vulnerability · Source |
| CVE-2026-52910 | redhat_vex | kernel: bpf: Free reuseport cBPF prog after RCU grace period | known affected: 246 known not affected: 28 | 2026-07-15T01:12:54+00:00 | Vulnerability · Source |
| CVE-2026-53437 | redhat_vex | jenkins: Jenkins: Phishing attack via improper redirect URL validation | known affected: 1 | 2026-07-15T01:11:23+00:00 | Vulnerability · Source |
| CVE-2026-6748 | redhat_vex | firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component | fixed: 368 known affected: 8 | 2026-07-15T01:08:09+00:00 | Vulnerability · Source |
| CVE-2026-8389 | redhat_vex | firefox: JIT miscompilation in the JavaScript Engine: JIT component | known not affected: 12 | 2026-07-15T01:08:05+00:00 | Vulnerability · Source |
| CVE-2026-8388 | redhat_vex | firefox: thunderbird: Incorrect boundary conditions in the JavaScript Engine: JIT component | fixed: 260 known affected: 8 | 2026-07-15T01:08:02+00:00 | Vulnerability · Source |
| CVE-2026-8947 | redhat_vex | firefox: thunderbird: Use-after-free in the DOM: Bindings (WebIDL) component | fixed: 260 known affected: 8 | 2026-07-15T01:07:59+00:00 | Vulnerability · Source |
| CVE-2026-8948 | redhat_vex | firefox: thunderbird: Same-origin policy bypass in the DOM: Networking component | known not affected: 23 | 2026-07-15T01:07:56+00:00 | Vulnerability · Source |