VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221821 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-42043 | redhat_vex | axios: Axios: NO_PROXY bypass via crafted URL | fixed: 142 known affected: 34 known not affected: 2451 | 2026-07-09T20:58:23+00:00 | Vulnerability · Source |
| CVE-2026-42033 | redhat_vex | axios: Axios: HTTP Transport Hijacking via Prototype Pollution | fixed: 142 known affected: 40 known not affected: 2446 | 2026-07-09T20:58:06+00:00 | Vulnerability · Source |
| CVE-2026-40895 | redhat_vex | follow-redirects: follow-redirects: Information disclosure via cross-domain redirects | fixed: 187 known affected: 43 known not affected: 2942 | 2026-07-09T20:58:00+00:00 | Vulnerability · Source |
| CVE-2026-59936 | redhat_vex | pypdf: pypdf: Denial of Service via crafted PDF inline image | known affected: 11 | 2026-07-09T20:55:00+00:00 | Vulnerability · Source |
| CVE-2026-13320 | redhat_vex | gitlab: GitLab: Arbitrary script execution via improper input sanitization | known not affected: 4 | 2026-07-09T20:45:24+00:00 | Vulnerability · Source |
| CVE-2026-11623 | redhat_vex | tmux: tmux: Use-after-free vulnerability | known affected: 5 | 2026-07-09T20:38:41+00:00 | Vulnerability · Source |
| CVE-2026-14940 | redhat_vex | 389-ds-base: 389-ds-base: heap-buffer-overflow in DN normalization via quoted multivalued RDN | known affected: 33 | 2026-07-09T20:38:21+00:00 | Vulnerability · Source |
| CVE-2026-44663 | redhat_vex | OpenEXR: OpenEXR: Denial of Service via crafted HTJ2K-compressed EXR file | known affected: 18 | 2026-07-09T20:33:34+00:00 | Vulnerability · Source |
| CVE-2026-52908 | redhat_vex | kernel: RDMA: During rereg_mr ensure that REREG_ACCESS is compatible | known affected: 246 known not affected: 28 | 2026-07-09T20:27:19+00:00 | Vulnerability · Source |
| CVE-2026-53655 | redhat_vex | node-tar: node-tar: File smuggling due to inconsistent tar archive parsing | known affected: 356 | 2026-07-09T20:27:15+00:00 | Vulnerability · Source |
| CVE-2026-14969 | redhat_vex | 389-ds-base: 389-ds-base: Static initialization vector in AES-CBC/3DES-CBC attribute encryption | known affected: 33 | 2026-07-09T20:27:14+00:00 | Vulnerability · Source |
| CVE-2026-15163 | redhat_vex | wireshark: Wireshark: Denial of Service via multiple protocol dissector infinite loops | known affected: 20 | 2026-07-09T20:27:09+00:00 | Vulnerability · Source |
| CVE-2026-15169 | redhat_vex | wireshark: Wireshark: Denial of Service via UMTS FP protocol dissector crash | known affected: 20 | 2026-07-09T20:22:07+00:00 | Vulnerability · Source |
| CVE-2026-15167 | redhat_vex | wireshark: Wireshark: Denial of Service via DBS Etherwatch file parser crash | known affected: 20 | 2026-07-09T20:22:04+00:00 | Vulnerability · Source |
| CVE-2026-15166 | redhat_vex | Wireshark: Wireshark: Denial of Service via IEEE 802.11 protocol dissector crash | known affected: 4 | 2026-07-09T20:22:00+00:00 | Vulnerability · Source |
| CVE-2026-56001 | redhat_vex | libXfont2: BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow | known affected: 9 | 2026-07-09T19:57:52+00:00 | Vulnerability · Source |
| CVE-2026-15168 | redhat_vex | wireshark: Wireshark: Information disclosure in BLF file parser | known affected: 20 | 2026-07-09T19:34:49+00:00 | Vulnerability · Source |
| CVE-2026-44827 | redhat_vex | diffusers: Diffusers: Arbitrary Code Execution via malicious model loading | known affected: 13 known not affected: 5 | 2026-07-09T19:15:10+00:00 | Vulnerability · Source |
| CVE-2026-42006 | redhat_vex | dovecot: Dovecot: Denial of Service via excessive IMAP bracing | known affected: 30 | 2026-07-09T18:46:22+00:00 | Vulnerability · Source |
| CVE-2026-56374 | redhat_vex | ImageMagick: ImageMagick: Denial of Service and Information Disclosure via heap buffer overflow in FTXT encoder | known affected: 14 | 2026-07-09T18:02:07+00:00 | Vulnerability · Source |
| CVE-2026-53422 | redhat_vex | erlang: ssh: Erlang OTP ssh: Information disclosure via SFTP REALPATH handler | fixed: 3 known affected: 42 | 2026-07-09T18:01:53+00:00 | Vulnerability · Source |
| CVE-2026-59998 | redhat_vex | openssh: OpenSSH: Undocumented GSSAPIStrictAcceptorCheck behavior impacts security in Windows Active Directory | fixed: 3 known affected: 41 | 2026-07-09T18:01:51+00:00 | Vulnerability · Source |
| CVE-2026-59995 | redhat_vex | openssh: OpenSSH: sftp client allows attacker to control downloaded file location | fixed: 3 known affected: 41 | 2026-07-09T18:01:51+00:00 | Vulnerability · Source |
| CVE-2026-60000 | redhat_vex | openssh: OpenSSH: Denial of Service via excessive GSSAPI authentication attempts | fixed: 3 known affected: 41 | 2026-07-09T17:43:28+00:00 | Vulnerability · Source |
| CVE-2026-59999 | redhat_vex | openssh: OpenSSH sshd: Security bypass due to incorrect handling of forwarding and tunneling options | fixed: 3 known affected: 41 | 2026-07-09T17:43:26+00:00 | Vulnerability · Source |
| CVE-2026-59997 | redhat_vex | openssh: OpenSSH: SFTP security bypass due to command-line argument parsing flaw | fixed: 3 known affected: 41 | 2026-07-09T17:43:22+00:00 | Vulnerability · Source |
| CVE-2026-60002 | redhat_vex | openssh: OpenSSH: Use-after-free vulnerability during host key re-exchange on the client side | fixed: 3 known affected: 41 | 2026-07-09T17:43:12+00:00 | Vulnerability · Source |
| CVE-2026-46300 | redhat_vex | kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel | fixed: 2874 known not affected: 42 | 2026-07-09T17:38:55+00:00 | Vulnerability · Source |
| CVE-2026-43284 | redhat_vex | kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel | fixed: 3875 known not affected: 42 | 2026-07-09T17:38:49+00:00 | Vulnerability · Source |
| CVE-2026-41035 | redhat_vex | rsync: Rsync: Use-after-free vulnerability in extended attribute handling | fixed: 125 known not affected: 69 | 2026-07-09T17:38:45+00:00 | Vulnerability · Source |
| CVE-2026-40164 | redhat_vex | jq: jq: Denial of Service via crafted JSON object causing hash collisions | fixed: 362 | 2026-07-09T17:38:41+00:00 | Vulnerability · Source |
| CVE-2026-39979 | redhat_vex | jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers | fixed: 362 known affected: 2 known not affected: 2 | 2026-07-09T17:38:37+00:00 | Vulnerability · Source |
| CVE-2026-35385 | redhat_vex | OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode | fixed: 1012 known affected: 2 known not affected: 220 under investigation: 1 | 2026-07-09T17:38:36+00:00 | Vulnerability · Source |
| CVE-2026-35535 | redhat_vex | sudo: Sudo: Privilege escalation due to failure in privilege drop calls | fixed: 409 known not affected: 2 | 2026-07-09T17:38:33+00:00 | Vulnerability · Source |
| CVE-2026-41316 | redhat_vex | erb: ERB: Arbitrary code execution via deserialization bypass | fixed: 1349 known affected: 1 known not affected: 30 | 2026-07-09T17:38:08+00:00 | Vulnerability · Source |
| CVE-2026-27851 | redhat_vex | dovecot: Dovecot: SQL/LDAP injection via incorrect safe filter interpretation with variable expansion | known affected: 6 known not affected: 18 | 2026-07-09T16:30:27+00:00 | Vulnerability · Source |
| CVE-2026-35188 | redhat_vex | openssl: Double-free When Checking OCSP Stapled Response | known not affected: 61 | 2026-07-09T16:20:09+00:00 | Vulnerability · Source |
| CVE-2026-60001 | redhat_vex | openssh: OpenSSH: Brute-force attacks facilitated due to insufficient authentication delay | fixed: 3 known affected: 41 | 2026-07-09T15:32:27+00:00 | Vulnerability · Source |
| CVE-2026-34481 | redhat_vex | org.apache.logging.log4j: Apache Log4j JsonTemplateLayout: Denial of Service via invalid JSON output | fixed: 4 known affected: 9 known not affected: 3 | 2026-07-09T15:32:05+00:00 | Vulnerability · Source |
| CVE-2026-50633 | redhat_vex | apache-cxf: org.apache.cxf/cxf-integration-jca: Apache CXF: Arbitrary code execution via JNDI Injection | fixed: 1 known affected: 1 known not affected: 1 | 2026-07-09T15:31:11+00:00 | Vulnerability · Source |
| CVE-2026-50632 | redhat_vex | cxf: org.apache.cxf/cxf-rt-transports-jms: Apache CXF: Arbitrary code execution via untrusted JMS configuration | fixed: 1 known affected: 4 known not affected: 1 | 2026-07-09T15:31:06+00:00 | Vulnerability · Source |
| CVE-2026-50628 | redhat_vex | cxf: org.apache.cxf/cxf-rt-rs-security-oauth2: cxf: Unauthorized access due to logic error in OAuthRequestFilter | fixed: 1 known affected: 4 known not affected: 2 | 2026-07-09T15:31:02+00:00 | Vulnerability · Source |
| CVE-2026-50627 | redhat_vex | apache-cxf: org.apache.cxf/cxf-rt-rs-security-oauth2: Apache CXF: Token Confusion/Routing attacks due to improper validation of JWT audience claims | fixed: 1 known affected: 4 known not affected: 2 | 2026-07-09T15:31:01+00:00 | Vulnerability · Source |
| CVE-2026-50011 | redhat_vex | netty-codec-redis: Netty: Denial of Service via malicious Redis array header | fixed: 1 known affected: 4 known not affected: 1 | 2026-07-09T15:30:56+00:00 | Vulnerability · Source |
| CVE-2026-50010 | redhat_vex | netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass | fixed: 7 known affected: 35 known not affected: 17 | 2026-07-09T15:30:52+00:00 | Vulnerability · Source |
| CVE-2026-49875 | redhat_vex | cxf: org.apache.cxf/cxf-core: Apache CXF: Information disclosure via out-of-band external entity resolution due to missing JAXP hardening | fixed: 2 known affected: 7 | 2026-07-09T15:30:51+00:00 | Vulnerability · Source |
| CVE-2026-48059 | redhat_vex | netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers | fixed: 9 known affected: 27 known not affected: 66 | 2026-07-09T15:30:47+00:00 | Vulnerability · Source |
| CVE-2026-48043 | redhat_vex | netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak | fixed: 21 known affected: 33 known not affected: 56 | 2026-07-09T15:30:43+00:00 | Vulnerability · Source |
| CVE-2026-48006 | redhat_vex | netty-codec-redis: Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator | fixed: 1 known affected: 4 known not affected: 1 | 2026-07-09T15:30:42+00:00 | Vulnerability · Source |
| CVE-2026-47691 | redhat_vex | io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records | fixed: 5 known affected: 31 known not affected: 11 | 2026-07-09T15:30:37+00:00 | Vulnerability · Source |