VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221692 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-42264 | redhat_vex | axios: Axios: Prototype pollution allows information disclosure and request manipulation | fixed: 44 known affected: 47 known not affected: 176 | 2026-07-15T07:51:06+00:00 | Vulnerability · Source |
| CVE-2026-10846 | redhat_vex | ldns: ldns: Off-path poisoning attacks due to insufficient query-response matching | known affected: 25 | 2026-07-15T06:55:46+00:00 | Vulnerability · Source |
| CVE-2026-12325 | redhat_vex | firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component | fixed: 260 known affected: 8 | 2026-07-15T05:48:54+00:00 | Vulnerability · Source |
| CVE-2026-12324 | redhat_vex | firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component | fixed: 260 known affected: 8 | 2026-07-15T05:48:51+00:00 | Vulnerability · Source |
| CVE-2026-39244 | redhat_vex | adm-zip: adm-zip: Denial of Service via crafted ZIP file leading to excessive memory allocation | known affected: 15 under investigation: 7 | 2026-07-15T05:48:37+00:00 | Vulnerability · Source |
| CVE-2026-12330 | redhat_vex | firefox: thunderbird: Incorrect boundary conditions in the Internationalization component | fixed: 260 known affected: 8 | 2026-07-15T05:47:54+00:00 | Vulnerability · Source |
| CVE-2026-12327 | redhat_vex | firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 | fixed: 260 known affected: 8 | 2026-07-15T05:47:51+00:00 | Vulnerability · Source |
| CVE-2026-12315 | redhat_vex | firefox: thunderbird: Mitigation bypass in the DOM: Security component | fixed: 260 known affected: 8 | 2026-07-15T05:47:48+00:00 | Vulnerability · Source |
| CVE-2026-12314 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:47:47+00:00 | Vulnerability · Source |
| CVE-2026-12313 | redhat_vex | firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component | fixed: 260 known affected: 8 | 2026-07-15T05:47:46+00:00 | Vulnerability · Source |
| CVE-2026-12312 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:47:41+00:00 | Vulnerability · Source |
| CVE-2026-12311 | redhat_vex | firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component | fixed: 260 known affected: 8 | 2026-07-15T05:47:39+00:00 | Vulnerability · Source |
| CVE-2026-12310 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:47:37+00:00 | Vulnerability · Source |
| CVE-2026-12309 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:47:34+00:00 | Vulnerability · Source |
| CVE-2026-12308 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:47:31+00:00 | Vulnerability · Source |
| CVE-2026-12307 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:47:27+00:00 | Vulnerability · Source |
| CVE-2026-12306 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:47:26+00:00 | Vulnerability · Source |
| CVE-2026-12305 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:47:24+00:00 | Vulnerability · Source |
| CVE-2026-12302 | redhat_vex | firefox: thunderbird: Mitigation bypass in the DOM: Security component | fixed: 260 known affected: 8 | 2026-07-15T05:47:21+00:00 | Vulnerability · Source |
| CVE-2026-12304 | redhat_vex | firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component | fixed: 260 known affected: 8 | 2026-07-15T05:47:21+00:00 | Vulnerability · Source |
| CVE-2026-12329 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:31:38+00:00 | Vulnerability · Source |
| CVE-2026-12328 | redhat_vex | firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 | fixed: 260 known affected: 8 | 2026-07-15T05:31:33+00:00 | Vulnerability · Source |
| CVE-2026-12299 | redhat_vex | firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component | fixed: 260 known affected: 8 | 2026-07-15T05:31:28+00:00 | Vulnerability · Source |
| CVE-2026-12298 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:31:24+00:00 | Vulnerability · Source |
| CVE-2026-12297 | redhat_vex | firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component | fixed: 260 known affected: 8 | 2026-07-15T05:31:18+00:00 | Vulnerability · Source |
| CVE-2026-12296 | redhat_vex | firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component | fixed: 260 known affected: 8 | 2026-07-15T05:31:14+00:00 | Vulnerability · Source |
| CVE-2026-12295 | redhat_vex | firefox: thunderbird: Sandbox escape in the DOM: Navigation component | fixed: 260 known affected: 8 | 2026-07-15T05:31:06+00:00 | Vulnerability · Source |
| CVE-2026-12294 | redhat_vex | firefox: thunderbird: Sandbox escape in the DOM: Workers component | fixed: 260 known affected: 8 | 2026-07-15T05:31:00+00:00 | Vulnerability · Source |
| CVE-2026-12292 | redhat_vex | firefox: thunderbird: Incorrect boundary conditions in the Web Audio component | fixed: 260 known affected: 8 | 2026-07-15T05:30:53+00:00 | Vulnerability · Source |
| CVE-2026-12291 | redhat_vex | firefox: thunderbird: Use-after-free in the Networking: HTTP component | fixed: 260 known affected: 8 | 2026-07-15T05:30:47+00:00 | Vulnerability · Source |
| CVE-2026-12290 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:30:38+00:00 | Vulnerability · Source |
| CVE-2026-12289 | redhat_vex | firefox: thunderbird: Privilege escalation in the Graphics: WebRender component | fixed: 260 known affected: 8 | 2026-07-15T05:30:33+00:00 | Vulnerability · Source |
| CVE-2026-12505 | redhat_vex | cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall | fixed: 143 known affected: 5 | 2026-07-15T04:44:40+00:00 | Vulnerability · Source |
| CVE-2025-43213 | redhat_vex | webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash | fixed: 509 known affected: 4 known not affected: 5 | 2026-07-15T03:16:38+00:00 | Vulnerability · Source |
| CVE-2021-47952 | redhat_vex | python-jsonpickle: python-jsonpickle: Arbitrary Code Execution via Malicious JSON Deserialization | known not affected: 2 | 2026-07-15T03:16:31+00:00 | Vulnerability · Source |
| CVE-2026-1207 | redhat_vex | Django: Django: SQL Injection via RasterField band index parameter | fixed: 122 known affected: 6 known not affected: 4552 | 2026-07-15T03:13:09+00:00 | Vulnerability · Source |
| CVE-2026-0877 | redhat_vex | firefox: thunderbird: Mitigation bypass in the DOM: Security component | fixed: 320 known affected: 7 | 2026-07-15T03:13:07+00:00 | Vulnerability · Source |
| CVE-2025-70974 | redhat_vex | fastjson: Fastjson: Remote Code Execution via JNDI Injection due to autoType mishandling | known not affected: 14 | 2026-07-15T03:13:03+00:00 | Vulnerability · Source |
| CVE-2025-43441 | redhat_vex | webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash | fixed: 482 known affected: 4 known not affected: 5 | 2026-07-15T03:12:35+00:00 | Vulnerability · Source |
| CVE-2026-8946 | redhat_vex | firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component | fixed: 260 known affected: 8 | 2026-07-15T03:00:00+00:00 | Vulnerability · Source |
| CVE-2026-48779 | redhat_vex | ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments | fixed: 101 known affected: 58 known not affected: 295 under investigation: 30 | 2026-07-15T03:00:00+00:00 | Vulnerability · Source |
| CVE-2026-45829 | redhat_vex | chromadb: ChromaDB Python Project: Arbitrary code execution via pre-authentication code injection | known not affected: 4 | 2026-07-15T03:00:00+00:00 | Vulnerability · Source |
| CVE-2026-13149 | redhat_vex | brace-expansion: Brace-expansion: Denial of Service due to exponential-time complexity | fixed: 12 known affected: 183 known not affected: 65 | 2026-07-15T03:00:00+00:00 | Vulnerability · Source |
| CVE-2026-24869 | redhat_vex | firefox: Use-after-free in the Layout: Scrolling and Overflow component | known not affected: 12 | 2026-07-15T02:42:36+00:00 | Vulnerability · Source |
| CVE-2026-2447 | redhat_vex | libvpx: Heap buffer overflow in libvpx | fixed: 721 known affected: 7 | 2026-07-15T02:42:24+00:00 | Vulnerability · Source |
| CVE-2026-23868 | redhat_vex | giflib: Giflib: Double-free vulnerability leading to memory corruption | fixed: 480 known affected: 3 | 2026-07-15T02:42:01+00:00 | Vulnerability · Source |
| CVE-2026-25521 | redhat_vex | locutus: Locutus is vulnerable to Prototype Pollution | known not affected: 6 | 2026-07-15T02:41:27+00:00 | Vulnerability · Source |
| CVE-2026-2797 | redhat_vex | firefox: thunderbird: Use-after-free in the JavaScript: GC component | known not affected: 18 | 2026-07-15T02:38:06+00:00 | Vulnerability · Source |
| CVE-2026-2759 | redhat_vex | firefox: thunderbird: Incorrect boundary conditions in the Graphics: ImageLib component | fixed: 320 known affected: 6 | 2026-07-15T02:38:02+00:00 | Vulnerability · Source |
| CVE-2026-2611 | redhat_vex | mlflow: MLflow: Arbitrary Code Execution via Improper Origin Validation | known not affected: 19 | 2026-07-15T02:37:51+00:00 | Vulnerability · Source |