VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221692 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-2761 | redhat_vex | firefox: thunderbird: Sandbox escape in the Graphics: WebRender component | fixed: 320 known affected: 6 | 2026-07-15T02:36:52+00:00 | Vulnerability · Source |
| CVE-2026-2651 | redhat_vex | github.com/mlflow/mlflow: MLflow: Arbitrary code execution via unauthorized multipart upload access | known not affected: 19 | 2026-07-15T02:36:38+00:00 | Vulnerability · Source |
| CVE-2026-2766 | redhat_vex | firefox: thunderbird: Use-after-free in the JavaScript Engine: JIT component | fixed: 320 known affected: 8 | 2026-07-15T02:36:21+00:00 | Vulnerability · Source |
| CVE-2026-31837 | redhat_vex | istio: Istio: Information disclosure and authentication bypass via JWKS resolver unavailability | fixed: 36 known affected: 9 known not affected: 271 | 2026-07-15T02:32:38+00:00 | Vulnerability · Source |
| CVE-2026-33870 | redhat_vex | io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values | fixed: 67 known affected: 33 known not affected: 460 | 2026-07-15T02:26:36+00:00 | Vulnerability · Source |
| CVE-2026-37555 | redhat_vex | libsndfile: integer overflow in ima_reader_init() | fixed: 328 known affected: 7 | 2026-07-15T02:23:27+00:00 | Vulnerability · Source |
| CVE-2026-3505 | redhat_vex | bouncycastle: BC-JAVA: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion | fixed: 17 known affected: 14 known not affected: 218 | 2026-07-15T02:23:21+00:00 | Vulnerability · Source |
| CVE-2026-41044 | redhat_vex | org.apache.activemq/activemq-broker: org.apache.activemq/activemq-all: Apache ActiveMQ: Arbitrary code execution via improper input validation in admin console | known affected: 1 known not affected: 13 | 2026-07-15T02:22:26+00:00 | Vulnerability · Source |
| CVE-2026-40860 | redhat_vex | Apache Camel: camel-jms: camel-sjms: camel-sjms2: camel-amqp: camel-activemq: camel-activemq6: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage | fixed: 2 known affected: 2 known not affected: 7 | 2026-07-15T02:22:22+00:00 | Vulnerability · Source |
| CVE-2026-4698 | redhat_vex | firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component | fixed: 320 known affected: 8 | 2026-07-15T02:07:35+00:00 | Vulnerability · Source |
| CVE-2026-58253 | microsoft_vex | NATS Server: Route API Auth Bypass | fixed: 1 known affected: 1 | 2026-07-15T01:41:30+00:00 | Vulnerability · Source |
| CVE-2026-58209 | microsoft_vex | NATS Server: MQTT retained and QoS replay bypass subscribe deny filters | fixed: 1 known affected: 1 | 2026-07-15T01:41:23+00:00 | Vulnerability · Source |
| CVE-2026-58252 | microsoft_vex | NATS Server: Subscribe Authz Bypass via Wildcard-Overlap | fixed: 1 known affected: 1 | 2026-07-15T01:41:15+00:00 | Vulnerability · Source |
| CVE-2026-58250 | microsoft_vex | NATS Server: Pre-auth server crash via double INFO in leafnode handshake | fixed: 1 known affected: 1 | 2026-07-15T01:41:08+00:00 | Vulnerability · Source |
| CVE-2026-58208 | microsoft_vex | NATS Server: MQTT-over-WebSocket Path Can Crash WebSocket-Only JetStream Servers Before MQTT Is Enabled | fixed: 1 known affected: 1 | 2026-07-15T01:41:00+00:00 | Vulnerability · Source |
| CVE-2026-58251 | microsoft_vex | NATS Server: Queue Subscribe Authz Bypass | fixed: 1 known affected: 1 | 2026-07-15T01:40:53+00:00 | Vulnerability · Source |
| CVE-2026-58207 | microsoft_vex | NATS Server: Remote crash via integer overflow in Connz pagination | fixed: 1 known affected: 1 | 2026-07-15T01:40:45+00:00 | Vulnerability · Source |
| CVE-2026-56288 | microsoft_vex | NULL Pointer Dereference in GNU patch | fixed: 1 known affected: 2 | 2026-07-15T01:40:21+00:00 | Vulnerability · Source |
| CVE-2026-56289 | microsoft_vex | Loop with Unreachable Exit Condition in GNU patch | fixed: 1 known affected: 2 | 2026-07-15T01:40:12+00:00 | Vulnerability · Source |
| CVE-2026-43966 | microsoft_vex | HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2 | fixed: 1 known affected: 2 | 2026-07-15T01:39:37+00:00 | Vulnerability · Source |
| CVE-2026-44839 | microsoft_vex | RabbitMQ: Unsanitized vhost names allow for XSS in management UI | fixed: 1 known affected: 3 | 2026-07-15T01:39:24+00:00 | Vulnerability · Source |
| CVE-2025-44904 | microsoft_vex | hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function. | fixed: 1 known affected: 4 | 2026-07-15T01:39:09+00:00 | Vulnerability · Source |
| CVE-2026-52969 | redhat_vex | kernel: KVM: Reject wrapped offset in kvm_reset_dirty_gfn() | known not affected: 274 | 2026-07-15T01:25:51+00:00 | Vulnerability · Source |
| CVE-2026-52910 | redhat_vex | kernel: bpf: Free reuseport cBPF prog after RCU grace period | known affected: 246 known not affected: 28 | 2026-07-15T01:12:54+00:00 | Vulnerability · Source |
| CVE-2026-53437 | redhat_vex | jenkins: Jenkins: Phishing attack via improper redirect URL validation | known affected: 1 | 2026-07-15T01:11:23+00:00 | Vulnerability · Source |
| CVE-2026-6748 | redhat_vex | firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component | fixed: 368 known affected: 8 | 2026-07-15T01:08:09+00:00 | Vulnerability · Source |
| CVE-2026-8389 | redhat_vex | firefox: JIT miscompilation in the JavaScript Engine: JIT component | known not affected: 12 | 2026-07-15T01:08:05+00:00 | Vulnerability · Source |
| CVE-2026-8388 | redhat_vex | firefox: thunderbird: Incorrect boundary conditions in the JavaScript Engine: JIT component | fixed: 260 known affected: 8 | 2026-07-15T01:08:02+00:00 | Vulnerability · Source |
| CVE-2026-8947 | redhat_vex | firefox: thunderbird: Use-after-free in the DOM: Bindings (WebIDL) component | fixed: 260 known affected: 8 | 2026-07-15T01:07:59+00:00 | Vulnerability · Source |
| CVE-2026-8948 | redhat_vex | firefox: thunderbird: Same-origin policy bypass in the DOM: Networking component | known not affected: 23 | 2026-07-15T01:07:56+00:00 | Vulnerability · Source |
| CVE-2026-8401 | redhat_vex | firefox: thunderbird: Sandbox escape in the Profile Backup component | fixed: 260 known affected: 8 | 2026-07-15T01:07:42+00:00 | Vulnerability · Source |
| CVE-2026-8975 | redhat_vex | firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 | fixed: 260 known affected: 8 | 2026-07-15T01:07:31+00:00 | Vulnerability · Source |
| CVE-2026-6749 | redhat_vex | firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component | fixed: 368 known affected: 8 | 2026-07-15T01:07:25+00:00 | Vulnerability · Source |
| CVE-2026-8391 | redhat_vex | firefox: thunderbird: Other issue in the JavaScript Engine component | fixed: 260 known affected: 8 | 2026-07-15T01:06:35+00:00 | Vulnerability · Source |
| CVE-2026-6752 | redhat_vex | firefox: thunderbird: Incorrect boundary conditions in the WebRTC component | fixed: 368 known affected: 8 | 2026-07-15T01:06:22+00:00 | Vulnerability · Source |
| CVE-2026-15308 | microsoft_vex | Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations | known affected: 2 | 2026-07-15T01:03:21+00:00 | Vulnerability · Source |
| CVE-2026-57215 | microsoft_vex | RabbitMQ: Direct-reply-to binding persistence can lead to unauthorized reply-channel injection and persistent phantom | known affected: 1 | 2026-07-15T01:03:16+00:00 | Vulnerability · Source |
| CVE-2026-57211 | microsoft_vex | RabbitMQ: UNC SSRF affecting the management UI on Windows | known affected: 1 | 2026-07-15T01:03:10+00:00 | Vulnerability · Source |
| CVE-2026-57216 | microsoft_vex | RabbitMQ: AMQP 1.0, AMQP 0-9-1, Stream Protocol loopback enforcement can lead to remote guest sessions due to listener-address loopback checks | known affected: 1 | 2026-07-15T01:02:45+00:00 | Vulnerability · Source |
| CVE-2026-57213 | microsoft_vex | RabbitMQ: Stored XSS federation management plugin via unsanitized consumer_tag rendering | known affected: 1 | 2026-07-15T01:02:32+00:00 | Vulnerability · Source |
| CVE-2026-57217 | microsoft_vex | RabbitMQ: Topic authorization can lead to cross-tenant routing-key bypass | known affected: 1 | 2026-07-15T01:02:26+00:00 | Vulnerability · Source |
| CVE-2026-57220 | microsoft_vex | RabbitMQ: Stream listener does not enforce configured frame-size limit during authentication, permitting unauth'd mem-exhaust DoS | known affected: 1 | 2026-07-15T01:02:20+00:00 | Vulnerability · Source |
| CVE-2026-57219 | microsoft_vex | RabbitMQ: Unauthenticated disclosure of OAuth client credentials via an HTTP API endpoint with certain less common OAuth 2 configurations | known affected: 1 | 2026-07-15T01:02:14+00:00 | Vulnerability · Source |
| CVE-2026-59875 | microsoft_vex | node-tar: Uncaught Exception DoS via NUL byte in PAX path/linkpath records | known affected: 1 | 2026-07-15T01:01:52+00:00 | Vulnerability · Source |
| CVE-2026-42505 | microsoft_vex | Invoking Encrypted Client Hello privacy leak in crypto/tls | known affected: 2 | 2026-07-15T01:01:45+00:00 | Vulnerability · Source |
| CVE-2026-39822 | microsoft_vex | Root escape via symlink plus trailing slash in os | known affected: 2 | 2026-07-15T01:01:36+00:00 | Vulnerability · Source |
| CVE-2026-13221 | microsoft_vex | Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk | fixed: 1 known affected: 1 | 2026-07-15T01:01:27+00:00 | Vulnerability · Source |
| CVE-2026-57432 | microsoft_vex | Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack | fixed: 1 known affected: 1 | 2026-07-15T01:01:20+00:00 | Vulnerability · Source |
| CVE-2024-22047 | redhat_vex | audited: race condition can lead to audit logs being incorrectly attributed to the wrong user | fixed: 2 known not affected: 1862 | 2026-07-15T00:08:17+00:00 | Vulnerability · Source |
| CVE-2026-60103 | redhat_vex | blender: Blender: Denial of Service and information disclosure via crafted .blend file | known not affected: 1 | 2026-07-15T00:07:46+00:00 | Vulnerability · Source |