VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221665 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-0915 | redhat_vex | glibc: glibc: Information disclosure via zero-valued network query | fixed: 2047 known affected: 22 known not affected: 1008 | 2026-07-15T13:10:24+00:00 | Vulnerability · Source |
| CVE-2025-5278 | redhat_vex | coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification | fixed: 75 known affected: 8 known not affected: 11 | 2026-07-15T13:10:22+00:00 | Vulnerability · Source |
| CVE-2026-45447 | redhat_vex | openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() | fixed: 265 known affected: 14 known not affected: 42 under investigation: 4 | 2026-07-15T13:09:50+00:00 | Vulnerability · Source |
| CVE-2026-4878 | redhat_vex | libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() | fixed: 363 known affected: 7 known not affected: 3 under investigation: 1 | 2026-07-15T13:09:49+00:00 | Vulnerability · Source |
| CVE-2026-25679 | redhat_vex | net/url: Incorrect parsing of IPv6 host literals in net/url | fixed: 8878 known affected: 165 known not affected: 4229 under investigation: 1 | 2026-07-15T13:07:00+00:00 | Vulnerability · Source |
| CVE-2026-15779 | redhat_vex | samba-winbind: samba: pam_winbind mkhomedir chowns critical system paths without validation | known affected: 5 | 2026-07-15T13:06:57+00:00 | Vulnerability · Source |
| CVE-2026-34986 | redhat_vex | github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object | fixed: 1888 known affected: 171 known not affected: 10842 under investigation: 1 | 2026-07-15T13:06:44+00:00 | Vulnerability · Source |
| CVE-2026-15809 | redhat_vex | github.com/cri-o/cri-o: Fix Bypass for CVE-2022-4318 — /etc/passwd Injection via HOME env | under investigation: 5 | 2026-07-15T13:06:41+00:00 | Vulnerability · Source |
| CVE-2026-59874 | redhat_vex | tar: Node-tar: Denial of Service via malformed tar archive header | known affected: 144 known not affected: 23 | 2026-07-15T13:01:00+00:00 | Vulnerability · Source |
| CVE-2026-59873 | redhat_vex | tar: node-tar: Denial of Service via crafted gzip bomb | known affected: 143 known not affected: 24 | 2026-07-15T13:00:57+00:00 | Vulnerability · Source |
| CVE-2026-11525 | redhat_vex | undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header | fixed: 156 known affected: 47 | 2026-07-15T12:50:14+00:00 | Vulnerability · Source |
| CVE-2026-3832 | redhat_vex | gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response | fixed: 209 known affected: 7 known not affected: 20 under investigation: 1 | 2026-07-15T12:50:11+00:00 | Vulnerability · Source |
| CVE-2025-21834 | redhat_vex | kernel: seccomp: passthrough uretprobe systemcall without filtering | known affected: 104 known not affected: 170 | 2026-07-15T12:50:10+00:00 | Vulnerability · Source |
| CVE-2026-53537 | redhat_vex | multipart: Python-Multipart: Information disclosure via header parsing discrepancy | known affected: 52 known not affected: 2 | 2026-07-15T12:50:07+00:00 | Vulnerability · Source |
| CVE-2026-6733 | redhat_vex | undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery. | fixed: 156 known affected: 47 | 2026-07-15T12:50:06+00:00 | Vulnerability · Source |
| CVE-2026-33551 | redhat_vex | openstack-keystone: OpenStack Keystone: Privilege escalation through EC2 credential creation | fixed: 6 known affected: 6 known not affected: 11 | 2026-07-15T12:50:05+00:00 | Vulnerability · Source |
| CVE-2026-25680 | redhat_vex | golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing | fixed: 144 known affected: 489 known not affected: 170 under investigation: 2 | 2026-07-15T12:49:55+00:00 | Vulnerability · Source |
| CVE-2026-42257 | redhat_vex | net-imap: Net::IMAP: Arbitrary IMAP command injection via CRLF sequences in unvalidated input | fixed: 8 known affected: 134 | 2026-07-15T12:49:32+00:00 | Vulnerability · Source |
| CVE-2026-46635 | redhat_vex | twig/twig: Twig: Information disclosure via column filter in template language | known not affected: 1 | 2026-07-15T12:49:31+00:00 | Vulnerability · Source |
| CVE-2026-47730 | redhat_vex | twig/twig: Twig: Cross-site Scripting (XSS) vulnerability in HTML profiler dump | known not affected: 1 | 2026-07-15T12:49:30+00:00 | Vulnerability · Source |
| CVE-2026-48808 | redhat_vex | twig/twig: Twig: Information Disclosure via Sandbox Bypass in Column Filter | known not affected: 1 | 2026-07-15T12:49:30+00:00 | Vulnerability · Source |
| CVE-2026-5078 | redhat_vex | morgan: morgan: Log forgery due to unneutralized control characters | fixed: 4 known affected: 19 under investigation: 8 | 2026-07-15T12:49:30+00:00 | Vulnerability · Source |
| CVE-2026-48805 | redhat_vex | twig/twig: Twig: Sandbox bypass vulnerability via deprecated internal wrappers | known not affected: 1 | 2026-07-15T12:49:28+00:00 | Vulnerability · Source |
| CVE-2026-47240 | redhat_vex | net-imap: Net::IMAP: Command injection via non-synchronizing literals | known affected: 126 known not affected: 10 | 2026-07-15T12:49:26+00:00 | Vulnerability · Source |
| CVE-2026-9679 | redhat_vex | undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding | fixed: 4 known affected: 73 | 2026-07-15T12:49:23+00:00 | Vulnerability · Source |
| CVE-2026-48817 | redhat_vex | starlette: Starlette: Information disclosure and unintended method execution via non-standard HTTP methods | known affected: 72 known not affected: 2 | 2026-07-15T12:49:22+00:00 | Vulnerability · Source |
| CVE-2026-9678 | redhat_vex | undici: Undici: Information disclosure due to improper cache-control header parsing | fixed: 164 known affected: 37 known not affected: 8 | 2026-07-15T12:49:20+00:00 | Vulnerability · Source |
| CVE-2026-47241 | redhat_vex | net-imap: rubygem-net-imap: Net::IMAP: Denial of Service via malformed command input | fixed: 8 known affected: 1 known not affected: 133 | 2026-07-15T12:49:17+00:00 | Vulnerability · Source |
| CVE-2026-53539 | redhat_vex | python-multipart: Python-Multipart: Denial of Service via crafted form-urlencoded bodies | known affected: 10 known not affected: 2 | 2026-07-15T12:49:16+00:00 | Vulnerability · Source |
| CVE-2026-40683 | redhat_vex | OpenStack Keystone: OpenStack Keystone: Unauthorized access due to incorrect LDAP user status handling | fixed: 3 known affected: 8 known not affected: 1 | 2026-07-15T12:48:59+00:00 | Vulnerability · Source |
| CVE-2026-32281 | redhat_vex | crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation | fixed: 1127 known affected: 260 known not affected: 1104 | 2026-07-15T12:48:48+00:00 | Vulnerability · Source |
| CVE-2026-32282 | redhat_vex | golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root | fixed: 1168 known affected: 191 known not affected: 1798 | 2026-07-15T12:48:45+00:00 | Vulnerability · Source |
| CVE-2026-15308 | redhat_vex | python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations | fixed: 235 known affected: 72 known not affected: 34 | 2026-07-15T12:47:37+00:00 | Vulnerability · Source |
| CVE-2025-58183 | redhat_vex | golang: archive/tar: Unbounded allocation when parsing GNU sparse map | fixed: 8840 known affected: 129 known not affected: 8191 | 2026-07-15T12:44:12+00:00 | Vulnerability · Source |
| CVE-2024-24786 | redhat_vex | golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON | fixed: 2012 known affected: 115 known not affected: 11938 under investigation: 58 | 2026-07-15T12:39:25+00:00 | Vulnerability · Source |
| CVE-2022-41724 | redhat_vex | golang: crypto/tls: large handshake records may cause panics | fixed: 1716 known affected: 86 known not affected: 2714 | 2026-07-15T12:39:13+00:00 | Vulnerability · Source |
| CVE-2022-41723 | redhat_vex | golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding | fixed: 1546 known affected: 288 known not affected: 11950 | 2026-07-15T12:38:58+00:00 | Vulnerability · Source |
| CVE-2022-30631 | redhat_vex | golang: compress/gzip: stack exhaustion in Reader.Read | fixed: 4253 known affected: 91 known not affected: 2159 | 2026-07-15T12:38:53+00:00 | Vulnerability · Source |
| CVE-2025-61728 | redhat_vex | golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip | fixed: 6567 known affected: 110 known not affected: 4103 | 2026-07-15T12:38:48+00:00 | Vulnerability · Source |
| CVE-2025-68121 | redhat_vex | crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption | fixed: 6918 known affected: 203 known not affected: 3880 under investigation: 42 | 2026-07-15T12:37:59+00:00 | Vulnerability · Source |
| CVE-2026-39831 | redhat_vex | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check | fixed: 128 known affected: 174 known not affected: 115 under investigation: 74 | 2026-07-15T12:36:41+00:00 | Vulnerability · Source |
| CVE-2026-53633 | redhat_vex | @vitest/browser: vite-plus: Vitest: Remote code execution via exposed Chrome DevTools Protocol API | known not affected: 1 | 2026-07-15T12:35:56+00:00 | Vulnerability · Source |
| CVE-2026-32280 | redhat_vex | crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building | fixed: 2572 known affected: 186 known not affected: 2792 | 2026-07-15T12:32:57+00:00 | Vulnerability · Source |
| CVE-2026-49978 | redhat_vex | dompurify: DOMPurify: Cross-site scripting vulnerability allows code execution | known affected: 13 under investigation: 34 | 2026-07-15T12:32:55+00:00 | Vulnerability · Source |
| CVE-2026-47423 | redhat_vex | dompurify: DOMPurify: Cross-site scripting vulnerability allows information disclosure | known affected: 1 known not affected: 9 under investigation: 37 | 2026-07-15T12:32:52+00:00 | Vulnerability · Source |
| CVE-2025-52881 | redhat_vex | runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects | fixed: 2379 known affected: 45 known not affected: 4060 | 2026-07-15T12:32:47+00:00 | Vulnerability · Source |
| CVE-2026-50651 | redhat_vex | dotnet: SocketsHttpHandler Http2Connection - HTTP/2 SETTINGS/PING ACK flood causing OOM | fixed: 6 known affected: 10 known not affected: 17 under investigation: 130 | 2026-07-15T12:32:42+00:00 | Vulnerability · Source |
| CVE-2026-39828 | redhat_vex | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions | fixed: 241 known affected: 153 known not affected: 404 under investigation: 1 | 2026-07-15T12:32:23+00:00 | Vulnerability · Source |
| CVE-2026-23490 | redhat_vex | pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID | fixed: 1821 known affected: 26 known not affected: 6113 | 2026-07-15T12:32:07+00:00 | Vulnerability · Source |
| CVE-2026-25681 | redhat_vex | golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting | fixed: 290 known affected: 414 known not affected: 523 under investigation: 2 | 2026-07-15T12:31:25+00:00 | Vulnerability · Source |