VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221679 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2025-69873 | redhat_vex | ajv: ReDoS via $data reference | fixed: 89 known affected: 41 known not affected: 4653 | 2026-07-15T16:31:12+00:00 | Vulnerability · Source |
| CVE-2025-13465 | redhat_vex | lodash: prototype pollution in _.unset and _.omit functions | fixed: 430 known affected: 307 known not affected: 11999 | 2026-07-15T16:30:57+00:00 | Vulnerability · Source |
| CVE-2026-44496 | redhat_vex | axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name | fixed: 111 known affected: 37 known not affected: 3044 | 2026-07-15T16:27:01+00:00 | Vulnerability · Source |
| CVE-2026-59733 | redhat_vex | rclone: Rclone: Unauthorized access to private repositories via directory traversal | known not affected: 1 | 2026-07-15T16:26:09+00:00 | Vulnerability · Source |
| CVE-2026-53359 | redhat_vex | kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role | fixed: 1808 known affected: 51 known not affected: 15 | 2026-07-15T16:24:28+00:00 | Vulnerability · Source |
| CVE-2026-53166 | redhat_vex | kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock | fixed: 1110 known affected: 50 known not affected: 14 | 2026-07-15T16:24:26+00:00 | Vulnerability · Source |
| CVE-2026-46113 | redhat_vex | kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN | fixed: 963 known affected: 22 known not affected: 42 | 2026-07-15T16:24:22+00:00 | Vulnerability · Source |
| CVE-2026-43027 | redhat_vex | kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup | fixed: 1858 known affected: 36 known not affected: 28 | 2026-07-15T16:24:22+00:00 | Vulnerability · Source |
| CVE-2026-43499 | redhat_vex | kernel: rtmutex: Use waiter::task instead of current in remove_waiter() | fixed: 1110 known affected: 64 | 2026-07-15T16:24:22+00:00 | Vulnerability · Source |
| CVE-2026-44172 | redhat_vex | mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string() | fixed: 4 known affected: 10 known not affected: 130 | 2026-07-15T16:21:09+00:00 | Vulnerability · Source |
| CVE-2026-48526 | redhat_vex | python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens | fixed: 815 known affected: 56 known not affected: 572 | 2026-07-15T16:11:09+00:00 | Vulnerability · Source |
| CVE-2026-46209 | redhat_vex | kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() | fixed: 812 known affected: 22 known not affected: 42 | 2026-07-15T15:59:43+00:00 | Vulnerability · Source |
| CVE-2026-46135 | redhat_vex | kernel: nvmet-tcp: fix race between ICReq handling and queue teardown | fixed: 1625 known affected: 22 known not affected: 42 | 2026-07-15T15:59:36+00:00 | Vulnerability · Source |
| CVE-2026-31684 | redhat_vex | kernel: net: sched: act_csum: validate nested VLAN headers | fixed: 812 known affected: 50 known not affected: 14 | 2026-07-15T15:59:31+00:00 | Vulnerability · Source |
| CVE-2026-31613 | redhat_vex | kernel: smb: client: fix OOB reads parsing symlink error response | fixed: 812 known affected: 22 known not affected: 42 | 2026-07-15T15:59:27+00:00 | Vulnerability · Source |
| CVE-2025-68183 | redhat_vex | kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr | fixed: 1858 known affected: 33 known not affected: 31 | 2026-07-15T15:59:26+00:00 | Vulnerability · Source |
| CVE-2026-46189 | redhat_vex | kernel: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path | fixed: 1551 known affected: 50 known not affected: 14 | 2026-07-15T15:59:23+00:00 | Vulnerability · Source |
| CVE-2026-40898 | redhat_vex | github.com/quic-go/quic-go: quic-go: Denial of Service via excessive memory allocation in HTTP/3 trailers | fixed: 3 known affected: 15 known not affected: 10 | 2026-07-15T15:52:03+00:00 | Vulnerability · Source |
| CVE-2026-33815 | redhat_vex | github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability | fixed: 106 known affected: 58 known not affected: 565 | 2026-07-15T15:51:38+00:00 | Vulnerability · Source |
| CVE-2026-54283 | redhat_vex | starlette: Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS | fixed: 3 known affected: 60 known not affected: 11 | 2026-07-15T15:51:31+00:00 | Vulnerability · Source |
| CVE-2026-53488 | redhat_vex | github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin | fixed: 56 known affected: 162 known not affected: 176 | 2026-07-15T15:47:22+00:00 | Vulnerability · Source |
| CVE-2026-29181 | redhat_vex | github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers | fixed: 4 known affected: 6 known not affected: 124 under investigation: 2 | 2026-07-15T15:46:05+00:00 | Vulnerability · Source |
| CVE-2026-52725 | redhat_vex | @angular/core: @angular/core: Cross-Site Scripting (XSS) via dynamic component creation bypass | known affected: 3 known not affected: 79 | 2026-07-15T15:41:29+00:00 | Vulnerability · Source |
| CVE-2026-54268 | redhat_vex | @angular/common: Angular @angular/common: Denial of Service via crafted date format string | known affected: 1 known not affected: 81 | 2026-07-15T15:41:21+00:00 | Vulnerability · Source |
| CVE-2026-49477 | redhat_vex | soupsieve: Soupsieve: Denial of Service via crafted CSS selector strings | fixed: 5 known affected: 27 known not affected: 2 under investigation: 8 | 2026-07-15T15:31:28+00:00 | Vulnerability · Source |
| CVE-2026-49476 | redhat_vex | soupsieve: python-soupsieve: Soupsieve: Denial of Service via crafted CSS selector string | fixed: 5 known affected: 39 known not affected: 1 | 2026-07-15T15:31:24+00:00 | Vulnerability · Source |
| CVE-2026-28390 | redhat_vex | openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing | fixed: 301 known affected: 307 known not affected: 283 under investigation: 7 | 2026-07-15T15:21:36+00:00 | Vulnerability · Source |
| CVE-2026-54399 | redhat_vex | org.apache.httpcomponents.core5/httpcore5: Apache HttpComponents Core: Denial of Service via excessive HTTP headers | known affected: 50 known not affected: 15 | 2026-07-15T15:21:29+00:00 | Vulnerability · Source |
| CVE-2026-0636 | redhat_vex | bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java | fixed: 29 known affected: 30 known not affected: 293 | 2026-07-15T15:21:24+00:00 | Vulnerability · Source |
| CVE-2025-14813 | redhat_vex | bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly | fixed: 31 known affected: 33 known not affected: 496 | 2026-07-15T15:21:22+00:00 | Vulnerability · Source |
| CVE-2026-5588 | redhat_vex | bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid | fixed: 131 known affected: 18 known not affected: 185 | 2026-07-15T15:21:19+00:00 | Vulnerability · Source |
| CVE-2026-50193 | redhat_vex | jackson-databind: Jackson-databind: Denial of Service via deeply nested JSON processing | known affected: 66 known not affected: 94 | 2026-07-15T15:12:30+00:00 | Vulnerability · Source |
| CVE-2026-9073 | redhat_vex | foreman-mcp-server: MCP Server: Insecure Sensitive HTTP Header Sanitization | fixed: 2 | 2026-07-15T15:08:51+00:00 | Vulnerability · Source |
| CVE-2026-10879 | redhat_vex | perl-DBI: perl-DBI: Heap overflow in SQL preparsing can lead to denial of service or arbitrary code execution. | known affected: 10 | 2026-07-15T15:08:47+00:00 | Vulnerability · Source |
| CVE-2026-47429 | redhat_vex | vitest: Vitest: Arbitrary code execution and information disclosure via path traversal | fixed: 3 known not affected: 9 | 2026-07-15T15:04:44+00:00 | Vulnerability · Source |
| CVE-2026-47428 | redhat_vex | vitest: Vitest: Arbitrary code execution via crafted browser-runner URL | fixed: 3 known not affected: 7 | 2026-07-15T15:04:43+00:00 | Vulnerability · Source |
| CVE-2026-9698 | redhat_vex | DBI: DBI: Buffer overflow in error handling can lead to arbitrary code execution | fixed: 52 known affected: 4 | 2026-07-15T15:01:08+00:00 | Vulnerability · Source |
| CVE-2026-58494 | redhat_vex | wasmtime: Wasmtime: Overwrite host files via insufficient permission checks in wasmtime-wasi | known affected: 3 | 2026-07-15T15:00:20+00:00 | Vulnerability · Source |
| CVE-2026-48525 | redhat_vex | python-pyjwt: PyJWT: Denial of Service via processing of crafted detached JWS tokens | known affected: 192 known not affected: 6 | 2026-07-15T15:00:12+00:00 | Vulnerability · Source |
| CVE-2026-48523 | redhat_vex | python-pyjwt: PyJWT: Verifier-side algorithm bypass leads to unauthorized information access | known affected: 180 known not affected: 18 | 2026-07-15T15:00:07+00:00 | Vulnerability · Source |
| CVE-2026-44216 | redhat_vex | wasmtime: Wasmtime: Denial of Service via large WebAssembly table allocation | known affected: 1 known not affected: 1 | 2026-07-15T14:59:30+00:00 | Vulnerability · Source |
| CVE-2026-59869 | redhat_vex | js-yaml: js-yaml: Denial of Service via crafted YAML documents | fixed: 23 known affected: 67 known not affected: 4 under investigation: 122 | 2026-07-15T14:59:18+00:00 | Vulnerability · Source |
| CVE-2026-53492 | redhat_vex | github.com/containerd/containerd: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration. | fixed: 13 known affected: 203 known not affected: 79 | 2026-07-15T14:57:09+00:00 | Vulnerability · Source |
| CVE-2026-5260 | redhat_vex | gnutls: gnutls: Information disclosure via heap overread in RSA key exchange | fixed: 700 known affected: 6 known not affected: 61 under investigation: 1 | 2026-07-15T14:56:52+00:00 | Vulnerability · Source |
| CVE-2026-48801 | redhat_vex | linkify-it: linkify-it: Denial of Service via algorithmic complexity vulnerability | known affected: 21 under investigation: 8 | 2026-07-15T14:52:17+00:00 | Vulnerability · Source |
| CVE-2026-53034 | redhat_vex | kernel: bpf, sockmap: Fix af_unix null-ptr-deref in proto update | known affected: 184 known not affected: 90 | 2026-07-15T14:48:58+00:00 | Vulnerability · Source |
| CVE-2026-53035 | redhat_vex | kernel: bpf, sockmap: Fix af_unix iter deadlock | known affected: 198 known not affected: 76 | 2026-07-15T14:48:58+00:00 | Vulnerability · Source |
| CVE-2026-42503 | redhat_vex | golang.org/x/tools/gopls: golang: gopls: Arbitrary code execution due to insecure network binding | fixed: 8 known not affected: 1 | 2026-07-15T14:42:53+00:00 | Vulnerability · Source |
| CVE-2025-58188 | redhat_vex | crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 | fixed: 8 known affected: 9 known not affected: 47 under investigation: 355 | 2026-07-15T14:42:32+00:00 | Vulnerability · Source |
| CVE-2026-53028 | redhat_vex | kernel: usb: typec: Fix error pointer dereference | known affected: 184 known not affected: 90 | 2026-07-15T14:40:58+00:00 | Vulnerability · Source |