VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221675 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-53012 | redhat_vex | kernel: nexthop: fix IPv6 route referencing IPv4 nexthop | known affected: 184 known not affected: 90 | 2026-07-14T18:07:09+00:00 | Vulnerability · Source |
| CVE-2026-52961 | redhat_vex | kernel: ceph: fix BUG_ON in __ceph_build_xattrs_blob() due to stale blob size | known affected: 232 known not affected: 42 | 2026-07-14T18:05:08+00:00 | Vulnerability · Source |
| CVE-2026-54432 | redhat_vex | roundcubemail: Roundcube Webmail: Stored Cross-Site Scripting via unescaped attachment MIME type | known not affected: 1 | 2026-07-14T18:05:07+00:00 | Vulnerability · Source |
| CVE-2026-52990 | redhat_vex | kernel: fsnotify: fix inode reference leak in fsnotify_recalc_mask() | known affected: 184 known not affected: 90 | 2026-07-14T18:05:06+00:00 | Vulnerability · Source |
| CVE-2026-62641 | redhat_vex | roundcubemail: Roundcube Webmail: Denial of Service via crafted TNEF compressed-RTF size | known not affected: 1 | 2026-07-14T18:05:04+00:00 | Vulnerability · Source |
| CVE-2026-52977 | redhat_vex | kernel: futex: Prevent lockup in requeue-PI during signal/ timeout wakeup | known affected: 184 known not affected: 90 | 2026-07-14T18:05:03+00:00 | Vulnerability · Source |
| CVE-2026-52980 | redhat_vex | kernel: sched/fair: Clear rel_deadline when initializing forked entities | known affected: 76 known not affected: 198 | 2026-07-14T18:05:02+00:00 | Vulnerability · Source |
| CVE-2026-62644 | redhat_vex | roundcubemail: Roundcube Webmail: Account takeover via username spoofing in password plugin | known not affected: 1 | 2026-07-14T18:05:01+00:00 | Vulnerability · Source |
| CVE-2026-62642 | redhat_vex | roundcubemail: Roundcube Webmail: Denial of Service via infinite loop in TNEF decoder | known not affected: 1 | 2026-07-14T18:05:01+00:00 | Vulnerability · Source |
| CVE-2026-46173 | redhat_vex | kernel: exit: prevent preemption of oopsing TASK_DEAD task | fixed: 1658 known affected: 36 known not affected: 76 | 2026-07-14T18:04:39+00:00 | Vulnerability · Source |
| CVE-2026-43414 | redhat_vex | kernel: scsi: qla2xxx: Completely fix fcport double free | fixed: 1224 known affected: 36 known not affected: 76 | 2026-07-14T18:04:33+00:00 | Vulnerability · Source |
| CVE-2026-43330 | redhat_vex | kernel: crypto: caam - fix overflow on long hmac keys | fixed: 616 known not affected: 198 | 2026-07-14T18:04:31+00:00 | Vulnerability · Source |
| CVE-2026-31408 | redhat_vex | kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold | fixed: 1908 known affected: 64 | 2026-07-14T18:04:25+00:00 | Vulnerability · Source |
| CVE-2025-68724 | redhat_vex | kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id | fixed: 1930 known affected: 23 known not affected: 42 | 2026-07-14T18:04:21+00:00 | Vulnerability · Source |
| CVE-2025-38653 | redhat_vex | kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al | fixed: 1503 known affected: 36 known not affected: 76 | 2026-07-14T18:04:17+00:00 | Vulnerability · Source |
| CVE-2026-46086 | redhat_vex | kernel: net: bridge: use a stable FDB dst snapshot in RCU readers | fixed: 453 known affected: 140 | 2026-07-14T18:04:13+00:00 | Vulnerability · Source |
| CVE-2026-27143 | redhat_vex | golang: cmd/compile: possible memory corruption after bound check elimination | fixed: 3329 known affected: 5 known not affected: 226 | 2026-07-14T17:54:24+00:00 | Vulnerability · Source |
| CVE-2026-27144 | redhat_vex | golang: cmd/compile: no-op interface conversion bypasses overlap checking | fixed: 3333 known affected: 5 known not affected: 222 | 2026-07-14T17:54:24+00:00 | Vulnerability · Source |
| CVE-2026-42583 | redhat_vex | netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder | fixed: 5 known affected: 36 known not affected: 87 | 2026-07-14T17:42:10+00:00 | Vulnerability · Source |
| CVE-2026-24308 | redhat_vex | Apache ZooKeeper: Apache ZooKeeper: Information disclosure via improper handling of configuration values | fixed: 6 known affected: 7 known not affected: 210 | 2026-07-14T17:41:40+00:00 | Vulnerability · Source |
| CVE-2026-62643 | redhat_vex | roundcubemail: Roundcube Webmail: Server-Side Request Forgery via insufficient CSS sanitization | known not affected: 1 | 2026-07-14T17:40:12+00:00 | Vulnerability · Source |
| CVE-2026-44825 | redhat_vex | solr: Apache Solr: Remote attacker gains administrative access via hardcoded credentials in Basic Authentication setup. | known not affected: 2 | 2026-07-14T17:38:46+00:00 | Vulnerability · Source |
| CVE-2026-52972 | redhat_vex | kernel: crypto: af_alg - Cap AEAD AD length to 0x80000000 | known affected: 232 known not affected: 42 | 2026-07-14T17:38:42+00:00 | Vulnerability · Source |
| CVE-2026-54433 | redhat_vex | roundcubemail: Roundcube Webmail: Arbitrary code execution via zero-click cross-site scripting | known not affected: 1 | 2026-07-14T17:38:40+00:00 | Vulnerability · Source |
| CVE-2026-46316 | redhat_vex | kernel: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry | fixed: 1224 known affected: 24 known not affected: 90 | 2026-07-14T17:33:06+00:00 | Vulnerability · Source |
| CVE-2026-46242 | redhat_vex | kernel: eventpoll: fix ep_remove struct eventpoll / struct file UAF | fixed: 1504 known affected: 23 known not affected: 90 | 2026-07-14T17:33:00+00:00 | Vulnerability · Source |
| CVE-2026-43074 | redhat_vex | kernel: eventpoll: defer struct eventpoll free to RCU grace period | fixed: 1504 known affected: 22 known not affected: 76 under investigation: 14 | 2026-07-14T17:32:55+00:00 | Vulnerability · Source |
| CVE-2026-46116 | redhat_vex | kernel: xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete | fixed: 760 known affected: 126 under investigation: 14 | 2026-07-14T17:32:42+00:00 | Vulnerability · Source |
| CVE-2026-8643 | redhat_vex | python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite | fixed: 92 known affected: 94 known not affected: 660 | 2026-07-14T16:54:27+00:00 | Vulnerability · Source |
| CVE-2026-41159 | redhat_vex | mermaid: Mermaid: Information disclosure and page defacement via CSS injection | known affected: 3 | 2026-07-14T16:31:17+00:00 | Vulnerability · Source |
| CVE-2026-44897 | redhat_vex | mistune: Mistune: Cross-site scripting (XSS) via improper sanitization of HTML heading ID attribute | known affected: 23 known not affected: 2 | 2026-07-14T16:31:15+00:00 | Vulnerability · Source |
| CVE-2026-9358 | redhat_vex | postcss-selector-parser: Postcss: Denial of Service via uncontrolled recursion in AST Serialization | fixed: 4 known affected: 164 known not affected: 57 | 2026-07-14T16:31:03+00:00 | Vulnerability · Source |
| CVE-2026-53439 | redhat_vex | jenkins: Jenkins: Information Disclosure via Missing Permission Checks | known affected: 1 | 2026-07-14T16:30:56+00:00 | Vulnerability · Source |
| CVE-2026-52962 | redhat_vex | kernel: ceph: fix a buffer leak in __ceph_setxattr() | known affected: 260 known not affected: 14 | 2026-07-14T16:28:48+00:00 | Vulnerability · Source |
| CVE-2026-56140 | redhat_vex | org.apache.camel/camel-aws2-sns: Apache Camel AWS SNS Component: Defense-in-depth hardening due to improper input validation | known not affected: 4 | 2026-07-14T16:28:46+00:00 | Vulnerability · Source |
| CVE-2026-48775 | redhat_vex | langgraph: langgraph-checkpoint: LangGraph: Arbitrary code execution via insecure deserialization of modified checkpoint bytes | known affected: 7 | 2026-07-14T16:28:40+00:00 | Vulnerability · Source |
| CVE-2025-71330 | redhat_vex | image-size: image-size: Denial of Service via crafted ICNS image buffer | known affected: 28 | 2026-07-14T16:28:38+00:00 | Vulnerability · Source |
| CVE-2026-52963 | redhat_vex | kernel: ALSA: usb-audio: Bound MIDI endpoint descriptor scans | known affected: 246 known not affected: 28 | 2026-07-14T16:28:35+00:00 | Vulnerability · Source |
| CVE-2026-48776 | redhat_vex | langgraph: langgraph-sdk: LangGraph Python SDK: Unsafe URL path construction leads to unauthorized resource access | known affected: 7 | 2026-07-14T16:28:32+00:00 | Vulnerability · Source |
| CVE-2026-12199 | redhat_vex | nltk: NLTK: Remote unauthenticated denial of service in WordNet Browser HTTP server | known affected: 11 | 2026-07-14T16:28:27+00:00 | Vulnerability · Source |
| CVE-2026-52964 | redhat_vex | kernel: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans | known affected: 184 known not affected: 90 | 2026-07-14T16:28:24+00:00 | Vulnerability · Source |
| CVE-2026-10142 | redhat_vex | kafka-python: kafka-python: Denial of Service due to crafted frame length in protocol parser | known affected: 2 | 2026-07-14T16:28:14+00:00 | Vulnerability · Source |
| CVE-2025-71329 | redhat_vex | image-size: image-size: Denial of Service via crafted image buffer with zero-valued size field | known affected: 5 known not affected: 23 | 2026-07-14T16:28:13+00:00 | Vulnerability · Source |
| CVE-2026-42567 | redhat_vex | svelte: Svelte: Regular Expression Denial of Service (ReDoS) | known affected: 2 | 2026-07-14T16:28:09+00:00 | Vulnerability · Source |
| CVE-2026-10732 | redhat_vex | decompress: Decompress: Arbitrary file write leading to remote code execution via crafted ZIP archive (Zip Slip) | known affected: 6 known not affected: 16 | 2026-07-14T16:28:02+00:00 | Vulnerability · Source |
| CVE-2026-53364 | redhat_vex | kernel: Bluetooth: hci_conn: Fix memory leak in hci_le_big_terminate() | known affected: 184 known not affected: 90 | 2026-07-14T16:22:38+00:00 | Vulnerability · Source |
| CVE-2026-54060 | redhat_vex | python-pillow: Pillow: Denial of Service via excessive memory allocation when processing font files | fixed: 52 known affected: 79 known not affected: 5 | 2026-07-14T16:17:28+00:00 | Vulnerability · Source |
| CVE-2026-6653 | redhat_vex | libxml2: mingw-libxml2: libxml2: Denial of Service via crafted XML input due to use-after-free | known affected: 14 known not affected: 11 | 2026-07-14T16:17:24+00:00 | Vulnerability · Source |
| CVE-2026-55379 | redhat_vex | python-pillow: Pillow: Denial of Service via crafted BDF font file | fixed: 52 known affected: 79 known not affected: 5 | 2026-07-14T16:16:54+00:00 | Vulnerability · Source |
| CVE-2024-21529 | redhat_vex | dset: Prototype Pollution | fixed: 1 known not affected: 4 | 2026-07-14T16:06:30+00:00 | Vulnerability · Source |