VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221683 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-15146 | redhat_vex | wget: Wget: Server-Side Request Forgery via FTP PASV response IP address validation bypass | known affected: 9 | 2026-07-15T14:16:35+00:00 | Vulnerability · Source |
| CVE-2026-53015 | redhat_vex | kernel: erofs: unify lcn as u64 for 32-bit platforms | known affected: 76 known not affected: 198 | 2026-07-15T14:07:06+00:00 | Vulnerability · Source |
| CVE-2026-49458 | redhat_vex | dompurify: DOMPurify: Cross-site scripting due to improper sanitization of DOM nodes | known affected: 13 under investigation: 35 | 2026-07-15T14:07:04+00:00 | Vulnerability · Source |
| CVE-2026-53014 | redhat_vex | kernel: net/sched: act_mirred: fix wrong device for mac_header_xmit check in tcf_blockcast_redir | known affected: 198 known not affected: 76 | 2026-07-15T14:06:52+00:00 | Vulnerability · Source |
| CVE-2026-48125 | redhat_vex | ua-parser-js: UAParser.js: Denial of Service via crafted Client Hints header | known affected: 19 known not affected: 1 | 2026-07-15T14:06:49+00:00 | Vulnerability · Source |
| CVE-2026-49459 | redhat_vex | dompurify: DOMPurify: Cross-site scripting bypass allows arbitrary script execution | known affected: 13 under investigation: 35 | 2026-07-15T14:01:06+00:00 | Vulnerability · Source |
| CVE-2026-15809 | redhat_vex | github.com/cri-o/cri-o: Fix Bypass for CVE-2022-4318 — /etc/passwd Injection via HOME env | known affected: 5 | 2026-07-15T13:51:58+00:00 | Vulnerability · Source |
| CVE-2026-29111 | redhat_vex | systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data | fixed: 697 known affected: 90 known not affected: 15 under investigation: 1 | 2026-07-15T13:36:26+00:00 | Vulnerability · Source |
| CVE-2026-40355 | redhat_vex | krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism | fixed: 328 known affected: 17 under investigation: 1 | 2026-07-15T13:31:57+00:00 | Vulnerability · Source |
| CVE-2026-56208 | redhat_vex | libaom: libaom: heap buffer overflow in AV1 encoder first-pass stats buffer via LAP mode | fixed: 3 known affected: 45 known not affected: 9 | 2026-07-15T13:31:30+00:00 | Vulnerability · Source |
| CVE-2026-13030 | redhat_vex | chromium-browser: chromium-browser: Uninitialized Use in GPU | known not affected: 1 | 2026-07-15T13:26:56+00:00 | Vulnerability · Source |
| CVE-2026-52994 | redhat_vex | kernel: vsock/virtio: fix MSG_ZEROCOPY pinned-pages accounting | known affected: 184 known not affected: 90 | 2026-07-15T13:17:29+00:00 | Vulnerability · Source |
| CVE-2026-52995 | redhat_vex | kernel: net/rds: zero per-item info buffer before handing it to visitors | known affected: 14 known not affected: 260 | 2026-07-15T13:17:27+00:00 | Vulnerability · Source |
| CVE-2026-34487 | redhat_vex | Apache Tomcat: Apache Tomcat: Information disclosure via sensitive data in log files | fixed: 43 known affected: 55 under investigation: 1 | 2026-07-15T13:15:11+00:00 | Vulnerability · Source |
| CVE-2026-34483 | redhat_vex | Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve | fixed: 43 known affected: 55 under investigation: 1 | 2026-07-15T13:15:10+00:00 | Vulnerability · Source |
| CVE-2026-29129 | redhat_vex | Apache Tomcat: Apache Tomcat: Configured cipher preference order not preserved | fixed: 9 known affected: 55 known not affected: 2 | 2026-07-15T13:15:07+00:00 | Vulnerability · Source |
| CVE-2026-25854 | redhat_vex | Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve | fixed: 43 known affected: 56 | 2026-07-15T13:15:06+00:00 | Vulnerability · Source |
| CVE-2026-24880 | redhat_vex | Apache Tomcat: Apache Tomcat: HTTP Request/Response Smuggling via invalid chunk extension | fixed: 43 known affected: 56 | 2026-07-15T13:15:04+00:00 | Vulnerability · Source |
| CVE-2026-24733 | redhat_vex | tomcat: security constraint bypass with HTTP/0.9 | fixed: 47 known affected: 56 | 2026-07-15T13:15:02+00:00 | Vulnerability · Source |
| CVE-2026-34500 | redhat_vex | Apache Tomcat: Apache Tomcat: Authentication bypass via client certificate misconfiguration | fixed: 43 known affected: 55 under investigation: 1 | 2026-07-15T13:14:55+00:00 | Vulnerability · Source |
| CVE-2026-32990 | redhat_vex | Apache Tomcat: Apache Tomcat: Improper Input Validation vulnerability due to incomplete fix | fixed: 43 known affected: 56 | 2026-07-15T13:14:53+00:00 | Vulnerability · Source |
| CVE-2026-29145 | redhat_vex | Apache Tomcat: Apache Tomcat: Authentication bypass due to CLIENT_CERT soft fail misconfiguration | fixed: 43 known affected: 56 | 2026-07-15T13:14:50+00:00 | Vulnerability · Source |
| CVE-2025-66614 | redhat_vex | tomcat: Client certificate verification bypass due to virtual host mapping | fixed: 47 known affected: 56 | 2026-07-15T13:14:50+00:00 | Vulnerability · Source |
| CVE-2026-24734 | redhat_vex | tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation | fixed: 74 known affected: 1 known not affected: 37 | 2026-07-15T13:13:36+00:00 | Vulnerability · Source |
| CVE-2026-45445 | redhat_vex | openssl: AES-OCB IV Ignored on EVP_Cipher() Path | fixed: 104 known affected: 1 known not affected: 52 | 2026-07-15T13:12:33+00:00 | Vulnerability · Source |
| CVE-2026-42764 | redhat_vex | openssl: NULL pointer dereference in QUIC server initial packet handling | fixed: 104 known affected: 24 known not affected: 29 | 2026-07-15T13:12:26+00:00 | Vulnerability · Source |
| CVE-2026-34183 | redhat_vex | openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler | fixed: 104 known affected: 1 known not affected: 52 | 2026-07-15T13:12:25+00:00 | Vulnerability · Source |
| CVE-2026-34182 | redhat_vex | openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages | fixed: 104 known affected: 1 known not affected: 52 | 2026-07-15T13:12:21+00:00 | Vulnerability · Source |
| CVE-2026-31790 | redhat_vex | openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key | fixed: 248 known affected: 6 known not affected: 48 under investigation: 1 | 2026-07-15T13:12:19+00:00 | Vulnerability · Source |
| CVE-2026-5450 | redhat_vex | glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width | fixed: 8703 known affected: 3 known not affected: 1 | 2026-07-15T13:12:16+00:00 | Vulnerability · Source |
| CVE-2026-0915 | redhat_vex | glibc: glibc: Information disclosure via zero-valued network query | fixed: 2047 known affected: 22 known not affected: 1008 | 2026-07-15T13:10:24+00:00 | Vulnerability · Source |
| CVE-2025-5278 | redhat_vex | coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification | fixed: 75 known affected: 8 known not affected: 11 | 2026-07-15T13:10:22+00:00 | Vulnerability · Source |
| CVE-2026-45447 | redhat_vex | openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() | fixed: 265 known affected: 14 known not affected: 42 under investigation: 4 | 2026-07-15T13:09:50+00:00 | Vulnerability · Source |
| CVE-2026-4878 | redhat_vex | libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() | fixed: 363 known affected: 7 known not affected: 3 under investigation: 1 | 2026-07-15T13:09:49+00:00 | Vulnerability · Source |
| CVE-2026-15779 | redhat_vex | samba-winbind: samba: pam_winbind mkhomedir chowns critical system paths without validation | known affected: 5 | 2026-07-15T13:06:57+00:00 | Vulnerability · Source |
| CVE-2026-59874 | redhat_vex | tar: Node-tar: Denial of Service via malformed tar archive header | known affected: 144 known not affected: 23 | 2026-07-15T13:01:00+00:00 | Vulnerability · Source |
| CVE-2026-59873 | redhat_vex | tar: node-tar: Denial of Service via crafted gzip bomb | known affected: 143 known not affected: 24 | 2026-07-15T13:00:57+00:00 | Vulnerability · Source |
| CVE-2026-3832 | redhat_vex | gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response | fixed: 209 known affected: 7 known not affected: 20 under investigation: 1 | 2026-07-15T12:50:11+00:00 | Vulnerability · Source |
| CVE-2025-21834 | redhat_vex | kernel: seccomp: passthrough uretprobe systemcall without filtering | known affected: 104 known not affected: 170 | 2026-07-15T12:50:10+00:00 | Vulnerability · Source |
| CVE-2026-33551 | redhat_vex | openstack-keystone: OpenStack Keystone: Privilege escalation through EC2 credential creation | fixed: 6 known affected: 6 known not affected: 11 | 2026-07-15T12:50:05+00:00 | Vulnerability · Source |
| CVE-2026-25680 | redhat_vex | golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing | fixed: 144 known affected: 489 known not affected: 170 under investigation: 2 | 2026-07-15T12:49:55+00:00 | Vulnerability · Source |
| CVE-2026-46635 | redhat_vex | twig/twig: Twig: Information disclosure via column filter in template language | known not affected: 1 | 2026-07-15T12:49:31+00:00 | Vulnerability · Source |
| CVE-2026-47730 | redhat_vex | twig/twig: Twig: Cross-site Scripting (XSS) vulnerability in HTML profiler dump | known not affected: 1 | 2026-07-15T12:49:30+00:00 | Vulnerability · Source |
| CVE-2026-48808 | redhat_vex | twig/twig: Twig: Information Disclosure via Sandbox Bypass in Column Filter | known not affected: 1 | 2026-07-15T12:49:30+00:00 | Vulnerability · Source |
| CVE-2026-48805 | redhat_vex | twig/twig: Twig: Sandbox bypass vulnerability via deprecated internal wrappers | known not affected: 1 | 2026-07-15T12:49:28+00:00 | Vulnerability · Source |
| CVE-2026-40683 | redhat_vex | OpenStack Keystone: OpenStack Keystone: Unauthorized access due to incorrect LDAP user status handling | fixed: 3 known affected: 8 known not affected: 1 | 2026-07-15T12:48:59+00:00 | Vulnerability · Source |
| CVE-2022-41724 | redhat_vex | golang: crypto/tls: large handshake records may cause panics | fixed: 1716 known affected: 86 known not affected: 2714 | 2026-07-15T12:39:13+00:00 | Vulnerability · Source |
| CVE-2026-53633 | redhat_vex | @vitest/browser: vite-plus: Vitest: Remote code execution via exposed Chrome DevTools Protocol API | known not affected: 1 | 2026-07-15T12:35:56+00:00 | Vulnerability · Source |
| CVE-2026-49978 | redhat_vex | dompurify: DOMPurify: Cross-site scripting vulnerability allows code execution | known affected: 13 under investigation: 34 | 2026-07-15T12:32:55+00:00 | Vulnerability · Source |
| CVE-2026-50651 | redhat_vex | dotnet: SocketsHttpHandler Http2Connection - HTTP/2 SETTINGS/PING ACK flood causing OOM | fixed: 6 known affected: 10 known not affected: 17 under investigation: 130 | 2026-07-15T12:32:42+00:00 | Vulnerability · Source |