VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221677 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-57219 | microsoft_vex | RabbitMQ: Unauthenticated disclosure of OAuth client credentials via an HTTP API endpoint with certain less common OAuth 2 configurations | known affected: 1 | 2026-07-15T01:02:14+00:00 | Vulnerability · Source |
| CVE-2026-59831 | microsoft_vex | GitHub CLI `gh codespace jupyter` could allow remote code execution when connecting to a malicious Codespace | known affected: 1 | 2026-07-15T01:02:07+00:00 | Vulnerability · Source |
| CVE-2026-59875 | microsoft_vex | node-tar: Uncaught Exception DoS via NUL byte in PAX path/linkpath records | known affected: 1 | 2026-07-15T01:01:52+00:00 | Vulnerability · Source |
| CVE-2026-42505 | microsoft_vex | Invoking Encrypted Client Hello privacy leak in crypto/tls | known affected: 2 | 2026-07-15T01:01:45+00:00 | Vulnerability · Source |
| CVE-2026-39822 | microsoft_vex | Root escape via symlink plus trailing slash in os | known affected: 2 | 2026-07-15T01:01:36+00:00 | Vulnerability · Source |
| CVE-2026-13221 | microsoft_vex | Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk | fixed: 1 known affected: 1 | 2026-07-15T01:01:27+00:00 | Vulnerability · Source |
| CVE-2026-57432 | microsoft_vex | Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack | fixed: 1 known affected: 1 | 2026-07-15T01:01:20+00:00 | Vulnerability · Source |
| CVE-2024-22047 | redhat_vex | audited: race condition can lead to audit logs being incorrectly attributed to the wrong user | fixed: 2 known not affected: 1862 | 2026-07-15T00:08:17+00:00 | Vulnerability · Source |
| CVE-2026-60103 | redhat_vex | blender: Blender: Denial of Service and information disclosure via crafted .blend file | known not affected: 1 | 2026-07-15T00:07:46+00:00 | Vulnerability · Source |
| CVE-2026-34980 | redhat_vex | cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network | fixed: 19 known affected: 15 known not affected: 261 | 2026-07-15T00:06:57+00:00 | Vulnerability · Source |
| CVE-2026-48914 | redhat_vex | qemu-kvm: Heap buffer overflow in virtio-blk SCSI request handling | fixed: 116 known affected: 59 | 2026-07-15T00:06:50+00:00 | Vulnerability · Source |
| CVE-2026-39246 | redhat_vex | decompress: decompress: arbitrary symlink creation during archive extraction leads to information disclosure | known affected: 4 | 2026-07-15T00:00:53+00:00 | Vulnerability · Source |
| CVE-2026-53550 | redhat_vex | js-yaml: js-yaml: Denial of Service via crafted YAML merge keys | fixed: 4 known affected: 138 known not affected: 50 | 2026-07-14T23:54:34+00:00 | Vulnerability · Source |
| CVE-2026-6637 | redhat_vex | postgresql: PostgreSQL: Arbitrary code execution vulnerability in 'refint' module | fixed: 559 known affected: 111 known not affected: 75 | 2026-07-14T23:41:18+00:00 | Vulnerability · Source |
| CVE-2026-6479 | redhat_vex | postgresql: PostgreSQL: Denial of Service via uncontrolled recursion in SSL/GSS negotiation | fixed: 306 known affected: 49 known not affected: 137 | 2026-07-14T23:41:15+00:00 | Vulnerability · Source |
| CVE-2026-53016 | redhat_vex | kernel: crypto: ccp - copy IV using skcipher ivsize | fixed: 612 known affected: 70 known not affected: 42 | 2026-07-14T22:23:01+00:00 | Vulnerability · Source |
| CVE-2026-56117 | redhat_vex | dhcpcd: dhcpcd: Local heap use-after-free vulnerability leads to denial of service. | known affected: 1 | 2026-07-14T22:10:45+00:00 | Vulnerability · Source |
| CVE-2026-56113 | redhat_vex | dhcpcd: dhcpcd: Denial of Service via crafted DHCPv6 RENEW reply | known affected: 1 | 2026-07-14T22:05:55+00:00 | Vulnerability · Source |
| CVE-2026-56114 | redhat_vex | dhcpcd: dhcpcd: Denial of Service due to stack out-of-bounds write via crafted DHCPv6 message | known affected: 1 | 2026-07-14T22:05:53+00:00 | Vulnerability · Source |
| CVE-2026-47099 | redhat_vex | telejson: TeleJSON: Arbitrary code execution via DOM-based cross-site scripting | known affected: 5 | 2026-07-14T22:05:52+00:00 | Vulnerability · Source |
| CVE-2026-48864 | redhat_vex | libsolv: Heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data | fixed: 326 known affected: 11 known not affected: 1 | 2026-07-14T21:36:10+00:00 | Vulnerability · Source |
| CVE-2025-6170 | redhat_vex | libxml2: Stack Buffer Overflow in xmllint Interactive Shell Command Handling | fixed: 146 known affected: 12 | 2026-07-14T21:21:37+00:00 | Vulnerability · Source |
| CVE-2026-39882 | redhat_vex | github.com/open-telemetry/opentelemetry-go: golang: OpenTelemetry-Go: Memory exhaustion via uncapped HTTP response body reading | fixed: 4 known not affected: 120 under investigation: 1 | 2026-07-14T21:20:45+00:00 | Vulnerability · Source |
| CVE-2025-68114 | redhat_vex | capstone: Capstone: Memory corruption via unchecked vsnprintf return | fixed: 276 known not affected: 129 | 2026-07-14T20:55:13+00:00 | Vulnerability · Source |
| CVE-2026-56115 | redhat_vex | dhcpcd: dhcpcd: Denial of Service via crafted DHCPv6 ADVERTISE message | known affected: 1 | 2026-07-14T20:51:26+00:00 | Vulnerability · Source |
| CVE-2026-44546 | redhat_vex | daphne: daphne: Information disclosure via header injection due to parser differential | known affected: 8 | 2026-07-14T20:51:24+00:00 | Vulnerability · Source |
| CVE-2026-54516 | redhat_vex | jackson-databind: jackson-databind: Security bypass due to improper handling of renamed properties | known affected: 64 known not affected: 38 | 2026-07-14T20:51:23+00:00 | Vulnerability · Source |
| CVE-2026-54515 | redhat_vex | jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified | known affected: 101 known not affected: 1 | 2026-07-14T20:51:20+00:00 | Vulnerability · Source |
| CVE-2026-54517 | redhat_vex | jackson-databind: jackson-databind: Information disclosure via improper JsonView filter application | known affected: 89 known not affected: 13 | 2026-07-14T20:51:19+00:00 | Vulnerability · Source |
| CVE-2026-50292 | redhat_vex | libinput: local privilege escalation via crafted uinput devices | fixed: 45 known affected: 11 | 2026-07-14T20:51:15+00:00 | Vulnerability · Source |
| CVE-2026-53362 | redhat_vex | kernel: kernel: ipv6 frag escape | fixed: 663 known not affected: 198 | 2026-07-14T20:49:17+00:00 | Vulnerability · Source |
| CVE-2026-52965 | redhat_vex | kernel: drm/ttm: Fix ttm_bo_swapout() infinite LRU walk on swapout failure | known affected: 184 known not affected: 90 | 2026-07-14T20:35:59+00:00 | Vulnerability · Source |
| CVE-2026-52966 | redhat_vex | kernel: drm: Replace old pointer to new idr | known affected: 274 | 2026-07-14T20:35:55+00:00 | Vulnerability · Source |
| CVE-2026-52968 | redhat_vex | kernel: KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic | known affected: 232 known not affected: 28 under investigation: 14 | 2026-07-14T20:35:54+00:00 | Vulnerability · Source |
| CVE-2026-53001 | redhat_vex | kernel: netfilter: xtables: restrict several matches to inet family | known affected: 274 | 2026-07-14T20:20:43+00:00 | Vulnerability · Source |
| CVE-2026-53004 | redhat_vex | kernel: sctp: fix OOB write to userspace in sctp_getsockopt_peer_auth_chunks | known affected: 274 | 2026-07-14T20:20:42+00:00 | Vulnerability · Source |
| CVE-2026-48068 | redhat_vex | grpc-js: @grpc/grpc-js: Server crash via malformed HTTP/2 stream initiation | known affected: 5 | 2026-07-14T20:10:47+00:00 | Vulnerability · Source |
| CVE-2026-48038 | redhat_vex | joi: joi: Denial of Service via uncaught RangeError on deeply nested input through recursive link() schemas | known affected: 6 known not affected: 2 | 2026-07-14T20:10:44+00:00 | Vulnerability · Source |
| CVE-2026-44918 | redhat_vex | openstack-ironic: Prevent rehoming resources to nodes with different owner | known affected: 10 known not affected: 4 | 2026-07-14T20:10:42+00:00 | Vulnerability · Source |
| CVE-2026-15713 | redhat_vex | libsoup: SoupCache: libsoup: HTTP/2 frame window exhaustion remote denial of service via memory leak | known affected: 16 | 2026-07-14T20:06:07+00:00 | Vulnerability · Source |
| CVE-2026-15714 | redhat_vex | libsoup: SoupMultipartInputStream: libsoup: Out-of-bounds read in soup_multipart_input_stream_read_headers via an oversized multipart boundary string | known affected: 16 | 2026-07-14T20:06:06+00:00 | Vulnerability · Source |
| CVE-2026-15709 | redhat_vex | SoupWebsocketExtensionDeflate: libsoup: libsoup: WebSocket permessage-deflate Unbounded Decompression Remote Denial of Service | known affected: 16 | 2026-07-14T20:06:02+00:00 | Vulnerability · Source |
| CVE-2026-52747 | redhat_vex | ModSecurity: ModSecurity: Security rule bypass due to incorrect handling of line breaks in form data | known affected: 8 | 2026-07-14T20:05:57+00:00 | Vulnerability · Source |
| CVE-2026-15711 | redhat_vex | libsoup: SoupWebsocketConnection: libsoup: WebSocket remote denial of service via oversized control frame protocol violation | known affected: 16 | 2026-07-14T20:05:55+00:00 | Vulnerability · Source |
| CVE-2026-48069 | redhat_vex | grpc-js: @grpc/grpc-js: Client or server crash via malformed compressed message | known affected: 5 | 2026-07-14T20:05:46+00:00 | Vulnerability · Source |
| CVE-2026-52761 | redhat_vex | ModSecurity: ModSecurity: Web Application Firewall rules bypass due to incorrect UTF-8 to Unicode transformation | known affected: 8 | 2026-07-14T19:56:03+00:00 | Vulnerability · Source |
| CVE-2024-4367 | redhat_vex | Mozilla: Arbitrary JavaScript execution in PDF.js | fixed: 234 known affected: 32 | 2026-07-14T19:55:47+00:00 | Vulnerability · Source |
| CVE-2026-52970 | redhat_vex | kernel: netfilter: nft_ct: fix missing expect put in obj eval | known affected: 184 known not affected: 90 | 2026-07-14T19:55:45+00:00 | Vulnerability · Source |
| CVE-2026-53042 | redhat_vex | kernel: fwctl: Fix class init ordering to avoid NULL pointer dereference on device removal | known affected: 76 known not affected: 198 | 2026-07-14T19:45:52+00:00 | Vulnerability · Source |
| CVE-2026-53037 | redhat_vex | kernel: HID: usbhid: fix deadlock in hid_post_reset() | known affected: 274 | 2026-07-14T19:45:47+00:00 | Vulnerability · Source |