VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221826 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-55206 | redhat_vex | py7zr: py7zr: Denial of Service via crafted .7z archives due to inefficient algorithmic complexity | known not affected: 1 | 2026-07-08T22:26:48+00:00 | Vulnerability · Source |
| CVE-2026-21941 | redhat_vex | mysql: Optimizer unspecified vulnerability (CPU Jan 2026) | fixed: 382 known not affected: 9 | 2026-07-08T22:22:12+00:00 | Vulnerability · Source |
| CVE-2026-21937 | redhat_vex | mysql: DDL unspecified vulnerability (CPU Jan 2026) | fixed: 382 known not affected: 9 | 2026-07-08T22:22:10+00:00 | Vulnerability · Source |
| CVE-2026-21964 | redhat_vex | mysql: Thread Pooling unspecified vulnerability (CPU Jan 2026) | fixed: 382 known not affected: 9 | 2026-07-08T22:22:08+00:00 | Vulnerability · Source |
| CVE-2026-21968 | redhat_vex | mysql: Optimizer unspecified vulnerability (CPU Jan 2026) | fixed: 824 known affected: 31 known not affected: 9 | 2026-07-08T22:22:03+00:00 | Vulnerability · Source |
| CVE-2026-21936 | redhat_vex | mysql: InnoDB unspecified vulnerability (CPU Jan 2026) | fixed: 382 known not affected: 9 | 2026-07-08T22:22:00+00:00 | Vulnerability · Source |
| CVE-2026-21948 | redhat_vex | mysql: Optimizer unspecified vulnerability (CPU Jan 2026) | fixed: 382 known not affected: 9 | 2026-07-08T22:21:55+00:00 | Vulnerability · Source |
| CVE-2026-3099 | redhat_vex | libsoup: Libsoup: Authentication bypass via digest authentication replay attack | known affected: 3 known not affected: 13 | 2026-07-08T22:16:55+00:00 | Vulnerability · Source |
| CVE-2026-28421 | redhat_vex | vim: Vim: Denial of service and information disclosure via crafted swap file | fixed: 648 known affected: 6 known not affected: 168 | 2026-07-08T22:16:54+00:00 | Vulnerability · Source |
| CVE-2026-27951 | redhat_vex | freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity | fixed: 586 known affected: 12 | 2026-07-08T22:16:51+00:00 | Vulnerability · Source |
| CVE-2026-28417 | redhat_vex | vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin | fixed: 628 known affected: 6 known not affected: 188 | 2026-07-08T22:16:37+00:00 | Vulnerability · Source |
| CVE-2026-27837 | redhat_vex | dottie.js: dottie.js: Unauthorized object modification via prototype pollution bypass | known affected: 1 known not affected: 17 | 2026-07-08T22:16:36+00:00 | Vulnerability · Source |
| CVE-2026-3201 | redhat_vex | wireshark: Improperly Controlled Sequential Memory Allocation in Wireshark | fixed: 74 known not affected: 16 | 2026-07-08T22:16:34+00:00 | Vulnerability · Source |
| CVE-2026-3203 | redhat_vex | wireshark: Buffer Over-read in Wireshark | fixed: 74 known not affected: 16 | 2026-07-08T22:16:32+00:00 | Vulnerability · Source |
| CVE-2025-15270 | redhat_vex | fontforge: FontForge: Remote Code Execution via malicious SFD file parsing | fixed: 90 known affected: 2 known not affected: 3 | 2026-07-08T22:16:07+00:00 | Vulnerability · Source |
| CVE-2025-12495 | redhat_vex | OpenEXR: OpenEXR: Remote Code Execution via malicious EXR file parsing | known affected: 3 known not affected: 9 | 2026-07-08T22:15:15+00:00 | Vulnerability · Source |
| CVE-2025-15279 | redhat_vex | fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing | fixed: 112 known affected: 2 | 2026-07-08T22:11:37+00:00 | Vulnerability · Source |
| CVE-2026-0810 | redhat_vex | gix-date: gix-date: Undefined behavior due to invalid string generation | known affected: 7 known not affected: 51 | 2026-07-08T22:07:36+00:00 | Vulnerability · Source |
| CVE-2025-15538 | redhat_vex | assimp: Assimp: Use-after-free vulnerability in FindUVChannels allows local impact | known not affected: 8 | 2026-07-08T22:07:35+00:00 | Vulnerability · Source |
| CVE-2025-14946 | redhat_vex | libnbd: libnbd: Arbitrary code execution via SSH argument injection through a malicious URI | known affected: 7 known not affected: 30 | 2026-07-08T22:07:24+00:00 | Vulnerability · Source |
| CVE-2026-21933 | redhat_vex | openjdk: Improve HttpServer Request handling (Oracle CPU 2026-01) | fixed: 3198 known affected: 45 | 2026-07-08T22:07:23+00:00 | Vulnerability · Source |
| CVE-2025-68615 | redhat_vex | net-snmp: buffer overflow via a specially crafted packet can cause a crash in snmptrapd | fixed: 589 known affected: 8 known not affected: 356 | 2026-07-08T22:07:14+00:00 | Vulnerability · Source |
| CVE-2026-21925 | redhat_vex | openjdk: Improve JMX connections (Oracle CPU 2026-01) | fixed: 3198 known affected: 45 | 2026-07-08T22:07:06+00:00 | Vulnerability · Source |
| CVE-2025-12840 | redhat_vex | OpenEXR: OpenEXR: Remote Code Execution via EXR file parsing heap-based buffer overflow | known affected: 3 known not affected: 9 | 2026-07-08T22:07:02+00:00 | Vulnerability · Source |
| CVE-2025-12839 | redhat_vex | OpenEXR: OpenEXR: Remote Code Execution via Heap-based Buffer Overflow in EXR File Parsing | known affected: 3 known not affected: 9 | 2026-07-08T22:06:37+00:00 | Vulnerability · Source |
| CVE-2025-68973 | redhat_vex | GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write | fixed: 394 known affected: 3 known not affected: 149 | 2026-07-08T22:06:22+00:00 | Vulnerability · Source |
| CVE-2025-61686 | redhat_vex | react-router: React Router has Path Traversal in File Session Storage | known not affected: 173 | 2026-07-08T22:05:25+00:00 | Vulnerability · Source |
| CVE-2025-15269 | redhat_vex | fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing | fixed: 112 known affected: 2 | 2026-07-08T22:05:18+00:00 | Vulnerability · Source |
| CVE-2026-46292 | redhat_vex | kernel: pmdomain: core: Fix detach procedure for virtual devices in genpd | known affected: 184 known not affected: 90 | 2026-07-08T22:04:12+00:00 | Vulnerability · Source |
| CVE-2026-22610 | redhat_vex | angular: Angular: Cross-site scripting vulnerability in Template Compiler | fixed: 4 known affected: 10 known not affected: 226 | 2026-07-08T22:02:45+00:00 | Vulnerability · Source |
| CVE-2026-47210 | redhat_vex | vm2: vm2: Arbitrary code execution via sandbox escape when executing untrusted code with async support. | fixed: 1 known not affected: 4 under investigation: 1 | 2026-07-08T21:53:54+00:00 | Vulnerability · Source |
| CVE-2026-47208 | redhat_vex | vm2: vm2: Sandbox Breakout Using Promise Species | fixed: 2 known affected: 1 known not affected: 6 | 2026-07-08T21:53:51+00:00 | Vulnerability · Source |
| CVE-2026-47141 | redhat_vex | vm2: vm2: NodeVM observability builtins leak host process and HTTP request data | fixed: 2 known affected: 1 known not affected: 6 | 2026-07-08T21:53:50+00:00 | Vulnerability · Source |
| CVE-2026-47140 | redhat_vex | vm2: vm2: Arbitrary code execution due to incomplete sandbox restrictions | fixed: 2 known affected: 1 known not affected: 6 | 2026-07-08T21:53:48+00:00 | Vulnerability · Source |
| CVE-2026-43869 | redhat_vex | Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation | fixed: 43 known affected: 15 known not affected: 855 | 2026-07-08T21:51:46+00:00 | Vulnerability · Source |
| CVE-2026-41607 | redhat_vex | Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability | fixed: 36 known affected: 14 known not affected: 438 | 2026-07-08T21:51:19+00:00 | Vulnerability · Source |
| CVE-2026-41605 | redhat_vex | Apache Thrift: Apache Thrift: Integer Overflow or Wraparound Vulnerability | fixed: 36 known affected: 14 known not affected: 438 | 2026-07-08T21:51:11+00:00 | Vulnerability · Source |
| CVE-2026-41604 | redhat_vex | Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability | fixed: 36 known affected: 14 known not affected: 438 | 2026-07-08T21:51:08+00:00 | Vulnerability · Source |
| CVE-2026-41602 | redhat_vex | github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation | fixed: 48 known affected: 12 known not affected: 646 | 2026-07-08T21:50:57+00:00 | Vulnerability · Source |
| CVE-2026-40293 | redhat_vex | OpenFGA: github.com/openfga/openfga: OpenFGA: Information disclosure of preshared API key via playground endpoint | fixed: 12 known affected: 2 known not affected: 369 | 2026-07-08T21:50:44+00:00 | Vulnerability · Source |
| CVE-2026-33487 | redhat_vex | github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue | fixed: 32 known not affected: 523 | 2026-07-08T21:50:28+00:00 | Vulnerability · Source |
| CVE-2026-32285 | redhat_vex | github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input | fixed: 54 known affected: 7 known not affected: 510 | 2026-07-08T21:50:15+00:00 | Vulnerability · Source |
| CVE-2025-48431 | redhat_vex | Apache Thrift: c_glib: Apache Thrift c_glib: Denial of Service via specially crafted requests | fixed: 18 known affected: 20 known not affected: 595 | 2026-07-08T21:49:27+00:00 | Vulnerability · Source |
| CVE-2026-47139 | redhat_vex | vm2: vm2: Sandbox escape via internal HTTP built-ins leading to network restriction bypass | fixed: 2 known affected: 1 known not affected: 6 | 2026-07-08T21:49:02+00:00 | Vulnerability · Source |
| CVE-2026-47137 | redhat_vex | vm2: vm2: Sandbox escape leading to arbitrary code execution via security bypass | fixed: 2 known affected: 1 known not affected: 6 | 2026-07-08T21:48:58+00:00 | Vulnerability · Source |
| CVE-2026-47135 | redhat_vex | vm2: vm2: Sandbox escape allows arbitrary code execution on the host system | fixed: 2 known affected: 1 known not affected: 6 | 2026-07-08T21:48:57+00:00 | Vulnerability · Source |
| CVE-2026-9673 | redhat_vex | json-2-csv: json-2-csv: CSV Injection vulnerability allows arbitrary code execution via `preventCsvInjection` bypass. | fixed: 2 known not affected: 6 under investigation: 1 | 2026-07-08T21:48:54+00:00 | Vulnerability · Source |
| CVE-2026-47131 | redhat_vex | vm2: vm2: Arbitrary code execution via sandbox escape vulnerability | fixed: 2 known affected: 1 known not affected: 6 | 2026-07-08T21:48:54+00:00 | Vulnerability · Source |
| CVE-2026-24781 | redhat_vex | vm2: vm2: Arbitrary code execution via sandbox breakout through inspect function | fixed: 2 known affected: 1 known not affected: 6 | 2026-07-08T21:41:02+00:00 | Vulnerability · Source |
| CVE-2026-46284 | redhat_vex | kernel: mm/hugetlb: fix early boot crash on parameters without '=' separator | known affected: 14 known not affected: 260 | 2026-07-08T21:37:53+00:00 | Vulnerability · Source |