VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221683 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-31613 redhat_vex kernel: smb: client: fix OOB reads parsing symlink error response fixed: 812 known affected: 22 known not affected: 42 2026-07-15T15:59:27+00:00 Vulnerability · Source
CVE-2025-68183 redhat_vex kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr fixed: 1858 known affected: 33 known not affected: 31 2026-07-15T15:59:26+00:00 Vulnerability · Source
CVE-2026-46189 redhat_vex kernel: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path fixed: 1551 known affected: 50 known not affected: 14 2026-07-15T15:59:23+00:00 Vulnerability · Source
CVE-2026-33815 redhat_vex github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability fixed: 106 known affected: 58 known not affected: 565 2026-07-15T15:51:38+00:00 Vulnerability · Source
CVE-2026-53488 redhat_vex github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin fixed: 56 known affected: 162 known not affected: 176 2026-07-15T15:47:22+00:00 Vulnerability · Source
CVE-2026-29181 redhat_vex github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers fixed: 4 known affected: 6 known not affected: 124 under investigation: 2 2026-07-15T15:46:05+00:00 Vulnerability · Source
CVE-2026-52725 redhat_vex @angular/core: @angular/core: Cross-Site Scripting (XSS) via dynamic component creation bypass known affected: 3 known not affected: 79 2026-07-15T15:41:29+00:00 Vulnerability · Source
CVE-2026-54268 redhat_vex @angular/common: Angular @angular/common: Denial of Service via crafted date format string known affected: 1 known not affected: 81 2026-07-15T15:41:21+00:00 Vulnerability · Source
CVE-2026-49477 redhat_vex soupsieve: Soupsieve: Denial of Service via crafted CSS selector strings fixed: 5 known affected: 27 known not affected: 2 under investigation: 8 2026-07-15T15:31:28+00:00 Vulnerability · Source
CVE-2026-49476 redhat_vex soupsieve: python-soupsieve: Soupsieve: Denial of Service via crafted CSS selector string fixed: 5 known affected: 39 known not affected: 1 2026-07-15T15:31:24+00:00 Vulnerability · Source
CVE-2026-28390 redhat_vex openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing fixed: 301 known affected: 307 known not affected: 283 under investigation: 7 2026-07-15T15:21:36+00:00 Vulnerability · Source
CVE-2026-54399 redhat_vex org.apache.httpcomponents.core5/httpcore5: Apache HttpComponents Core: Denial of Service via excessive HTTP headers known affected: 50 known not affected: 15 2026-07-15T15:21:29+00:00 Vulnerability · Source
CVE-2026-0636 redhat_vex bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java fixed: 29 known affected: 30 known not affected: 293 2026-07-15T15:21:24+00:00 Vulnerability · Source
CVE-2025-14813 redhat_vex bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly fixed: 31 known affected: 33 known not affected: 496 2026-07-15T15:21:22+00:00 Vulnerability · Source
CVE-2026-5588 redhat_vex bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid fixed: 131 known affected: 18 known not affected: 185 2026-07-15T15:21:19+00:00 Vulnerability · Source
CVE-2026-50193 redhat_vex jackson-databind: Jackson-databind: Denial of Service via deeply nested JSON processing known affected: 66 known not affected: 94 2026-07-15T15:12:30+00:00 Vulnerability · Source
CVE-2026-9073 redhat_vex foreman-mcp-server: MCP Server: Insecure Sensitive HTTP Header Sanitization fixed: 2 2026-07-15T15:08:51+00:00 Vulnerability · Source
CVE-2026-10879 redhat_vex perl-DBI: perl-DBI: Heap overflow in SQL preparsing can lead to denial of service or arbitrary code execution. known affected: 10 2026-07-15T15:08:47+00:00 Vulnerability · Source
CVE-2026-47429 redhat_vex vitest: Vitest: Arbitrary code execution and information disclosure via path traversal fixed: 3 known not affected: 9 2026-07-15T15:04:44+00:00 Vulnerability · Source
CVE-2026-47428 redhat_vex vitest: Vitest: Arbitrary code execution via crafted browser-runner URL fixed: 3 known not affected: 7 2026-07-15T15:04:43+00:00 Vulnerability · Source
CVE-2026-9698 redhat_vex DBI: DBI: Buffer overflow in error handling can lead to arbitrary code execution fixed: 52 known affected: 4 2026-07-15T15:01:08+00:00 Vulnerability · Source
CVE-2026-58494 redhat_vex wasmtime: Wasmtime: Overwrite host files via insufficient permission checks in wasmtime-wasi known affected: 3 2026-07-15T15:00:20+00:00 Vulnerability · Source
CVE-2026-44216 redhat_vex wasmtime: Wasmtime: Denial of Service via large WebAssembly table allocation known affected: 1 known not affected: 1 2026-07-15T14:59:30+00:00 Vulnerability · Source
CVE-2026-59869 redhat_vex js-yaml: js-yaml: Denial of Service via crafted YAML documents fixed: 23 known affected: 67 known not affected: 4 under investigation: 122 2026-07-15T14:59:18+00:00 Vulnerability · Source
CVE-2026-53492 redhat_vex github.com/containerd/containerd: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration. fixed: 13 known affected: 203 known not affected: 79 2026-07-15T14:57:09+00:00 Vulnerability · Source
CVE-2026-5260 redhat_vex gnutls: gnutls: Information disclosure via heap overread in RSA key exchange fixed: 700 known affected: 6 known not affected: 61 under investigation: 1 2026-07-15T14:56:52+00:00 Vulnerability · Source
CVE-2026-53034 redhat_vex kernel: bpf, sockmap: Fix af_unix null-ptr-deref in proto update known affected: 184 known not affected: 90 2026-07-15T14:48:58+00:00 Vulnerability · Source
CVE-2026-53035 redhat_vex kernel: bpf, sockmap: Fix af_unix iter deadlock known affected: 198 known not affected: 76 2026-07-15T14:48:58+00:00 Vulnerability · Source
CVE-2026-42503 redhat_vex golang.org/x/tools/gopls: golang: gopls: Arbitrary code execution due to insecure network binding fixed: 8 known not affected: 1 2026-07-15T14:42:53+00:00 Vulnerability · Source
CVE-2025-58188 redhat_vex crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 fixed: 8 known affected: 9 known not affected: 47 under investigation: 355 2026-07-15T14:42:32+00:00 Vulnerability · Source
CVE-2026-53028 redhat_vex kernel: usb: typec: Fix error pointer dereference known affected: 184 known not affected: 90 2026-07-15T14:40:58+00:00 Vulnerability · Source
CVE-2026-14686 redhat_vex HdrHistogram: HdrHistogram: Data integrity impact due to incorrect comparison fixed: 7 known affected: 5 known not affected: 9 2026-07-15T14:37:44+00:00 Vulnerability · Source
CVE-2026-14685 redhat_vex HdrHistogram: HdrHistogram: Local state issue via 'Count' argument manipulation fixed: 7 known affected: 5 known not affected: 9 2026-07-15T14:37:35+00:00 Vulnerability · Source
CVE-2026-14683 redhat_vex HdrHistogram: HdrHistogram: Denial of Service via uncontrolled memory allocation fixed: 7 known affected: 5 known not affected: 9 2026-07-15T14:37:33+00:00 Vulnerability · Source
CVE-2026-29167 redhat_vex httpd: Apache HTTP Server: Arbitrary code execution or denial of service via use-after-free in mod_ldap per-directory configuration fixed: 4 known affected: 23 known not affected: 6 under investigation: 24 2026-07-15T14:37:31+00:00 Vulnerability · Source
CVE-2026-5419 redhat_vex gnutls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal fixed: 339 known affected: 12 known not affected: 35 under investigation: 1 2026-07-15T14:37:30+00:00 Vulnerability · Source
CVE-2026-59890 redhat_vex setuptools: setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) fixed: 2 known not affected: 270 2026-07-15T14:36:27+00:00 Vulnerability · Source
CVE-2026-53021 redhat_vex kernel: scsi: target: core: Fix integer overflow in UNMAP bounds check known affected: 274 2026-07-15T14:36:26+00:00 Vulnerability · Source
CVE-2026-59996 redhat_vex openssh: OpenSSH: `scp` file misplacement vulnerability during remote copy fixed: 3 known affected: 41 2026-07-15T14:36:25+00:00 Vulnerability · Source
CVE-2026-15747 redhat_vex Mojolicious: Mojolicious: Information disclosure via BREACH compression oracle known not affected: 1 2026-07-15T14:36:24+00:00 Vulnerability · Source
CVE-2026-53022 redhat_vex kernel: platform/x86: dell-wmi-sysman: bound enumeration string aggregation known affected: 184 known not affected: 90 2026-07-15T14:36:22+00:00 Vulnerability · Source
CVE-2026-42505 redhat_vex crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello fixed: 8 known affected: 148 known not affected: 1 under investigation: 243 2026-07-15T14:36:16+00:00 Vulnerability · Source
CVE-2026-15187 redhat_vex enquirer: Enquirer: Prototype pollution vulnerability allows remote attackers to modify object attributes fixed: 4 known affected: 14 under investigation: 45 2026-07-15T14:36:14+00:00 Vulnerability · Source
CVE-2026-55956 redhat_vex tomcat: Apache Tomcat: Improper Authorization Allows Security Constraint Bypass fixed: 4 known affected: 80 2026-07-15T14:35:21+00:00 Vulnerability · Source
CVE-2026-55693 redhat_vex vim: Vim: Out-of-bounds Write in Spell File Word Count fixed: 4 known affected: 33 2026-07-15T14:35:20+00:00 Vulnerability · Source
CVE-2026-11856 redhat_vex curl: curl: Information disclosure via incorrect Digest authentication header reuse fixed: 7 known affected: 25 known not affected: 2 2026-07-15T14:35:10+00:00 Vulnerability · Source
CVE-2026-47262 redhat_vex github.com/containerd/containerd: containerd: Denial of Service via maliciously crafted image leading to unbounded group parsing fixed: 18 known not affected: 270 under investigation: 31 2026-07-15T14:35:10+00:00 Vulnerability · Source
CVE-2026-11564 redhat_vex libcurl: libcurl: Certificate validation bypass due to incorrect connection reuse fixed: 7 known affected: 2 known not affected: 16 2026-07-15T14:35:02+00:00 Vulnerability · Source
CVE-2026-8926 redhat_vex curl: curl: Information disclosure via incorrect .netrc password lookup fixed: 7 known affected: 27 2026-07-15T14:35:00+00:00 Vulnerability · Source
CVE-2026-8924 redhat_vex curl: curl: Cookie injection via malicious HTTP server using super cookies fixed: 7 known affected: 27 2026-07-15T14:34:57+00:00 Vulnerability · Source