VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221683 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-43951 | redhat_vex | httpd: Apache HTTP Server: Out-of-bounds Read in mod_headers and mod_mime | fixed: 92 known affected: 46 | 2026-07-15T14:34:35+00:00 | Vulnerability · Source |
| CVE-2026-42535 | redhat_vex | httpd: Apache httpd mod_dav_fs: Denial of Service due to path handling issue | fixed: 79 known affected: 41 | 2026-07-15T14:34:34+00:00 | Vulnerability · Source |
| CVE-2026-29170 | redhat_vex | httpd: Apache HTTP Server: Cross-site scripting in mod_proxy_ftp via HTML directory list generation | fixed: 4 known affected: 53 | 2026-07-15T14:34:31+00:00 | Vulnerability · Source |
| CVE-2026-34356 | redhat_vex | httpd: Apache HTTP Server: Heap-based Buffer Overflow via malicious backend servers | fixed: 79 known affected: 41 | 2026-07-15T14:34:31+00:00 | Vulnerability · Source |
| CVE-2026-6638 | redhat_vex | postgresql: PostgreSQL: Arbitrary SQL execution via SQL injection in logical replication | fixed: 8 known affected: 32 known not affected: 154 | 2026-07-15T14:34:27+00:00 | Vulnerability · Source |
| CVE-2026-9675 | redhat_vex | undici: undici WebSocket client vulnerable to denial of service via cumulative fragment bypass | fixed: 16 known not affected: 69 under investigation: 1 | 2026-07-15T14:34:06+00:00 | Vulnerability · Source |
| CVE-2026-47104 | redhat_vex | libusb: libusb: Denial of Service via malformed USB descriptor | fixed: 4 known affected: 15 | 2026-07-15T14:34:02+00:00 | Vulnerability · Source |
| CVE-2026-23679 | redhat_vex | libusb: libusb: Denial of Service via malformed USB configuration descriptor | fixed: 4 known affected: 15 | 2026-07-15T14:34:01+00:00 | Vulnerability · Source |
| CVE-2026-43515 | redhat_vex | tomcat-coyote: tomcat: Improper Authorization allows security bypass | fixed: 4 known affected: 29 | 2026-07-15T14:33:55+00:00 | Vulnerability · Source |
| CVE-2026-7009 | redhat_vex | curl: Curl: Certificate validation bypass due to OCSP stapling flaw | fixed: 3 known not affected: 27 | 2026-07-15T14:33:52+00:00 | Vulnerability · Source |
| CVE-2026-42308 | redhat_vex | Pillow: python: Pillow: Denial of Service via integer overflow in font processing | fixed: 5 known affected: 275 | 2026-07-15T14:33:47+00:00 | Vulnerability · Source |
| CVE-2026-42015 | redhat_vex | gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling | fixed: 700 known affected: 12 known not affected: 55 under investigation: 1 | 2026-07-15T14:33:36+00:00 | Vulnerability · Source |
| CVE-2026-42014 | redhat_vex | gnutls: gnutls: Use-after-free in gnutls_pkcs11_token_set_pin | fixed: 700 known affected: 12 known not affected: 55 under investigation: 1 | 2026-07-15T14:33:33+00:00 | Vulnerability · Source |
| CVE-2026-42013 | redhat_vex | gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name | fixed: 700 known affected: 12 known not affected: 55 under investigation: 1 | 2026-07-15T14:33:31+00:00 | Vulnerability · Source |
| CVE-2026-45149 | redhat_vex | brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges | fixed: 36 known affected: 30 known not affected: 177 under investigation: 103 | 2026-07-15T14:31:31+00:00 | Vulnerability · Source |
| CVE-2026-44029 | redhat_vex | nix: absolute path traversal when unpacking archives to disk | fixed: 14 | 2026-07-15T14:29:51+00:00 | Vulnerability · Source |
| CVE-2026-44028 | redhat_vex | nix: coroutine stack-to-heap overflow via unbounded recursion in NAR directory parser | fixed: 14 | 2026-07-15T14:29:47+00:00 | Vulnerability · Source |
| CVE-2026-23479 | redhat_vex | redis: use-after-free in unblock client flow may allow remote code execution | fixed: 95 known not affected: 8 | 2026-07-15T14:29:40+00:00 | Vulnerability · Source |
| CVE-2026-59870 | redhat_vex | js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document | fixed: 30 known affected: 1 known not affected: 189 | 2026-07-15T14:29:06+00:00 | Vulnerability · Source |
| CVE-2026-59868 | redhat_vex | js-yaml: js-yaml: Denial of Service via quadratic CPU time parsing with merge keys | fixed: 30 known affected: 1 known not affected: 189 | 2026-07-15T14:29:02+00:00 | Vulnerability · Source |
| CVE-2026-39822 | redhat_vex | os: golang: Go os.Root: Symlink following vulnerability allows directory traversal | fixed: 161 known affected: 23 known not affected: 177 | 2026-07-15T14:21:17+00:00 | Vulnerability · Source |
| CVE-2026-42504 | redhat_vex | mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header | fixed: 8 known affected: 115 known not affected: 26 under investigation: 240 | 2026-07-15T14:20:28+00:00 | Vulnerability · Source |
| CVE-2026-12064 | redhat_vex | curl: curl: SSH host verification bypass when using schemeless URLs with SFTP/SCP | fixed: 7 known affected: 27 | 2026-07-15T14:20:14+00:00 | Vulnerability · Source |
| CVE-2026-11586 | redhat_vex | curl: curl: Denial of Service via WebSocket PING flood | fixed: 7 known affected: 27 | 2026-07-15T14:20:12+00:00 | Vulnerability · Source |
| CVE-2026-9547 | redhat_vex | curl: curl: Man-in-the-middle attack via SSH host key bypass | fixed: 7 known affected: 27 | 2026-07-15T14:20:09+00:00 | Vulnerability · Source |
| CVE-2026-11352 | redhat_vex | curl: libcurl: curl/libcurl: Remote denial of service via QUIC UDP receive function vulnerability | fixed: 7 known affected: 29 known not affected: 16 | 2026-07-15T14:20:09+00:00 | Vulnerability · Source |
| CVE-2026-9546 | redhat_vex | libcurl: libcurl: Information disclosure due to persistent Referer header | fixed: 7 known affected: 2 known not affected: 16 | 2026-07-15T14:20:06+00:00 | Vulnerability · Source |
| CVE-2026-9080 | redhat_vex | libcurl: libcurl: Use-after-free via curl_easy_pause() in CURLMOPT_SOCKETFUNCTION callback | fixed: 7 known affected: 2 known not affected: 16 | 2026-07-15T14:20:04+00:00 | Vulnerability · Source |
| CVE-2026-9079 | redhat_vex | libcurl: libcurl: Information disclosure due to failure to clear proxy authentication credentials | fixed: 7 known affected: 2 known not affected: 16 | 2026-07-15T14:20:03+00:00 | Vulnerability · Source |
| CVE-2026-8932 | redhat_vex | libcurl: libcurl: Security feature bypass due to improper mTLS connection reuse | fixed: 7 known affected: 2 known not affected: 16 | 2026-07-15T14:20:01+00:00 | Vulnerability · Source |
| CVE-2026-8925 | redhat_vex | curl: curl: Double-free vulnerability in SASL authentication | fixed: 7 known affected: 27 | 2026-07-15T14:19:59+00:00 | Vulnerability · Source |
| CVE-2026-8927 | redhat_vex | libcurl: libcurl: Information disclosure due to uncleared proxy authentication state | fixed: 7 known affected: 2 known not affected: 16 | 2026-07-15T14:19:58+00:00 | Vulnerability · Source |
| CVE-2026-8286 | redhat_vex | curl: curl: Insecure connection establishment due to TLS configuration mismatch | fixed: 7 known affected: 27 | 2026-07-15T14:19:53+00:00 | Vulnerability · Source |
| CVE-2026-59724 | redhat_vex | engine.io: Engine.IO: Denial of Service via crafted WebTransport session ID | fixed: 3 known affected: 4 | 2026-07-15T14:19:44+00:00 | Vulnerability · Source |
| CVE-2026-11807 | redhat_vex | eda-server: websocket missing authorization allows credential theft via activation_id spoofing | fixed: 28 known not affected: 202 | 2026-07-15T14:19:38+00:00 | Vulnerability · Source |
| CVE-2026-12112 | redhat_vex | foreman-mcp-server: MCP Server: Active Session Hijacking via Insecure Session State Reuse | fixed: 2 | 2026-07-15T14:19:36+00:00 | Vulnerability · Source |
| CVE-2026-44186 | redhat_vex | httpd: Apache HTTP Server: Denial of Service in mod_proxy_ftp via attacker-controlled FTP server | fixed: 79 known affected: 41 | 2026-07-15T14:19:23+00:00 | Vulnerability · Source |
| CVE-2026-44185 | redhat_vex | httpd: Apache HTTP Server: Buffer Over-read via outbound OCSP requests to attacker-controlled server | fixed: 79 known affected: 41 | 2026-07-15T14:19:20+00:00 | Vulnerability · Source |
| CVE-2026-42536 | redhat_vex | httpd: Apache HTTP Server: Heap-based Buffer Overflow via untrusted content in mod_xml2enc | fixed: 79 known affected: 41 | 2026-07-15T14:19:16+00:00 | Vulnerability · Source |
| CVE-2026-34355 | redhat_vex | httpd: Apache HTTP Server: Buffer overflow in mod_proxy_html allows security bypass | fixed: 79 known affected: 41 | 2026-07-15T14:19:14+00:00 | Vulnerability · Source |
| CVE-2026-44390 | redhat_vex | unbound: Unbound: Denial of Service due to excessive resource consumption with large DNS Resource Record Sets | fixed: 4 known affected: 30 | 2026-07-15T14:19:10+00:00 | Vulnerability · Source |
| CVE-2026-42534 | redhat_vex | unbound: Unbound: Denial of Service due to degraded resolution performance in jostle logic | fixed: 4 known affected: 30 | 2026-07-15T14:19:09+00:00 | Vulnerability · Source |
| CVE-2026-41292 | redhat_vex | unbound: Unbound: Denial of Service via excessive EDNS options | fixed: 4 known affected: 34 known not affected: 2 | 2026-07-15T14:19:04+00:00 | Vulnerability · Source |
| CVE-2026-42530 | redhat_vex | nginx: ngx_http_v3_module: use-after-free issue leads to denial of service | fixed: 4 known not affected: 65 | 2026-07-15T14:18:23+00:00 | Vulnerability · Source |
| CVE-2026-42311 | redhat_vex | Pillow: python-pillow: Pillow: Arbitrary code execution via malicious PSD file processing | fixed: 5 known affected: 43 known not affected: 26 under investigation: 15 | 2026-07-15T14:17:58+00:00 | Vulnerability · Source |
| CVE-2026-25243 | redhat_vex | redis: RESTORE invalid memory access may allow remote code execution | fixed: 251 known not affected: 1 | 2026-07-15T14:17:52+00:00 | Vulnerability · Source |
| CVE-2026-23631 | redhat_vex | redis: Remote code execution via use-after-free in Lua scripting | fixed: 109 known not affected: 1 under investigation: 8 | 2026-07-15T14:17:51+00:00 | Vulnerability · Source |
| CVE-2026-47423 | redhat_vex | dompurify: DOMPurify: Cross-site scripting vulnerability allows information disclosure | fixed: 4 known not affected: 9 under investigation: 37 | 2026-07-15T14:17:10+00:00 | Vulnerability · Source |
| CVE-2026-15146 | redhat_vex | wget: Wget: Server-Side Request Forgery via FTP PASV response IP address validation bypass | known affected: 9 | 2026-07-15T14:16:35+00:00 | Vulnerability · Source |
| CVE-2026-53015 | redhat_vex | kernel: erofs: unify lcn as u64 for 32-bit platforms | known affected: 76 known not affected: 198 | 2026-07-15T14:07:06+00:00 | Vulnerability · Source |