VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221643 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-47737 | redhat_vex | puma: Puma: Source IP spoofing via PROXY protocol header re-parsing | known affected: 8 known not affected: 10 under investigation: 1 | 2026-07-15T10:11:22+00:00 | Vulnerability · Source |
| CVE-2025-61729 | redhat_vex | crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate | fixed: 7441 known affected: 440 known not affected: 4587 under investigation: 2 | 2026-07-15T10:08:26+00:00 | Vulnerability · Source |
| CVE-2026-32282 | redhat_vex | golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root | fixed: 1168 known affected: 191 known not affected: 1798 | 2026-07-15T10:03:11+00:00 | Vulnerability · Source |
| CVE-2026-32281 | redhat_vex | crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation | fixed: 1127 known affected: 260 known not affected: 1104 | 2026-07-15T10:03:04+00:00 | Vulnerability · Source |
| CVE-2026-33811 | redhat_vex | net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME | fixed: 501 known affected: 261 known not affected: 516 under investigation: 17 | 2026-07-15T10:00:31+00:00 | Vulnerability · Source |
| CVE-2026-33810 | redhat_vex | crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application | fixed: 117 known affected: 149 known not affected: 913 | 2026-07-15T10:00:24+00:00 | Vulnerability · Source |
| CVE-2026-32283 | redhat_vex | crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages | fixed: 2038 known affected: 220 known not affected: 954 under investigation: 1 | 2026-07-15T10:00:17+00:00 | Vulnerability · Source |
| CVE-2026-32280 | redhat_vex | crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building | fixed: 2571 known affected: 187 known not affected: 2663 | 2026-07-15T10:00:01+00:00 | Vulnerability · Source |
| CVE-2025-61726 | redhat_vex | golang: net/url: Memory exhaustion in query parameter parsing in net/url | fixed: 10108 known affected: 454 known not affected: 16780 | 2026-07-15T10:00:01+00:00 | Vulnerability · Source |
| CVE-2026-25679 | redhat_vex | net/url: Incorrect parsing of IPv6 host literals in net/url | fixed: 8878 known affected: 165 known not affected: 4229 under investigation: 1 | 2026-07-15T10:00:01+00:00 | Vulnerability · Source |
| CVE-2026-27137 | redhat_vex | crypto/x509: Incorrect enforcement of email constraints in crypto/x509 | fixed: 329 known affected: 134 known not affected: 1117 | 2026-07-15T10:00:01+00:00 | Vulnerability · Source |
| CVE-2026-25681 | redhat_vex | golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting | fixed: 290 known affected: 427 known not affected: 510 under investigation: 2 | 2026-07-15T09:57:07+00:00 | Vulnerability · Source |
| CVE-2026-39830 | redhat_vex | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses | fixed: 578 known affected: 191 known not affected: 484 under investigation: 4 | 2026-07-15T09:56:30+00:00 | Vulnerability · Source |
| CVE-2026-49459 | redhat_vex | dompurify: DOMPurify: Cross-site scripting bypass allows arbitrary script execution | known affected: 4 under investigation: 44 | 2026-07-15T09:56:27+00:00 | Vulnerability · Source |
| CVE-2026-42997 | redhat_vex | OpenStack Ironic: OpenStack Ironic: Information disclosure via credential forwarding during mold import | fixed: 4 known affected: 9 known not affected: 4 | 2026-07-15T09:56:18+00:00 | Vulnerability · Source |
| CVE-2026-49458 | redhat_vex | dompurify: DOMPurify: Cross-site scripting due to improper sanitization of DOM nodes | known affected: 7 under investigation: 41 | 2026-07-15T09:51:16+00:00 | Vulnerability · Source |
| CVE-2026-53486 | redhat_vex | decompress: @xhmikosr/decompress: Decompress: Arbitrary file read/write via crafted archive extraction | known affected: 4 | 2026-07-15T09:46:13+00:00 | Vulnerability · Source |
| CVE-2026-47423 | redhat_vex | dompurify: DOMPurify: Cross-site scripting vulnerability allows information disclosure | known affected: 1 known not affected: 9 under investigation: 38 | 2026-07-15T09:46:08+00:00 | Vulnerability · Source |
| CVE-2026-15308 | redhat_vex | python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations | fixed: 178 known affected: 81 known not affected: 34 | 2026-07-15T09:37:31+00:00 | Vulnerability · Source |
| CVE-2026-35469 | redhat_vex | Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code | fixed: 404 known affected: 78 known not affected: 15464 | 2026-07-15T09:31:40+00:00 | Vulnerability · Source |
| CVE-2026-12151 | redhat_vex | undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames | fixed: 255 known affected: 53 known not affected: 110 | 2026-07-15T09:31:05+00:00 | Vulnerability · Source |
| CVE-2026-33186 | redhat_vex | google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation | fixed: 2457 known affected: 409 known not affected: 27379 under investigation: 1 | 2026-07-15T09:27:57+00:00 | Vulnerability · Source |
| CVE-2026-43514 | redhat_vex | tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy | fixed: 4 known affected: 27 under investigation: 1 | 2026-07-15T09:15:15+00:00 | Vulnerability · Source |
| CVE-2026-15028 | redhat_vex | libarchive: heap overflow OOB read while parsing a tar archive contains a PAX extended header | fixed: 3 known affected: 21 | 2026-07-15T09:15:14+00:00 | Vulnerability · Source |
| CVE-2026-27136 | redhat_vex | golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass | fixed: 218 known affected: 420 known not affected: 170 under investigation: 2 | 2026-07-15T09:12:05+00:00 | Vulnerability · Source |
| CVE-2026-46579 | redhat_vex | openshift/router: openshift/router: mTLS client certificate spoofing via unstripped X-SSL-Client headers on HTTP frontend | fixed: 16 known affected: 1 known not affected: 1476 | 2026-07-15T09:09:53+00:00 | Vulnerability · Source |
| CVE-2026-26996 | redhat_vex | minimatch: minimatch: Denial of Service via specially crafted glob patterns | fixed: 520 known affected: 38 known not affected: 3848 | 2026-07-15T09:09:37+00:00 | Vulnerability · Source |
| CVE-2026-6523 | redhat_vex | wireshark: Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark | known affected: 4 known not affected: 16 | 2026-07-15T09:08:31+00:00 | Vulnerability · Source |
| CVE-2026-6525 | redhat_vex | wireshark: NULL Pointer Dereference in Wireshark | known not affected: 20 | 2026-07-15T09:08:30+00:00 | Vulnerability · Source |
| CVE-2026-9759 | redhat_vex | wireshark: NULL Pointer Dereference in Wireshark | known affected: 4 known not affected: 16 | 2026-07-15T09:07:15+00:00 | Vulnerability · Source |
| CVE-2026-5299 | redhat_vex | wireshark: Uncontrolled Recursion in Wireshark | known affected: 4 known not affected: 16 | 2026-07-15T09:07:12+00:00 | Vulnerability · Source |
| CVE-2026-34986 | redhat_vex | github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object | fixed: 1888 known affected: 158 known not affected: 10839 under investigation: 21 | 2026-07-15T09:07:06+00:00 | Vulnerability · Source |
| CVE-2026-10649 | redhat_vex | pacemaker: Pacemaker: Denial of Service via integer overflow in remote message decompression | fixed: 268 known affected: 30 | 2026-07-15T09:06:30+00:00 | Vulnerability · Source |
| CVE-2026-46597 | redhat_vex | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs | fixed: 128 known affected: 177 known not affected: 115 under investigation: 73 | 2026-07-15T09:01:28+00:00 | Vulnerability · Source |
| CVE-2026-42586 | redhat_vex | netty-codec-redis: Netty: Command injection via CRLF characters in Redis codec encoder | fixed: 1 known affected: 4 known not affected: 2 | 2026-07-15T08:56:28+00:00 | Vulnerability · Source |
| CVE-2026-45205 | redhat_vex | commons-configuration: Apache Commons Configuration: Denial of Service via uncontrolled recursion with crafted YAML input | known affected: 45 known not affected: 4 | 2026-07-15T08:25:57+00:00 | Vulnerability · Source |
| CVE-2026-4647 | redhat_vex | binutils: Out-of-Bounds Read in XCOFF Relocation Processing in GNU Binutils BFD Library | fixed: 3 known affected: 39 known not affected: 34 | 2026-07-15T08:10:56+00:00 | Vulnerability · Source |
| CVE-2026-14251 | redhat_vex | gitops-operator: gitops-operator: Missing allowedNamespace check in ReconcilerHook for ClusterRole/Role cases enables potential privilege escalation and DoS | known affected: 2 | 2026-07-15T08:06:07+00:00 | Vulnerability · Source |
| CVE-2025-68121 | redhat_vex | crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption | fixed: 6918 known affected: 204 known not affected: 3880 under investigation: 42 | 2026-07-15T07:51:31+00:00 | Vulnerability · Source |
| CVE-2026-42264 | redhat_vex | axios: Axios: Prototype pollution allows information disclosure and request manipulation | fixed: 44 known affected: 47 known not affected: 176 | 2026-07-15T07:51:06+00:00 | Vulnerability · Source |
| CVE-2026-39835 | redhat_vex | golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate | fixed: 653 known affected: 151 known not affected: 313 under investigation: 1 | 2026-07-15T07:16:20+00:00 | Vulnerability · Source |
| CVE-2026-10846 | redhat_vex | ldns: ldns: Off-path poisoning attacks due to insufficient query-response matching | known affected: 25 | 2026-07-15T06:55:46+00:00 | Vulnerability · Source |
| CVE-2026-44740 | redhat_vex | github.com/go-git/go-billy: Billy: Denial of Service via crafted input due to insufficient validation | fixed: 112 known affected: 218 known not affected: 70 | 2026-07-15T05:51:28+00:00 | Vulnerability · Source |
| CVE-2026-12325 | redhat_vex | firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component | fixed: 260 known affected: 8 | 2026-07-15T05:48:54+00:00 | Vulnerability · Source |
| CVE-2026-12324 | redhat_vex | firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component | fixed: 260 known affected: 8 | 2026-07-15T05:48:51+00:00 | Vulnerability · Source |
| CVE-2026-39244 | redhat_vex | adm-zip: adm-zip: Denial of Service via crafted ZIP file leading to excessive memory allocation | known affected: 15 under investigation: 7 | 2026-07-15T05:48:37+00:00 | Vulnerability · Source |
| CVE-2026-12330 | redhat_vex | firefox: thunderbird: Incorrect boundary conditions in the Internationalization component | fixed: 260 known affected: 8 | 2026-07-15T05:47:54+00:00 | Vulnerability · Source |
| CVE-2026-12327 | redhat_vex | firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 | fixed: 260 known affected: 8 | 2026-07-15T05:47:51+00:00 | Vulnerability · Source |
| CVE-2026-12315 | redhat_vex | firefox: thunderbird: Mitigation bypass in the DOM: Security component | fixed: 260 known affected: 8 | 2026-07-15T05:47:48+00:00 | Vulnerability · Source |
| CVE-2026-12314 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:47:47+00:00 | Vulnerability · Source |