VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221826 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-8925 | microsoft_vex | SASL double-free | known not affected: 3 | 2026-07-09T01:49:49+00:00 | Vulnerability · Source |
| CVE-2026-8927 | microsoft_vex | env-set cross-proxy Digest auth state leak | known affected: 2 known not affected: 4 | 2026-07-09T01:49:26+00:00 | Vulnerability · Source |
| CVE-2026-9080 | microsoft_vex | UAF after pause in socket callback | known not affected: 3 | 2026-07-09T01:49:11+00:00 | Vulnerability · Source |
| CVE-2026-12064 | microsoft_vex | proto-default skips SSH verification | known affected: 1 known not affected: 2 | 2026-07-09T01:48:39+00:00 | Vulnerability · Source |
| CVE-2026-8458 | microsoft_vex | wrong reuse for different services | known affected: 2 known not affected: 4 | 2026-07-09T01:48:27+00:00 | Vulnerability · Source |
| CVE-2026-46252 | microsoft_vex | regulator: core: fix locking in regulator_resolve_supply() error path | fixed: 1 known affected: 3 | 2026-07-09T01:48:25+00:00 | Vulnerability · Source |
| CVE-2026-8924 | microsoft_vex | trailing dot domain super cookie | known affected: 2 known not affected: 4 | 2026-07-09T01:48:07+00:00 | Vulnerability · Source |
| CVE-2026-46242 | microsoft_vex | eventpoll: fix ep_remove struct eventpoll / struct file UAF | fixed: 1 known affected: 1 under investigation: 2 | 2026-07-09T01:48:05+00:00 | Vulnerability · Source |
| CVE-2026-46135 | microsoft_vex | nvmet-tcp: fix race between ICReq handling and queue teardown | fixed: 1 known affected: 3 | 2026-07-09T01:47:55+00:00 | Vulnerability · Source |
| CVE-2026-11856 | microsoft_vex | cross-origin Digest auth state leak | known affected: 2 known not affected: 4 | 2026-07-09T01:47:43+00:00 | Vulnerability · Source |
| CVE-2026-46054 | microsoft_vex | selinux: fix overlayfs mmap() and mprotect() access checks | fixed: 1 known affected: 3 | 2026-07-09T01:47:35+00:00 | Vulnerability · Source |
| CVE-2026-9547 | microsoft_vex | SSH improper host validation | known not affected: 6 | 2026-07-09T01:47:17+00:00 | Vulnerability · Source |
| CVE-2026-8932 | microsoft_vex | incomplete mTLS config matching in conn reuse | known affected: 2 known not affected: 4 | 2026-07-09T01:46:48+00:00 | Vulnerability · Source |
| CVE-2026-9545 | microsoft_vex | exposing HTTP/3 early data | known affected: 1 known not affected: 3 | 2026-07-09T01:46:22+00:00 | Vulnerability · Source |
| CVE-2026-53167 | microsoft_vex | fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios | fixed: 1 known affected: 2 | 2026-07-09T01:46:14+00:00 | Vulnerability · Source |
| CVE-2026-9079 | microsoft_vex | stale proxy password leak | known affected: 2 known not affected: 3 | 2026-07-09T01:46:04+00:00 | Vulnerability · Source |
| CVE-2026-4360 | microsoft_vex | Tarfile.extract() doesn't fully respect filter parameter | known affected: 1 known not affected: 1 | 2026-07-09T01:45:43+00:00 | Vulnerability · Source |
| CVE-2026-53339 | microsoft_vex | i2c: qcom-cci: Fix NULL pointer dereference in cci_remove() | known not affected: 1 | 2026-07-09T01:45:03+00:00 | Vulnerability · Source |
| CVE-2026-53336 | microsoft_vex | nvmem: layouts: onie-tlv: fix hang on unknown types | known not affected: 1 | 2026-07-09T01:44:34+00:00 | Vulnerability · Source |
| CVE-2026-53327 | microsoft_vex | debugobjects: Do not fill_pool() if pi_blocked_on | known not affected: 1 | 2026-07-09T01:44:25+00:00 | Vulnerability · Source |
| CVE-2026-53332 | microsoft_vex | slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd | known not affected: 1 | 2026-07-09T01:44:16+00:00 | Vulnerability · Source |
| CVE-2026-43010 | microsoft_vex | bpf: Reject sleepable kprobe_multi programs at attach time | fixed: 1 known affected: 6 | 2026-07-09T01:44:14+00:00 | Vulnerability · Source |
| CVE-2026-53345 | microsoft_vex | KVM: Don't WARN if memory is dirtied without a vCPU when the VM is dying | fixed: 1 known affected: 1 | 2026-07-09T01:44:09+00:00 | Vulnerability · Source |
| CVE-2026-53354 | microsoft_vex | arm64: errata: Mitigate TLBI errata on various Arm CPUs | fixed: 1 known affected: 1 | 2026-07-09T01:44:00+00:00 | Vulnerability · Source |
| CVE-2026-23278 | microsoft_vex | netfilter: nf_tables: always walk all pending catchall elements | fixed: 1 known affected: 8 | 2026-07-09T01:43:38+00:00 | Vulnerability · Source |
| CVE-2026-58055 | microsoft_vex | nghttp2 nghttpx - HTTP Request/Response Smuggling via Upgrade Request with Content-Length | known not affected: 4 | 2026-07-09T01:43:14+00:00 | Vulnerability · Source |
| CVE-2025-61727 | microsoft_vex | Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509 | known affected: 14 known not affected: 7 | 2026-07-09T01:42:39+00:00 | Vulnerability · Source |
| CVE-2026-47241 | microsoft_vex | Net::IMAP: Denial of Service via incomplete raw argument validation | known not affected: 1 | 2026-07-09T01:42:15+00:00 | Vulnerability · Source |
| CVE-2025-58188 | microsoft_vex | Panic when validating certificates with DSA public keys in crypto/x509 | known affected: 17 known not affected: 7 | 2026-07-09T01:41:05+00:00 | Vulnerability · Source |
| CVE-2025-61724 | microsoft_vex | Excessive CPU consumption in Reader.ReadResponse in net/textproto | known affected: 17 known not affected: 7 | 2026-07-09T01:40:56+00:00 | Vulnerability · Source |
| CVE-2026-46140 | microsoft_vex | Bluetooth: btmtk: validate WMT event SKB length before struct access | fixed: 1 known affected: 1 under investigation: 1 | 2026-07-09T01:40:47+00:00 | Vulnerability · Source |
| CVE-2026-46331 | microsoft_vex | net/sched: fix pedit partial COW leading to page cache corruption | fixed: 1 known affected: 3 | 2026-07-09T01:40:26+00:00 | Vulnerability · Source |
| CVE-2025-23131 | microsoft_vex | dlm: prevent NPD when writing a positive value to event_done | fixed: 1 known affected: 17 under investigation: 2 | 2026-07-09T01:40:16+00:00 | Vulnerability · Source |
| CVE-2026-55798 | redhat_vex | python-pillow: Pillow: Arbitrary command injection via shell metacharacters in file paths | known not affected: 89 | 2026-07-09T01:29:36+00:00 | Vulnerability · Source |
| CVE-2026-38969 | microsoft_vex | ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling. | known affected: 2 | 2026-07-09T01:02:55+00:00 | Vulnerability · Source |
| CVE-2026-38968 | microsoft_vex | ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding session cookies under attacker-controlled timing. | known affected: 1 | 2026-07-09T01:02:45+00:00 | Vulnerability · Source |
| CVE-2026-14191 | microsoft_vex | WinRAR / UnRAR RAR5 recovery-volume (.rev) out-of-bounds heap write in RecVolumes5::ReadHeader | known affected: 1 | 2026-07-09T01:02:39+00:00 | Vulnerability · Source |
| CVE-2026-55999 | microsoft_vex | xorg-server / xwayland glamor font atlas Heap Buffer Overflow | known affected: 1 | 2026-07-09T01:02:20+00:00 | Vulnerability · Source |
| CVE-2026-56002 | microsoft_vex | libXfont2 PCF Font Parsing Heap Buffer Overflow | known affected: 1 | 2026-07-09T01:02:13+00:00 | Vulnerability · Source |
| CVE-2026-56003 | microsoft_vex | libXfont2 computeProps Property Buffer Heap Buffer Overflow | known affected: 1 | 2026-07-09T01:02:07+00:00 | Vulnerability · Source |
| CVE-2026-56001 | microsoft_vex | libXfont2 BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow | known affected: 1 | 2026-07-09T01:02:00+00:00 | Vulnerability · Source |
| CVE-2026-60002 | microsoft_vex | ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.) | known affected: 1 | 2026-07-09T01:01:53+00:00 | Vulnerability · Source |
| CVE-2026-59999 | microsoft_vex | In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not. | known affected: 1 | 2026-07-09T01:01:47+00:00 | Vulnerability · Source |
| CVE-2026-60000 | microsoft_vex | sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries was mishandled for GSSAPIAuthentication. | known affected: 1 | 2026-07-09T01:01:41+00:00 | Vulnerability · Source |
| CVE-2026-60001 | microsoft_vex | sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay. | known affected: 1 | 2026-07-09T01:01:35+00:00 | Vulnerability · Source |
| CVE-2026-59995 | microsoft_vex | sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server. | known affected: 1 | 2026-07-09T01:01:28+00:00 | Vulnerability · Source |
| CVE-2026-59996 | microsoft_vex | scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations. | known affected: 1 | 2026-07-09T01:01:22+00:00 | Vulnerability · Source |
| CVE-2026-59997 | microsoft_vex | internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection. | known affected: 1 | 2026-07-09T01:01:15+00:00 | Vulnerability · Source |
| CVE-2026-6587 | redhat_vex | vibrantlabsai RAGAS: vibrantlabsai RAGAS: Server-Side Request Forgery via retrieved_contexts argument manipulation | known not affected: 1 | 2026-07-08T23:14:48+00:00 | Vulnerability · Source |
| CVE-2026-55195 | redhat_vex | py7zr: py7zr: Denial of Service via decompression bomb in 7zip archive extraction | known not affected: 1 | 2026-07-08T22:28:59+00:00 | Vulnerability · Source |