VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221683 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-43951 redhat_vex httpd: Apache HTTP Server: Out-of-bounds Read in mod_headers and mod_mime fixed: 92 known affected: 46 2026-07-15T14:34:35+00:00 Vulnerability · Source
CVE-2026-42535 redhat_vex httpd: Apache httpd mod_dav_fs: Denial of Service due to path handling issue fixed: 79 known affected: 41 2026-07-15T14:34:34+00:00 Vulnerability · Source
CVE-2026-29170 redhat_vex httpd: Apache HTTP Server: Cross-site scripting in mod_proxy_ftp via HTML directory list generation fixed: 4 known affected: 53 2026-07-15T14:34:31+00:00 Vulnerability · Source
CVE-2026-34356 redhat_vex httpd: Apache HTTP Server: Heap-based Buffer Overflow via malicious backend servers fixed: 79 known affected: 41 2026-07-15T14:34:31+00:00 Vulnerability · Source
CVE-2026-6638 redhat_vex postgresql: PostgreSQL: Arbitrary SQL execution via SQL injection in logical replication fixed: 8 known affected: 32 known not affected: 154 2026-07-15T14:34:27+00:00 Vulnerability · Source
CVE-2026-9675 redhat_vex undici: undici WebSocket client vulnerable to denial of service via cumulative fragment bypass fixed: 16 known not affected: 69 under investigation: 1 2026-07-15T14:34:06+00:00 Vulnerability · Source
CVE-2026-47104 redhat_vex libusb: libusb: Denial of Service via malformed USB descriptor fixed: 4 known affected: 15 2026-07-15T14:34:02+00:00 Vulnerability · Source
CVE-2026-23679 redhat_vex libusb: libusb: Denial of Service via malformed USB configuration descriptor fixed: 4 known affected: 15 2026-07-15T14:34:01+00:00 Vulnerability · Source
CVE-2026-43515 redhat_vex tomcat-coyote: tomcat: Improper Authorization allows security bypass fixed: 4 known affected: 29 2026-07-15T14:33:55+00:00 Vulnerability · Source
CVE-2026-7009 redhat_vex curl: Curl: Certificate validation bypass due to OCSP stapling flaw fixed: 3 known not affected: 27 2026-07-15T14:33:52+00:00 Vulnerability · Source
CVE-2026-42308 redhat_vex Pillow: python: Pillow: Denial of Service via integer overflow in font processing fixed: 5 known affected: 275 2026-07-15T14:33:47+00:00 Vulnerability · Source
CVE-2026-42015 redhat_vex gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling fixed: 700 known affected: 12 known not affected: 55 under investigation: 1 2026-07-15T14:33:36+00:00 Vulnerability · Source
CVE-2026-42014 redhat_vex gnutls: gnutls: Use-after-free in gnutls_pkcs11_token_set_pin fixed: 700 known affected: 12 known not affected: 55 under investigation: 1 2026-07-15T14:33:33+00:00 Vulnerability · Source
CVE-2026-42013 redhat_vex gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name fixed: 700 known affected: 12 known not affected: 55 under investigation: 1 2026-07-15T14:33:31+00:00 Vulnerability · Source
CVE-2026-45149 redhat_vex brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges fixed: 36 known affected: 30 known not affected: 177 under investigation: 103 2026-07-15T14:31:31+00:00 Vulnerability · Source
CVE-2026-44029 redhat_vex nix: absolute path traversal when unpacking archives to disk fixed: 14 2026-07-15T14:29:51+00:00 Vulnerability · Source
CVE-2026-44028 redhat_vex nix: coroutine stack-to-heap overflow via unbounded recursion in NAR directory parser fixed: 14 2026-07-15T14:29:47+00:00 Vulnerability · Source
CVE-2026-23479 redhat_vex redis: use-after-free in unblock client flow may allow remote code execution fixed: 95 known not affected: 8 2026-07-15T14:29:40+00:00 Vulnerability · Source
CVE-2026-59870 redhat_vex js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document fixed: 30 known affected: 1 known not affected: 189 2026-07-15T14:29:06+00:00 Vulnerability · Source
CVE-2026-59868 redhat_vex js-yaml: js-yaml: Denial of Service via quadratic CPU time parsing with merge keys fixed: 30 known affected: 1 known not affected: 189 2026-07-15T14:29:02+00:00 Vulnerability · Source
CVE-2026-39822 redhat_vex os: golang: Go os.Root: Symlink following vulnerability allows directory traversal fixed: 161 known affected: 23 known not affected: 177 2026-07-15T14:21:17+00:00 Vulnerability · Source
CVE-2026-42504 redhat_vex mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header fixed: 8 known affected: 115 known not affected: 26 under investigation: 240 2026-07-15T14:20:28+00:00 Vulnerability · Source
CVE-2026-12064 redhat_vex curl: curl: SSH host verification bypass when using schemeless URLs with SFTP/SCP fixed: 7 known affected: 27 2026-07-15T14:20:14+00:00 Vulnerability · Source
CVE-2026-11586 redhat_vex curl: curl: Denial of Service via WebSocket PING flood fixed: 7 known affected: 27 2026-07-15T14:20:12+00:00 Vulnerability · Source
CVE-2026-9547 redhat_vex curl: curl: Man-in-the-middle attack via SSH host key bypass fixed: 7 known affected: 27 2026-07-15T14:20:09+00:00 Vulnerability · Source
CVE-2026-11352 redhat_vex curl: libcurl: curl/libcurl: Remote denial of service via QUIC UDP receive function vulnerability fixed: 7 known affected: 29 known not affected: 16 2026-07-15T14:20:09+00:00 Vulnerability · Source
CVE-2026-9546 redhat_vex libcurl: libcurl: Information disclosure due to persistent Referer header fixed: 7 known affected: 2 known not affected: 16 2026-07-15T14:20:06+00:00 Vulnerability · Source
CVE-2026-9080 redhat_vex libcurl: libcurl: Use-after-free via curl_easy_pause() in CURLMOPT_SOCKETFUNCTION callback fixed: 7 known affected: 2 known not affected: 16 2026-07-15T14:20:04+00:00 Vulnerability · Source
CVE-2026-9079 redhat_vex libcurl: libcurl: Information disclosure due to failure to clear proxy authentication credentials fixed: 7 known affected: 2 known not affected: 16 2026-07-15T14:20:03+00:00 Vulnerability · Source
CVE-2026-8932 redhat_vex libcurl: libcurl: Security feature bypass due to improper mTLS connection reuse fixed: 7 known affected: 2 known not affected: 16 2026-07-15T14:20:01+00:00 Vulnerability · Source
CVE-2026-8925 redhat_vex curl: curl: Double-free vulnerability in SASL authentication fixed: 7 known affected: 27 2026-07-15T14:19:59+00:00 Vulnerability · Source
CVE-2026-8927 redhat_vex libcurl: libcurl: Information disclosure due to uncleared proxy authentication state fixed: 7 known affected: 2 known not affected: 16 2026-07-15T14:19:58+00:00 Vulnerability · Source
CVE-2026-8286 redhat_vex curl: curl: Insecure connection establishment due to TLS configuration mismatch fixed: 7 known affected: 27 2026-07-15T14:19:53+00:00 Vulnerability · Source
CVE-2026-59724 redhat_vex engine.io: Engine.IO: Denial of Service via crafted WebTransport session ID fixed: 3 known affected: 4 2026-07-15T14:19:44+00:00 Vulnerability · Source
CVE-2026-11807 redhat_vex eda-server: websocket missing authorization allows credential theft via activation_id spoofing fixed: 28 known not affected: 202 2026-07-15T14:19:38+00:00 Vulnerability · Source
CVE-2026-12112 redhat_vex foreman-mcp-server: MCP Server: Active Session Hijacking via Insecure Session State Reuse fixed: 2 2026-07-15T14:19:36+00:00 Vulnerability · Source
CVE-2026-44186 redhat_vex httpd: Apache HTTP Server: Denial of Service in mod_proxy_ftp via attacker-controlled FTP server fixed: 79 known affected: 41 2026-07-15T14:19:23+00:00 Vulnerability · Source
CVE-2026-44185 redhat_vex httpd: Apache HTTP Server: Buffer Over-read via outbound OCSP requests to attacker-controlled server fixed: 79 known affected: 41 2026-07-15T14:19:20+00:00 Vulnerability · Source
CVE-2026-42536 redhat_vex httpd: Apache HTTP Server: Heap-based Buffer Overflow via untrusted content in mod_xml2enc fixed: 79 known affected: 41 2026-07-15T14:19:16+00:00 Vulnerability · Source
CVE-2026-34355 redhat_vex httpd: Apache HTTP Server: Buffer overflow in mod_proxy_html allows security bypass fixed: 79 known affected: 41 2026-07-15T14:19:14+00:00 Vulnerability · Source
CVE-2026-44390 redhat_vex unbound: Unbound: Denial of Service due to excessive resource consumption with large DNS Resource Record Sets fixed: 4 known affected: 30 2026-07-15T14:19:10+00:00 Vulnerability · Source
CVE-2026-42534 redhat_vex unbound: Unbound: Denial of Service due to degraded resolution performance in jostle logic fixed: 4 known affected: 30 2026-07-15T14:19:09+00:00 Vulnerability · Source
CVE-2026-41292 redhat_vex unbound: Unbound: Denial of Service via excessive EDNS options fixed: 4 known affected: 34 known not affected: 2 2026-07-15T14:19:04+00:00 Vulnerability · Source
CVE-2026-42530 redhat_vex nginx: ngx_http_v3_module: use-after-free issue leads to denial of service fixed: 4 known not affected: 65 2026-07-15T14:18:23+00:00 Vulnerability · Source
CVE-2026-42311 redhat_vex Pillow: python-pillow: Pillow: Arbitrary code execution via malicious PSD file processing fixed: 5 known affected: 43 known not affected: 26 under investigation: 15 2026-07-15T14:17:58+00:00 Vulnerability · Source
CVE-2026-25243 redhat_vex redis: RESTORE invalid memory access may allow remote code execution fixed: 251 known not affected: 1 2026-07-15T14:17:52+00:00 Vulnerability · Source
CVE-2026-23631 redhat_vex redis: Remote code execution via use-after-free in Lua scripting fixed: 109 known not affected: 1 under investigation: 8 2026-07-15T14:17:51+00:00 Vulnerability · Source
CVE-2026-47423 redhat_vex dompurify: DOMPurify: Cross-site scripting vulnerability allows information disclosure fixed: 4 known not affected: 9 under investigation: 37 2026-07-15T14:17:10+00:00 Vulnerability · Source
CVE-2026-15146 redhat_vex wget: Wget: Server-Side Request Forgery via FTP PASV response IP address validation bypass known affected: 9 2026-07-15T14:16:35+00:00 Vulnerability · Source
CVE-2026-53015 redhat_vex kernel: erofs: unify lcn as u64 for 32-bit platforms known affected: 76 known not affected: 198 2026-07-15T14:07:06+00:00 Vulnerability · Source