{"metadata": {"count": 221647, "page": 1, "per_page": 100}, "data": [{"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T12:07:23+00:00", "cve": "CVE-2026-27137", "id": "CVE-2026-27137", "initial_release_date": "2026-03-06T21:28:13.748000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27137.json", "version": "3", "product_status": {"fixed": 329, "known_affected": 134, "known_not_affected": 1117}, "imported": 1784117243.0, "vulnerability_id": "CVE-2026-27137", "vulnerability_url": "/vuln/CVE-2026-27137"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T12:05:07+00:00", "cve": "CVE-2026-34986", "id": "CVE-2026-34986", "initial_release_date": "2026-04-06T16:22:45.353000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34986.json", "version": "3", "product_status": {"fixed": 1888, "known_affected": 158, "known_not_affected": 10839, "under_investigation": 21}, "imported": 1784117107.0, "vulnerability_id": "CVE-2026-34986", "vulnerability_url": "/vuln/CVE-2026-34986"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T12:08:08+00:00", "cve": "CVE-2025-61729", "id": "CVE-2025-61729", "initial_release_date": "2025-12-02T18:54:10.166000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61729.json", "version": "3", "product_status": {"fixed": 7441, "known_affected": 440, "known_not_affected": 4587, "under_investigation": 2}, "imported": 1784117084.0, "vulnerability_id": "CVE-2025-61729", "vulnerability_url": "/vuln/CVE-2025-61729"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T12:11:33+00:00", "cve": "CVE-2026-25679", "id": "CVE-2026-25679", "initial_release_date": "2026-03-06T21:28:14.211000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25679.json", "version": "3", "product_status": {"fixed": 8878, "known_affected": 165, "known_not_affected": 4229, "under_investigation": 1}, "imported": 1784116938.0, "vulnerability_id": "CVE-2026-25679", "vulnerability_url": "/vuln/CVE-2026-25679"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T12:01:55+00:00", "cve": "CVE-2026-33810", "id": "CVE-2026-33810", "initial_release_date": "2026-04-08T01:06:56.546000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33810.json", "version": "3", "product_status": {"fixed": 117, "known_affected": 149, "known_not_affected": 913}, "imported": 1784116915.0, "vulnerability_id": "CVE-2026-33810", "vulnerability_url": "/vuln/CVE-2026-33810"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T12:06:53+00:00", "cve": "CVE-2025-61726", "id": "CVE-2025-61726", "initial_release_date": "2025-01-01T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61726.json", "version": "3", "product_status": {"fixed": 10108, "known_affected": 454, "known_not_affected": 16780}, "imported": 1784116698.0, "vulnerability_id": "CVE-2025-61726", "vulnerability_url": "/vuln/CVE-2025-61726"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T11:55:56+00:00", "cve": "CVE-2026-32280", "id": "CVE-2026-32280", "initial_release_date": "2026-04-08T01:06:58.595000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32280.json", "version": "3", "product_status": {"fixed": 2571, "known_affected": 187, "known_not_affected": 2663}, "imported": 1784116556.0, "vulnerability_id": "CVE-2026-32280", "vulnerability_url": "/vuln/CVE-2026-32280"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T12:04:55+00:00", "cve": "CVE-2026-33186", "id": "CVE-2026-33186", "initial_release_date": "2026-03-20T22:23:32.147000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33186.json", "version": "3", "product_status": {"fixed": 2457, "known_affected": 409, "known_not_affected": 27379, "under_investigation": 1}, "imported": 1784116443.0, "vulnerability_id": "CVE-2026-33186", "vulnerability_url": "/vuln/CVE-2026-33186"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T11:51:23+00:00", "cve": "CVE-2023-39325", "id": "CVE-2023-39325", "initial_release_date": "2023-10-10T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39325.json", "version": "3", "product_status": {"fixed": 4761, "known_affected": 244, "known_not_affected": 30354}, "imported": 1784116283.0, "vulnerability_id": "CVE-2023-39325", "vulnerability_url": "/vuln/CVE-2023-39325"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T11:34:25+00:00", "cve": "CVE-2026-12143", "id": "CVE-2026-12143", "initial_release_date": "2026-06-12T18:01:30.362000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "form-data: form-data: Form field override via CRLF injection", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12143.json", "version": "3", "product_status": {"fixed": 97, "known_affected": 50, "known_not_affected": 157, "under_investigation": 108}, "imported": 1784115265.0, "vulnerability_id": "CVE-2026-12143", "vulnerability_url": "/vuln/CVE-2026-12143"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T11:34:10+00:00", "cve": "CVE-2025-66506", "id": "CVE-2025-66506", "initial_release_date": "2025-12-04T22:04:41.637000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66506.json", "version": "3", "product_status": {"fixed": 320, "known_affected": 66, "known_not_affected": 1247}, "imported": 1784115250.0, "vulnerability_id": "CVE-2025-66506", "vulnerability_url": "/vuln/CVE-2025-66506"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T11:33:56+00:00", "cve": "CVE-2025-66471", "id": "CVE-2025-66471", "initial_release_date": "2025-12-05T16:06:08.531000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "urllib3: urllib3 Streaming API improperly handles highly compressed data", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66471.json", "version": "3", "product_status": {"fixed": 1948, "known_affected": 359, "known_not_affected": 3318, "under_investigation": 1}, "imported": 1784115236.0, "vulnerability_id": "CVE-2025-66471", "vulnerability_url": "/vuln/CVE-2025-66471"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T11:33:37+00:00", "cve": "CVE-2025-66418", "id": "CVE-2025-66418", "initial_release_date": "2025-12-05T16:02:15.271000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66418.json", "version": "3", "product_status": {"fixed": 1933, "known_affected": 421, "known_not_affected": 2586, "under_investigation": 1}, "imported": 1784115217.0, "vulnerability_id": "CVE-2025-66418", "vulnerability_url": "/vuln/CVE-2025-66418"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T11:33:23+00:00", "cve": "CVE-2025-64756", "id": "CVE-2025-64756", "initial_release_date": "2025-11-17T17:29:08.029000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "glob: glob: Command Injection Vulnerability via Malicious Filenames", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64756.json", "version": "3", "product_status": {"fixed": 171, "known_affected": 145, "known_not_affected": 1097}, "imported": 1784115203.0, "vulnerability_id": "CVE-2025-64756", "vulnerability_url": "/vuln/CVE-2025-64756"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T11:33:12+00:00", "cve": "CVE-2025-52881", "id": "CVE-2025-52881", "initial_release_date": "2025-11-05T09:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52881.json", "version": "3", "product_status": {"fixed": 2378, "known_affected": 46, "known_not_affected": 3931}, "imported": 1784115192.0, "vulnerability_id": "CVE-2025-52881", "vulnerability_url": "/vuln/CVE-2025-52881"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T11:32:51+00:00", "cve": "CVE-2025-30204", "id": "CVE-2025-30204", "initial_release_date": "2025-03-21T21:42:01.382000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30204.json", "version": "3", "product_status": {"fixed": 3038, "known_affected": 78, "known_not_affected": 11728}, "imported": 1784115171.0, "vulnerability_id": "CVE-2025-30204", "vulnerability_url": "/vuln/CVE-2025-30204"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T11:31:38+00:00", "cve": "CVE-2025-22869", "id": "CVE-2025-22869", "initial_release_date": "2025-02-26T03:07:48.855000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22869.json", "version": "3", "product_status": {"fixed": 2719, "known_affected": 54, "known_not_affected": 6259, "under_investigation": 1}, "imported": 1784115098.0, "vulnerability_id": "CVE-2025-22869", "vulnerability_url": "/vuln/CVE-2025-22869"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T11:31:06+00:00", "cve": "CVE-2025-22868", "id": "CVE-2025-22868", "initial_release_date": "2025-02-26T03:07:49.012000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22868.json", "version": "3", "product_status": {"fixed": 1876, "known_affected": 95, "known_not_affected": 8426}, "imported": 1784115066.0, "vulnerability_id": "CVE-2025-22868", "vulnerability_url": "/vuln/CVE-2025-22868"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T11:05:01+00:00", "cve": "CVE-2025-69223", "id": "CVE-2025-69223", "initial_release_date": "2025-01-01T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69223.json", "version": "3", "product_status": {"fixed": 219, "known_affected": 31, "known_not_affected": 6332}, "imported": 1784113501.0, "vulnerability_id": "CVE-2025-69223", "vulnerability_url": "/vuln/CVE-2025-69223"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T10:36:19+00:00", "cve": "CVE-2026-39835", "id": "CVE-2026-39835", "initial_release_date": "2026-05-22T02:31:26.982000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39835.json", "version": "3", "product_status": {"fixed": 653, "known_affected": 148, "known_not_affected": 316, "under_investigation": 1}, "imported": 1784111779.0, "vulnerability_id": "CVE-2026-39835", "vulnerability_url": "/vuln/CVE-2026-39835"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T10:35:56+00:00", "cve": "CVE-2026-48125", "id": "CVE-2026-48125", "initial_release_date": "2026-07-14T20:54:56.374000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "ua-parser-js: UAParser.js: Denial of Service via crafted Client Hints header", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48125.json", "version": "3", "product_status": {"known_affected": 20}, "imported": 1784111756.0, "vulnerability_id": "CVE-2026-48125", "vulnerability_url": "/vuln/CVE-2026-48125"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T10:31:48+00:00", "cve": "CVE-2026-25681", "id": "CVE-2026-25681", "initial_release_date": "2026-05-22T15:01:21.975000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25681.json", "version": "3", "product_status": {"fixed": 290, "known_affected": 417, "known_not_affected": 520, "under_investigation": 2}, "imported": 1784111508.0, "vulnerability_id": "CVE-2026-25681", "vulnerability_url": "/vuln/CVE-2026-25681"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T10:31:14+00:00", "cve": "CVE-2026-42342", "id": "CVE-2026-42342", "initial_release_date": "2026-06-02T18:23:02.765000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "react-router: @remix-run/server-runtime: React Router / Remix: Denial of Service via unbounded path expansion in __manifest endpoint", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42342.json", "version": "3", "product_status": {"known_affected": 148, "known_not_affected": 26}, "imported": 1784111474.0, "vulnerability_id": "CVE-2026-42342", "vulnerability_url": "/vuln/CVE-2026-42342"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T10:31:05+00:00", "cve": "CVE-2026-45736", "id": "CVE-2026-45736", "initial_release_date": "2026-05-15T14:53:57.263000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45736.json", "version": "3", "product_status": {"fixed": 29, "known_affected": 58, "known_not_affected": 383}, "imported": 1784111465.0, "vulnerability_id": "CVE-2026-45736", "vulnerability_url": "/vuln/CVE-2026-45736"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-15T10:19:37+00:00", "cve": "CVE-2026-43514", "id": "CVE-2026-43514", "initial_release_date": "2026-05-12T15:32:09.858000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43514.json", "version": "3", "product_status": {"fixed": 4, "known_affected": 28}, "imported": 1784110777.0, "vulnerability_id": "CVE-2026-43514", "vulnerability_url": "/vuln/CVE-2026-43514"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T10:17:11+00:00", "cve": "CVE-2026-47736", "id": "CVE-2026-47736", "initial_release_date": "2026-07-14T19:54:26.229000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "puma: Puma: Denial of Service due to unbounded memory growth in PROXY protocol v1", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-47736.json", "version": "3", "product_status": {"known_not_affected": 19}, "imported": 1784110631.0, "vulnerability_id": "CVE-2026-47736", "vulnerability_url": "/vuln/CVE-2026-47736"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T10:17:07+00:00", "cve": "CVE-2026-49978", "id": "CVE-2026-49978", "initial_release_date": "2026-07-14T20:02:46.263000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "dompurify: DOMPurify: Cross-site scripting vulnerability allows code execution", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49978.json", "version": "3", "product_status": {"known_affected": 13, "under_investigation": 35}, "imported": 1784110627.0, "vulnerability_id": "CVE-2026-49978", "vulnerability_url": "/vuln/CVE-2026-49978"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T10:16:31+00:00", "cve": "CVE-2026-47737", "id": "CVE-2026-47737", "initial_release_date": "2026-07-14T19:45:16.648000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "puma: Puma: Source IP spoofing via PROXY protocol header re-parsing", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-47737.json", "version": "3", "product_status": {"known_not_affected": 19}, "imported": 1784110591.0, "vulnerability_id": "CVE-2026-47737", "vulnerability_url": "/vuln/CVE-2026-47737"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T10:03:11+00:00", "cve": "CVE-2026-32282", "id": "CVE-2026-32282", "initial_release_date": "2026-04-08T01:06:55.953000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32282.json", "version": "3", "product_status": {"fixed": 1168, "known_affected": 191, "known_not_affected": 1798}, "imported": 1784109791.0, "vulnerability_id": "CVE-2026-32282", "vulnerability_url": "/vuln/CVE-2026-32282"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T10:03:04+00:00", "cve": "CVE-2026-32281", "id": "CVE-2026-32281", "initial_release_date": "2026-04-08T01:06:58.354000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32281.json", "version": "3", "product_status": {"fixed": 1127, "known_affected": 260, "known_not_affected": 1104}, "imported": 1784109784.0, "vulnerability_id": "CVE-2026-32281", "vulnerability_url": "/vuln/CVE-2026-32281"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T10:00:31+00:00", "cve": "CVE-2026-33811", "id": "CVE-2026-33811", "initial_release_date": "2026-05-07T19:41:19.285000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33811.json", "version": "3", "product_status": {"fixed": 501, "known_affected": 261, "known_not_affected": 516, "under_investigation": 17}, "imported": 1784109631.0, "vulnerability_id": "CVE-2026-33811", "vulnerability_url": "/vuln/CVE-2026-33811"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T10:00:17+00:00", "cve": "CVE-2026-32283", "id": "CVE-2026-32283", "initial_release_date": "2026-04-08T01:06:57.670000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32283.json", "version": "3", "product_status": {"fixed": 2038, "known_affected": 220, "known_not_affected": 954, "under_investigation": 1}, "imported": 1784109617.0, "vulnerability_id": "CVE-2026-32283", "vulnerability_url": "/vuln/CVE-2026-32283"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T09:56:30+00:00", "cve": "CVE-2026-39830", "id": "CVE-2026-39830", "initial_release_date": "2026-05-22T02:31:27.208000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39830.json", "version": "3", "product_status": {"fixed": 578, "known_affected": 191, "known_not_affected": 484, "under_investigation": 4}, "imported": 1784109390.0, "vulnerability_id": "CVE-2026-39830", "vulnerability_url": "/vuln/CVE-2026-39830"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T09:56:27+00:00", "cve": "CVE-2026-49459", "id": "CVE-2026-49459", "initial_release_date": "2026-07-14T20:01:44.857000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "dompurify: DOMPurify: Cross-site scripting bypass allows arbitrary script execution", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49459.json", "version": "3", "product_status": {"known_affected": 4, "under_investigation": 44}, "imported": 1784109387.0, "vulnerability_id": "CVE-2026-49459", "vulnerability_url": "/vuln/CVE-2026-49459"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T09:56:18+00:00", "cve": "CVE-2026-42997", "id": "CVE-2026-42997", "initial_release_date": "2026-05-05T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "OpenStack Ironic: OpenStack Ironic: Information disclosure via credential forwarding during mold import", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42997.json", "version": "3", "product_status": {"fixed": 4, "known_affected": 9, "known_not_affected": 4}, "imported": 1784109378.0, "vulnerability_id": "CVE-2026-42997", "vulnerability_url": "/vuln/CVE-2026-42997"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T09:51:16+00:00", "cve": "CVE-2026-49458", "id": "CVE-2026-49458", "initial_release_date": "2026-07-14T19:58:50.397000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "dompurify: DOMPurify: Cross-site scripting due to improper sanitization of DOM nodes", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49458.json", "version": "3", "product_status": {"known_affected": 7, "under_investigation": 41}, "imported": 1784109076.0, "vulnerability_id": "CVE-2026-49458", "vulnerability_url": "/vuln/CVE-2026-49458"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T09:46:13+00:00", "cve": "CVE-2026-53486", "id": "CVE-2026-53486", "initial_release_date": "2026-07-14T20:07:14.190000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "decompress: @xhmikosr/decompress: Decompress: Arbitrary file read/write via crafted archive extraction", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53486.json", "version": "3", "product_status": {"known_affected": 4}, "imported": 1784108773.0, "vulnerability_id": "CVE-2026-53486", "vulnerability_url": "/vuln/CVE-2026-53486"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T09:46:08+00:00", "cve": "CVE-2026-47423", "id": "CVE-2026-47423", "initial_release_date": "2026-07-14T19:56:02.057000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "dompurify: DOMPurify: Cross-site scripting vulnerability allows information disclosure", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-47423.json", "version": "3", "product_status": {"known_affected": 1, "known_not_affected": 9, "under_investigation": 38}, "imported": 1784108768.0, "vulnerability_id": "CVE-2026-47423", "vulnerability_url": "/vuln/CVE-2026-47423"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T09:37:31+00:00", "cve": "CVE-2026-15308", "id": "CVE-2026-15308", "initial_release_date": "2026-07-09T17:10:57.317000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-15308.json", "version": "3", "product_status": {"fixed": 178, "known_affected": 81, "known_not_affected": 34}, "imported": 1784108251.0, "vulnerability_id": "CVE-2026-15308", "vulnerability_url": "/vuln/CVE-2026-15308"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T09:31:40+00:00", "cve": "CVE-2026-35469", "id": "CVE-2026-35469", "initial_release_date": "2026-04-13T23:59:59+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35469.json", "version": "3", "product_status": {"fixed": 404, "known_affected": 78, "known_not_affected": 15464}, "imported": 1784107900.0, "vulnerability_id": "CVE-2026-35469", "vulnerability_url": "/vuln/CVE-2026-35469"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T09:31:05+00:00", "cve": "CVE-2026-12151", "id": "CVE-2026-12151", "initial_release_date": "2026-06-17T16:05:38.785000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12151.json", "version": "3", "product_status": {"fixed": 255, "known_affected": 53, "known_not_affected": 110}, "imported": 1784107865.0, "vulnerability_id": "CVE-2026-12151", "vulnerability_url": "/vuln/CVE-2026-12151"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-15T09:15:14+00:00", "cve": "CVE-2026-15028", "id": "CVE-2026-15028", "initial_release_date": "2026-07-08T10:10:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "libarchive: heap overflow OOB read while parsing a tar archive contains a PAX extended header", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-15028.json", "version": "3", "product_status": {"fixed": 3, "known_affected": 21}, "imported": 1784106914.0, "vulnerability_id": "CVE-2026-15028", "vulnerability_url": "/vuln/CVE-2026-15028"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T09:12:05+00:00", "cve": "CVE-2026-27136", "id": "CVE-2026-27136", "initial_release_date": "2026-05-22T15:01:22.111000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27136.json", "version": "3", "product_status": {"fixed": 218, "known_affected": 420, "known_not_affected": 170, "under_investigation": 2}, "imported": 1784106725.0, "vulnerability_id": "CVE-2026-27136", "vulnerability_url": "/vuln/CVE-2026-27136"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T09:09:53+00:00", "cve": "CVE-2026-46579", "id": "CVE-2026-46579", "initial_release_date": "2026-04-17T20:10:23+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "openshift/router: openshift/router: mTLS client certificate spoofing via unstripped X-SSL-Client headers on HTTP frontend", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46579.json", "version": "3", "product_status": {"fixed": 16, "known_affected": 1, "known_not_affected": 1476}, "imported": 1784106593.0, "vulnerability_id": "CVE-2026-46579", "vulnerability_url": "/vuln/CVE-2026-46579"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T09:09:37+00:00", "cve": "CVE-2026-26996", "id": "CVE-2026-26996", "initial_release_date": "2026-02-20T03:05:21.105000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26996.json", "version": "3", "product_status": {"fixed": 520, "known_affected": 38, "known_not_affected": 3848}, "imported": 1784106577.0, "vulnerability_id": "CVE-2026-26996", "vulnerability_url": "/vuln/CVE-2026-26996"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T09:08:31+00:00", "cve": "CVE-2026-6523", "id": "CVE-2026-6523", "initial_release_date": "2026-04-30T05:34:14.217000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "wireshark: Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6523.json", "version": "3", "product_status": {"known_affected": 4, "known_not_affected": 16}, "imported": 1784106511.0, "vulnerability_id": "CVE-2026-6523", "vulnerability_url": "/vuln/CVE-2026-6523"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T09:08:30+00:00", "cve": "CVE-2026-6525", "id": "CVE-2026-6525", "initial_release_date": "2026-05-02T11:33:33.147000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "wireshark: NULL Pointer Dereference in Wireshark", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6525.json", "version": "3", "product_status": {"known_not_affected": 20}, "imported": 1784106510.0, "vulnerability_id": "CVE-2026-6525", "vulnerability_url": "/vuln/CVE-2026-6525"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T09:07:15+00:00", "cve": "CVE-2026-9759", "id": "CVE-2026-9759", "initial_release_date": "2026-05-27T18:33:18.742000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "wireshark: NULL Pointer Dereference in Wireshark", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-9759.json", "version": "3", "product_status": {"known_affected": 4, "known_not_affected": 16}, "imported": 1784106435.0, "vulnerability_id": "CVE-2026-9759", "vulnerability_url": "/vuln/CVE-2026-9759"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T09:07:12+00:00", "cve": "CVE-2026-5299", "id": "CVE-2026-5299", "initial_release_date": "2026-04-30T05:39:24.216000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "wireshark: Uncontrolled Recursion in Wireshark", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5299.json", "version": "3", "product_status": {"known_affected": 4, "known_not_affected": 16}, "imported": 1784106432.0, "vulnerability_id": "CVE-2026-5299", "vulnerability_url": "/vuln/CVE-2026-5299"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T09:06:30+00:00", "cve": "CVE-2026-10649", "id": "CVE-2026-10649", "initial_release_date": "2026-06-16T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "pacemaker: Pacemaker: Denial of Service via integer overflow in remote message decompression", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-10649.json", "version": "3", "product_status": {"fixed": 268, "known_affected": 30}, "imported": 1784106390.0, "vulnerability_id": "CVE-2026-10649", "vulnerability_url": "/vuln/CVE-2026-10649"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T09:01:28+00:00", "cve": "CVE-2026-46597", "id": "CVE-2026-46597", "initial_release_date": "2026-05-22T02:31:26.754000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46597.json", "version": "3", "product_status": {"fixed": 128, "known_affected": 177, "known_not_affected": 115, "under_investigation": 73}, "imported": 1784106088.0, "vulnerability_id": "CVE-2026-46597", "vulnerability_url": "/vuln/CVE-2026-46597"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T08:56:28+00:00", "cve": "CVE-2026-42586", "id": "CVE-2026-42586", "initial_release_date": "2026-05-13T18:20:46.999000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "netty-codec-redis: Netty: Command injection via CRLF characters in Redis codec encoder", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42586.json", "version": "3", "product_status": {"fixed": 1, "known_affected": 4, "known_not_affected": 2}, "imported": 1784105788.0, "vulnerability_id": "CVE-2026-42586", "vulnerability_url": "/vuln/CVE-2026-42586"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T08:25:57+00:00", "cve": "CVE-2026-45205", "id": "CVE-2026-45205", "initial_release_date": "2026-05-14T11:22:43.908000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "commons-configuration: Apache Commons Configuration: Denial of Service via uncontrolled recursion with crafted YAML input", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45205.json", "version": "3", "product_status": {"known_affected": 45, "known_not_affected": 4}, "imported": 1784103957.0, "vulnerability_id": "CVE-2026-45205", "vulnerability_url": "/vuln/CVE-2026-45205"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T08:10:56+00:00", "cve": "CVE-2026-4647", "id": "CVE-2026-4647", "initial_release_date": "2026-03-23T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "binutils: Out-of-Bounds Read in XCOFF Relocation Processing in GNU Binutils BFD Library", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4647.json", "version": "3", "product_status": {"fixed": 3, "known_affected": 39, "known_not_affected": 34}, "imported": 1784103056.0, "vulnerability_id": "CVE-2026-4647", "vulnerability_url": "/vuln/CVE-2026-4647"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T08:06:07+00:00", "cve": "CVE-2026-14251", "id": "CVE-2026-14251", "initial_release_date": "2026-07-06T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "gitops-operator: gitops-operator: Missing allowedNamespace check in ReconcilerHook for ClusterRole/Role cases enables potential privilege escalation and DoS", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-14251.json", "version": "3", "product_status": {"known_affected": 2}, "imported": 1784102767.0, "vulnerability_id": "CVE-2026-14251", "vulnerability_url": "/vuln/CVE-2026-14251"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T07:51:31+00:00", "cve": "CVE-2025-68121", "id": "CVE-2025-68121", "initial_release_date": "2025-01-01T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68121.json", "version": "3", "product_status": {"fixed": 6918, "known_affected": 204, "known_not_affected": 3880, "under_investigation": 42}, "imported": 1784101891.0, "vulnerability_id": "CVE-2025-68121", "vulnerability_url": "/vuln/CVE-2025-68121"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T07:51:06+00:00", "cve": "CVE-2026-42264", "id": "CVE-2026-42264", "initial_release_date": "2026-05-08T03:20:24.248000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "axios: Axios: Prototype pollution allows information disclosure and request manipulation", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42264.json", "version": "3", "product_status": {"fixed": 44, "known_affected": 47, "known_not_affected": 176}, "imported": 1784101866.0, "vulnerability_id": "CVE-2026-42264", "vulnerability_url": "/vuln/CVE-2026-42264"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T06:55:46+00:00", "cve": "CVE-2026-10846", "id": "CVE-2026-10846", "initial_release_date": "2026-06-10T06:37:59.538000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "ldns: ldns: Off-path poisoning attacks due to insufficient query-response matching", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-10846.json", "version": "3", "product_status": {"known_affected": 25}, "imported": 1784098546.0, "vulnerability_id": "CVE-2026-10846", "vulnerability_url": "/vuln/CVE-2026-10846"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:51:28+00:00", "cve": "CVE-2026-44740", "id": "CVE-2026-44740", "initial_release_date": "2026-06-01T16:04:50.358000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "github.com/go-git/go-billy: Billy: Denial of Service via crafted input due to insufficient validation", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44740.json", "version": "3", "product_status": {"fixed": 112, "known_affected": 218, "known_not_affected": 70}, "imported": 1784094688.0, "vulnerability_id": "CVE-2026-44740", "vulnerability_url": "/vuln/CVE-2026-44740"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-15T05:48:54+00:00", "cve": "CVE-2026-12325", "id": "CVE-2026-12325", "initial_release_date": "2026-06-16T11:52:58.728000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12325.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784094534.0, "vulnerability_id": "CVE-2026-12325", "vulnerability_url": "/vuln/CVE-2026-12325"}, {"meta_source": "redhat_vex", "aggregate_severity": "Low", "current_release_date": "2026-07-15T05:48:51+00:00", "cve": "CVE-2026-12324", "id": "CVE-2026-12324", "initial_release_date": "2026-06-16T11:52:57.719000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12324.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784094531.0, "vulnerability_id": "CVE-2026-12324", "vulnerability_url": "/vuln/CVE-2026-12324"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T05:48:37+00:00", "cve": "CVE-2026-39244", "id": "CVE-2026-39244", "initial_release_date": "2026-07-10T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "adm-zip: adm-zip: Denial of Service via crafted ZIP file leading to excessive memory allocation", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39244.json", "version": "3", "product_status": {"known_affected": 15, "under_investigation": 7}, "imported": 1784094517.0, "vulnerability_id": "CVE-2026-39244", "vulnerability_url": "/vuln/CVE-2026-39244"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T05:47:54+00:00", "cve": "CVE-2026-12330", "id": "CVE-2026-12330", "initial_release_date": "2026-06-16T11:53:03.839000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Incorrect boundary conditions in the Internationalization component", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12330.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784094474.0, "vulnerability_id": "CVE-2026-12330", "vulnerability_url": "/vuln/CVE-2026-12330"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T05:47:51+00:00", "cve": "CVE-2026-12327", "id": "CVE-2026-12327", "initial_release_date": "2026-06-16T11:53:00.798000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12327.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784094471.0, "vulnerability_id": "CVE-2026-12327", "vulnerability_url": "/vuln/CVE-2026-12327"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T05:47:48+00:00", "cve": "CVE-2026-12315", "id": "CVE-2026-12315", "initial_release_date": "2026-06-16T11:52:48.735000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Mitigation bypass in the DOM: Security component", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12315.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784094468.0, "vulnerability_id": "CVE-2026-12315", "vulnerability_url": "/vuln/CVE-2026-12315"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T05:47:47+00:00", "cve": "CVE-2026-12314", "id": "CVE-2026-12314", "initial_release_date": "2026-06-16T11:52:47.771000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12314.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784094467.0, "vulnerability_id": "CVE-2026-12314", "vulnerability_url": "/vuln/CVE-2026-12314"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T05:47:46+00:00", "cve": "CVE-2026-12313", "id": "CVE-2026-12313", "initial_release_date": "2026-06-16T11:52:46.728000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12313.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784094466.0, "vulnerability_id": "CVE-2026-12313", "vulnerability_url": "/vuln/CVE-2026-12313"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T05:47:41+00:00", "cve": "CVE-2026-12312", "id": "CVE-2026-12312", "initial_release_date": "2026-06-16T11:52:45.734000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12312.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784094461.0, "vulnerability_id": "CVE-2026-12312", "vulnerability_url": "/vuln/CVE-2026-12312"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T05:47:39+00:00", "cve": "CVE-2026-12311", "id": "CVE-2026-12311", "initial_release_date": "2026-06-16T11:52:44.738000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12311.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784094459.0, "vulnerability_id": "CVE-2026-12311", "vulnerability_url": "/vuln/CVE-2026-12311"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T05:47:37+00:00", "cve": "CVE-2026-12310", "id": "CVE-2026-12310", "initial_release_date": "2026-06-16T11:52:43.757000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12310.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784094457.0, "vulnerability_id": "CVE-2026-12310", "vulnerability_url": "/vuln/CVE-2026-12310"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T05:47:34+00:00", "cve": "CVE-2026-12309", "id": "CVE-2026-12309", "initial_release_date": "2026-06-16T11:52:42.737000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12309.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784094454.0, "vulnerability_id": "CVE-2026-12309", "vulnerability_url": "/vuln/CVE-2026-12309"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T05:47:31+00:00", "cve": "CVE-2026-12308", "id": "CVE-2026-12308", "initial_release_date": "2026-06-16T11:52:41.775000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12308.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784094451.0, "vulnerability_id": "CVE-2026-12308", "vulnerability_url": "/vuln/CVE-2026-12308"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T05:47:27+00:00", "cve": "CVE-2026-12307", "id": "CVE-2026-12307", "initial_release_date": "2026-06-16T11:52:40.757000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12307.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784094447.0, "vulnerability_id": "CVE-2026-12307", "vulnerability_url": "/vuln/CVE-2026-12307"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T05:47:26+00:00", "cve": "CVE-2026-12306", "id": "CVE-2026-12306", "initial_release_date": "2026-06-16T11:52:39.808000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12306.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784094446.0, "vulnerability_id": "CVE-2026-12306", "vulnerability_url": "/vuln/CVE-2026-12306"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T05:47:24+00:00", "cve": "CVE-2026-12305", "id": "CVE-2026-12305", "initial_release_date": "2026-06-16T11:52:38.793000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12305.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784094444.0, "vulnerability_id": "CVE-2026-12305", "vulnerability_url": "/vuln/CVE-2026-12305"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T05:47:21+00:00", "cve": "CVE-2026-12302", "id": "CVE-2026-12302", "initial_release_date": "2026-06-16T11:52:35.893000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Mitigation bypass in the DOM: Security component", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12302.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784094441.0, "vulnerability_id": "CVE-2026-12302", "vulnerability_url": "/vuln/CVE-2026-12302"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T05:47:21+00:00", "cve": "CVE-2026-12304", "id": "CVE-2026-12304", "initial_release_date": "2026-06-16T11:52:37.817000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12304.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784094441.0, "vulnerability_id": "CVE-2026-12304", "vulnerability_url": "/vuln/CVE-2026-12304"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:41:25+00:00", "cve": "CVE-2026-42504", "id": "CVE-2026-42504", "initial_release_date": "2026-06-02T22:01:37.219000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42504.json", "version": "3", "product_status": {"known_affected": 117, "known_not_affected": 26, "under_investigation": 240}, "imported": 1784094085.0, "vulnerability_id": "CVE-2026-42504", "vulnerability_url": "/vuln/CVE-2026-42504"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:41:08+00:00", "cve": "CVE-2026-39832", "id": "CVE-2026-39832", "initial_release_date": "2026-05-22T02:31:26.660000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39832.json", "version": "3", "product_status": {"fixed": 580, "known_affected": 95, "known_not_affected": 189, "under_investigation": 3}, "imported": 1784094068.0, "vulnerability_id": "CVE-2026-39832", "vulnerability_url": "/vuln/CVE-2026-39832"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:37:18+00:00", "cve": "CVE-2026-39831", "id": "CVE-2026-39831", "initial_release_date": "2026-05-22T02:31:27.436000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39831.json", "version": "3", "product_status": {"fixed": 128, "known_affected": 176, "known_not_affected": 113, "under_investigation": 74}, "imported": 1784093838.0, "vulnerability_id": "CVE-2026-39831", "vulnerability_url": "/vuln/CVE-2026-39831"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:37:07+00:00", "cve": "CVE-2026-39820", "id": "CVE-2026-39820", "initial_release_date": "2026-05-07T19:41:19.854000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39820.json", "version": "3", "product_status": {"fixed": 85, "known_affected": 148, "known_not_affected": 225, "under_investigation": 132}, "imported": 1784093827.0, "vulnerability_id": "CVE-2026-39820", "vulnerability_url": "/vuln/CVE-2026-39820"}, {"meta_source": "redhat_vex", "aggregate_severity": "Moderate", "current_release_date": "2026-07-15T05:33:36+00:00", "cve": "CVE-2025-61728", "id": "CVE-2025-61728", "initial_release_date": "2025-01-01T00:00:00+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61728.json", "version": "3", "product_status": {"fixed": 6567, "known_affected": 110, "known_not_affected": 4103}, "imported": 1784093616.0, "vulnerability_id": "CVE-2025-61728", "vulnerability_url": "/vuln/CVE-2025-61728"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:33:18+00:00", "cve": "CVE-2026-39828", "id": "CVE-2026-39828", "initial_release_date": "2026-05-22T02:31:26.883000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39828.json", "version": "3", "product_status": {"fixed": 241, "known_affected": 154, "known_not_affected": 403, "under_investigation": 1}, "imported": 1784093598.0, "vulnerability_id": "CVE-2026-39828", "vulnerability_url": "/vuln/CVE-2026-39828"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:33:08+00:00", "cve": "CVE-2026-39829", "id": "CVE-2026-39829", "initial_release_date": "2026-05-22T02:31:27.324000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39829.json", "version": "3", "product_status": {"fixed": 628, "known_affected": 171, "known_not_affected": 525, "under_investigation": 3}, "imported": 1784093588.0, "vulnerability_id": "CVE-2026-39829", "vulnerability_url": "/vuln/CVE-2026-39829"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:33:05+00:00", "cve": "CVE-2026-42508", "id": "CVE-2026-42508", "initial_release_date": "2026-05-22T02:31:27.644000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42508.json", "version": "3", "product_status": {"fixed": 496, "known_affected": 51, "known_not_affected": 261, "under_investigation": 3}, "imported": 1784093585.0, "vulnerability_id": "CVE-2026-42508", "vulnerability_url": "/vuln/CVE-2026-42508"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:31:47+00:00", "cve": "CVE-2026-46595", "id": "CVE-2026-46595", "initial_release_date": "2026-05-22T02:31:27.894000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46595.json", "version": "3", "product_status": {"fixed": 207, "known_affected": 60, "known_not_affected": 889, "under_investigation": 3}, "imported": 1784093507.0, "vulnerability_id": "CVE-2026-46595", "vulnerability_url": "/vuln/CVE-2026-46595"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:31:43+00:00", "cve": "CVE-2026-39821", "id": "CVE-2026-39821", "initial_release_date": "2026-05-22T15:01:21.462000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39821.json", "version": "3", "product_status": {"fixed": 603, "known_affected": 259, "known_not_affected": 1002, "under_investigation": 5}, "imported": 1784093503.0, "vulnerability_id": "CVE-2026-39821", "vulnerability_url": "/vuln/CVE-2026-39821"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:31:38+00:00", "cve": "CVE-2026-12329", "id": "CVE-2026-12329", "initial_release_date": "2026-06-16T11:53:02.833000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12329.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784093498.0, "vulnerability_id": "CVE-2026-12329", "vulnerability_url": "/vuln/CVE-2026-12329"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:31:33+00:00", "cve": "CVE-2026-12328", "id": "CVE-2026-12328", "initial_release_date": "2026-06-16T11:53:01.835000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12328.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784093493.0, "vulnerability_id": "CVE-2026-12328", "vulnerability_url": "/vuln/CVE-2026-12328"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:31:28+00:00", "cve": "CVE-2026-12299", "id": "CVE-2026-12299", "initial_release_date": "2026-06-16T11:52:32.885000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12299.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784093488.0, "vulnerability_id": "CVE-2026-12299", "vulnerability_url": "/vuln/CVE-2026-12299"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:31:24+00:00", "cve": "CVE-2026-12298", "id": "CVE-2026-12298", "initial_release_date": "2026-06-16T11:52:31.879000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12298.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784093484.0, "vulnerability_id": "CVE-2026-12298", "vulnerability_url": "/vuln/CVE-2026-12298"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:31:18+00:00", "cve": "CVE-2026-12297", "id": "CVE-2026-12297", "initial_release_date": "2026-06-16T11:52:30.907000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12297.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784093478.0, "vulnerability_id": "CVE-2026-12297", "vulnerability_url": "/vuln/CVE-2026-12297"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:31:14+00:00", "cve": "CVE-2026-12296", "id": "CVE-2026-12296", "initial_release_date": "2026-06-16T11:52:29.869000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12296.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784093474.0, "vulnerability_id": "CVE-2026-12296", "vulnerability_url": "/vuln/CVE-2026-12296"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:31:06+00:00", "cve": "CVE-2026-12295", "id": "CVE-2026-12295", "initial_release_date": "2026-06-16T11:52:28.892000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Sandbox escape in the DOM: Navigation component", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12295.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784093466.0, "vulnerability_id": "CVE-2026-12295", "vulnerability_url": "/vuln/CVE-2026-12295"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:31:00+00:00", "cve": "CVE-2026-12294", "id": "CVE-2026-12294", "initial_release_date": "2026-06-16T11:52:27.895000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Sandbox escape in the DOM: Workers component", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12294.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784093460.0, "vulnerability_id": "CVE-2026-12294", "vulnerability_url": "/vuln/CVE-2026-12294"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:30:53+00:00", "cve": "CVE-2026-12292", "id": "CVE-2026-12292", "initial_release_date": "2026-06-16T11:52:25.938000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Incorrect boundary conditions in the Web Audio component", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12292.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784093453.0, "vulnerability_id": "CVE-2026-12292", "vulnerability_url": "/vuln/CVE-2026-12292"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:30:47+00:00", "cve": "CVE-2026-12291", "id": "CVE-2026-12291", "initial_release_date": "2026-06-16T11:52:24.990000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Use-after-free in the Networking: HTTP component", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12291.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784093447.0, "vulnerability_id": "CVE-2026-12291", "vulnerability_url": "/vuln/CVE-2026-12291"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:30:38+00:00", "cve": "CVE-2026-12290", "id": "CVE-2026-12290", "initial_release_date": "2026-06-16T11:52:23.998000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12290.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784093438.0, "vulnerability_id": "CVE-2026-12290", "vulnerability_url": "/vuln/CVE-2026-12290"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:30:33+00:00", "cve": "CVE-2026-12289", "id": "CVE-2026-12289", "initial_release_date": "2026-06-16T11:52:22.944000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "firefox: thunderbird: Privilege escalation in the Graphics: WebRender component", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12289.json", "version": "3", "product_status": {"fixed": 260, "known_affected": 8}, "imported": 1784093433.0, "vulnerability_id": "CVE-2026-12289", "vulnerability_url": "/vuln/CVE-2026-12289"}, {"meta_source": "redhat_vex", "aggregate_severity": "Important", "current_release_date": "2026-07-15T05:28:44+00:00", "cve": "CVE-2026-27145", "id": "CVE-2026-27145", "initial_release_date": "2026-06-02T22:01:36.954000+00:00", "source": "Red Hat CSAF VEX", "status": "final", "title": "crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27145.json", "version": "3", "product_status": {"fixed": 141, "known_affected": 115, "known_not_affected": 334, "under_investigation": 38}, "imported": 1784093324.0, "vulnerability_id": "CVE-2026-27145", "vulnerability_url": "/vuln/CVE-2026-27145"}]}
