VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221692 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-2761 redhat_vex firefox: thunderbird: Sandbox escape in the Graphics: WebRender component fixed: 320 known affected: 6 2026-07-15T02:36:52+00:00 Vulnerability · Source
CVE-2026-2651 redhat_vex github.com/mlflow/mlflow: MLflow: Arbitrary code execution via unauthorized multipart upload access known not affected: 19 2026-07-15T02:36:38+00:00 Vulnerability · Source
CVE-2026-2766 redhat_vex firefox: thunderbird: Use-after-free in the JavaScript Engine: JIT component fixed: 320 known affected: 8 2026-07-15T02:36:21+00:00 Vulnerability · Source
CVE-2026-31837 redhat_vex istio: Istio: Information disclosure and authentication bypass via JWKS resolver unavailability fixed: 36 known affected: 9 known not affected: 271 2026-07-15T02:32:38+00:00 Vulnerability · Source
CVE-2026-33870 redhat_vex io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values fixed: 67 known affected: 33 known not affected: 460 2026-07-15T02:26:36+00:00 Vulnerability · Source
CVE-2026-37555 redhat_vex libsndfile: integer overflow in ima_reader_init() fixed: 328 known affected: 7 2026-07-15T02:23:27+00:00 Vulnerability · Source
CVE-2026-3505 redhat_vex bouncycastle: BC-JAVA: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion fixed: 17 known affected: 14 known not affected: 218 2026-07-15T02:23:21+00:00 Vulnerability · Source
CVE-2026-41044 redhat_vex org.apache.activemq/activemq-broker: org.apache.activemq/activemq-all: Apache ActiveMQ: Arbitrary code execution via improper input validation in admin console known affected: 1 known not affected: 13 2026-07-15T02:22:26+00:00 Vulnerability · Source
CVE-2026-40860 redhat_vex Apache Camel: camel-jms: camel-sjms: camel-sjms2: camel-amqp: camel-activemq: camel-activemq6: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage fixed: 2 known affected: 2 known not affected: 7 2026-07-15T02:22:22+00:00 Vulnerability · Source
CVE-2026-4698 redhat_vex firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component fixed: 320 known affected: 8 2026-07-15T02:07:35+00:00 Vulnerability · Source
CVE-2026-58253 microsoft_vex NATS Server: Route API Auth Bypass fixed: 1 known affected: 1 2026-07-15T01:41:30+00:00 Vulnerability · Source
CVE-2026-58209 microsoft_vex NATS Server: MQTT retained and QoS replay bypass subscribe deny filters fixed: 1 known affected: 1 2026-07-15T01:41:23+00:00 Vulnerability · Source
CVE-2026-58252 microsoft_vex NATS Server: Subscribe Authz Bypass via Wildcard-Overlap fixed: 1 known affected: 1 2026-07-15T01:41:15+00:00 Vulnerability · Source
CVE-2026-58250 microsoft_vex NATS Server: Pre-auth server crash via double INFO in leafnode handshake fixed: 1 known affected: 1 2026-07-15T01:41:08+00:00 Vulnerability · Source
CVE-2026-58208 microsoft_vex NATS Server: MQTT-over-WebSocket Path Can Crash WebSocket-Only JetStream Servers Before MQTT Is Enabled fixed: 1 known affected: 1 2026-07-15T01:41:00+00:00 Vulnerability · Source
CVE-2026-58251 microsoft_vex NATS Server: Queue Subscribe Authz Bypass fixed: 1 known affected: 1 2026-07-15T01:40:53+00:00 Vulnerability · Source
CVE-2026-58207 microsoft_vex NATS Server: Remote crash via integer overflow in Connz pagination fixed: 1 known affected: 1 2026-07-15T01:40:45+00:00 Vulnerability · Source
CVE-2026-56288 microsoft_vex NULL Pointer Dereference in GNU patch fixed: 1 known affected: 2 2026-07-15T01:40:21+00:00 Vulnerability · Source
CVE-2026-56289 microsoft_vex Loop with Unreachable Exit Condition in GNU patch fixed: 1 known affected: 2 2026-07-15T01:40:12+00:00 Vulnerability · Source
CVE-2026-43966 microsoft_vex HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2 fixed: 1 known affected: 2 2026-07-15T01:39:37+00:00 Vulnerability · Source
CVE-2026-44839 microsoft_vex RabbitMQ: Unsanitized vhost names allow for XSS in management UI fixed: 1 known affected: 3 2026-07-15T01:39:24+00:00 Vulnerability · Source
CVE-2025-44904 microsoft_vex hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function. fixed: 1 known affected: 4 2026-07-15T01:39:09+00:00 Vulnerability · Source
CVE-2026-52969 redhat_vex kernel: KVM: Reject wrapped offset in kvm_reset_dirty_gfn() known not affected: 274 2026-07-15T01:25:51+00:00 Vulnerability · Source
CVE-2026-52910 redhat_vex kernel: bpf: Free reuseport cBPF prog after RCU grace period known affected: 246 known not affected: 28 2026-07-15T01:12:54+00:00 Vulnerability · Source
CVE-2026-53437 redhat_vex jenkins: Jenkins: Phishing attack via improper redirect URL validation known affected: 1 2026-07-15T01:11:23+00:00 Vulnerability · Source
CVE-2026-6748 redhat_vex firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component fixed: 368 known affected: 8 2026-07-15T01:08:09+00:00 Vulnerability · Source
CVE-2026-8389 redhat_vex firefox: JIT miscompilation in the JavaScript Engine: JIT component known not affected: 12 2026-07-15T01:08:05+00:00 Vulnerability · Source
CVE-2026-8388 redhat_vex firefox: thunderbird: Incorrect boundary conditions in the JavaScript Engine: JIT component fixed: 260 known affected: 8 2026-07-15T01:08:02+00:00 Vulnerability · Source
CVE-2026-8947 redhat_vex firefox: thunderbird: Use-after-free in the DOM: Bindings (WebIDL) component fixed: 260 known affected: 8 2026-07-15T01:07:59+00:00 Vulnerability · Source
CVE-2026-8948 redhat_vex firefox: thunderbird: Same-origin policy bypass in the DOM: Networking component known not affected: 23 2026-07-15T01:07:56+00:00 Vulnerability · Source
CVE-2026-8401 redhat_vex firefox: thunderbird: Sandbox escape in the Profile Backup component fixed: 260 known affected: 8 2026-07-15T01:07:42+00:00 Vulnerability · Source
CVE-2026-8975 redhat_vex firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 fixed: 260 known affected: 8 2026-07-15T01:07:31+00:00 Vulnerability · Source
CVE-2026-6749 redhat_vex firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component fixed: 368 known affected: 8 2026-07-15T01:07:25+00:00 Vulnerability · Source
CVE-2026-8391 redhat_vex firefox: thunderbird: Other issue in the JavaScript Engine component fixed: 260 known affected: 8 2026-07-15T01:06:35+00:00 Vulnerability · Source
CVE-2026-6752 redhat_vex firefox: thunderbird: Incorrect boundary conditions in the WebRTC component fixed: 368 known affected: 8 2026-07-15T01:06:22+00:00 Vulnerability · Source
CVE-2026-15308 microsoft_vex Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations known affected: 2 2026-07-15T01:03:21+00:00 Vulnerability · Source
CVE-2026-57215 microsoft_vex RabbitMQ: Direct-reply-to binding persistence can lead to unauthorized reply-channel injection and persistent phantom known affected: 1 2026-07-15T01:03:16+00:00 Vulnerability · Source
CVE-2026-57211 microsoft_vex RabbitMQ: UNC SSRF affecting the management UI on Windows known affected: 1 2026-07-15T01:03:10+00:00 Vulnerability · Source
CVE-2026-57216 microsoft_vex RabbitMQ: AMQP 1.0, AMQP 0-9-1, Stream Protocol loopback enforcement can lead to remote guest sessions due to listener-address loopback checks known affected: 1 2026-07-15T01:02:45+00:00 Vulnerability · Source
CVE-2026-57213 microsoft_vex RabbitMQ: Stored XSS federation management plugin via unsanitized consumer_tag rendering known affected: 1 2026-07-15T01:02:32+00:00 Vulnerability · Source
CVE-2026-57217 microsoft_vex RabbitMQ: Topic authorization can lead to cross-tenant routing-key bypass known affected: 1 2026-07-15T01:02:26+00:00 Vulnerability · Source
CVE-2026-57220 microsoft_vex RabbitMQ: Stream listener does not enforce configured frame-size limit during authentication, permitting unauth'd mem-exhaust DoS known affected: 1 2026-07-15T01:02:20+00:00 Vulnerability · Source
CVE-2026-57219 microsoft_vex RabbitMQ: Unauthenticated disclosure of OAuth client credentials via an HTTP API endpoint with certain less common OAuth 2 configurations known affected: 1 2026-07-15T01:02:14+00:00 Vulnerability · Source
CVE-2026-59875 microsoft_vex node-tar: Uncaught Exception DoS via NUL byte in PAX path/linkpath records known affected: 1 2026-07-15T01:01:52+00:00 Vulnerability · Source
CVE-2026-42505 microsoft_vex Invoking Encrypted Client Hello privacy leak in crypto/tls known affected: 2 2026-07-15T01:01:45+00:00 Vulnerability · Source
CVE-2026-39822 microsoft_vex Root escape via symlink plus trailing slash in os known affected: 2 2026-07-15T01:01:36+00:00 Vulnerability · Source
CVE-2026-13221 microsoft_vex Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk fixed: 1 known affected: 1 2026-07-15T01:01:27+00:00 Vulnerability · Source
CVE-2026-57432 microsoft_vex Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack fixed: 1 known affected: 1 2026-07-15T01:01:20+00:00 Vulnerability · Source
CVE-2024-22047 redhat_vex audited: race condition can lead to audit logs being incorrectly attributed to the wrong user fixed: 2 known not affected: 1862 2026-07-15T00:08:17+00:00 Vulnerability · Source
CVE-2026-60103 redhat_vex blender: Blender: Denial of Service and information disclosure via crafted .blend file known not affected: 1 2026-07-15T00:07:46+00:00 Vulnerability · Source