VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221676 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2024-12243 redhat_vex gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS fixed: 304 known affected: 19 2026-07-14T13:22:54+00:00 Vulnerability · Source
CVE-2026-59674 redhat_vex suricata: Suricata: Privilege escalation via symbolic link following known not affected: 1 2026-07-14T13:17:29+00:00 Vulnerability · Source
CVE-2026-42502 redhat_vex golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering fixed: 108 known affected: 569 known not affected: 16 under investigation: 2 2026-07-14T13:14:26+00:00 Vulnerability · Source
CVE-2026-39826 redhat_vex html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping fixed: 8 known affected: 361 under investigation: 17 2026-07-14T13:13:58+00:00 Vulnerability · Source
CVE-2026-33814 redhat_vex net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame fixed: 216 known affected: 100 known not affected: 118 under investigation: 17 2026-07-14T13:13:42+00:00 Vulnerability · Source
CVE-2023-6779 redhat_vex glibc: off-by-one heap-based buffer overflow in __vsyslog_internal() known not affected: 452 2026-07-14T13:13:24+00:00 Vulnerability · Source
CVE-2023-6246 redhat_vex glibc: heap-based buffer overflow in __vsyslog_internal() known not affected: 452 2026-07-14T13:12:54+00:00 Vulnerability · Source
CVE-2024-6387 redhat_vex openssh: regreSSHion - race condition in SSH allows RCE/DoS fixed: 275 known not affected: 1985 2026-07-14T13:11:55+00:00 Vulnerability · Source
CVE-2026-40372 redhat_vex ASP.NET Core: ASP.NET: ASP.NET Core: Privilege escalation via improper cryptographic signature verification known not affected: 47 2026-07-14T13:07:30+00:00 Vulnerability · Source
CVE-2025-47911 redhat_vex golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html fixed: 140 known affected: 577 known not affected: 95 under investigation: 1 2026-07-14T13:01:55+00:00 Vulnerability · Source
CVE-2026-46598 redhat_vex golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input fixed: 108 known affected: 165 known not affected: 16 under investigation: 3 2026-07-14T13:01:36+00:00 Vulnerability · Source
CVE-2026-39827 redhat_vex golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via repeated rejected channel openings fixed: 108 known affected: 8 known not affected: 16 under investigation: 318 2026-07-14T13:01:33+00:00 Vulnerability · Source
CVE-2026-42506 redhat_vex golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing fixed: 144 known affected: 611 known not affected: 103 under investigation: 2 2026-07-14T12:57:18+00:00 Vulnerability · Source
CVE-2026-39817 redhat_vex cmd/go: golang: Go tool pack: Arbitrary file write via malicious archive extraction under investigation: 17 2026-07-14T12:57:17+00:00 Vulnerability · Source
CVE-2025-58190 redhat_vex golang.org/x/net/html: Infinite parsing loop in golang.org/x/net fixed: 36 known affected: 326 known not affected: 189 under investigation: 1 2026-07-14T12:52:44+00:00 Vulnerability · Source
CVE-2026-13325 redhat_vex virt-handler-rhel9: kubevirt: kubevirt: DisableTLS migration setting removes authentication, exposing unauthenticated virtqemud proxy on all interfaces known affected: 1 known not affected: 1 2026-07-14T12:46:33+00:00 Vulnerability · Source
CVE-2026-48933 redhat_vex nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt() fixed: 210 known affected: 28 2026-07-14T12:38:30+00:00 Vulnerability · Source
CVE-2026-42338 redhat_vex ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input fixed: 244 known affected: 21 known not affected: 220 2026-07-14T12:38:25+00:00 Vulnerability · Source
CVE-2026-48615 redhat_vex nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling fixed: 210 known affected: 28 2026-07-14T12:38:25+00:00 Vulnerability · Source
CVE-2026-12482 redhat_vex keras: Keras: Arbitrary File Operations via Malicious Tar Archive Processing known affected: 9 2026-07-14T12:32:03+00:00 Vulnerability · Source
CVE-2026-58470 redhat_vex wget: GNU Wget: Integer overflow in Content-Range header parsing causes download desynchronization known affected: 9 2026-07-14T11:58:12+00:00 Vulnerability · Source
CVE-2026-54428 redhat_vex org.apache.httpcomponents.core5/httpcore5-h2: Apache HttpComponents Core: Denial of Service via oversized HTTP/2 HPACK header blocks known affected: 13 known not affected: 3 under investigation: 1 2026-07-14T11:51:45+00:00 Vulnerability · Source
CVE-2026-43304 redhat_vex kernel: libceph: define and enforce CEPH_MAX_KEY_LEN known affected: 260 known not affected: 14 2026-07-14T11:37:43+00:00 Vulnerability · Source
CVE-2024-12224 redhat_vex idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded known affected: 88 known not affected: 84 2026-07-14T11:37:35+00:00 Vulnerability · Source
CVE-2026-59857 redhat_vex vim: Vim: Denial of Service via out-of-bounds write in spell sound-folding fixed: 4 known affected: 33 2026-07-14T11:37:31+00:00 Vulnerability · Source
CVE-2026-59858 redhat_vex vim: Vim: Arbitrary command execution via crafted tags file in C omni-completion fixed: 4 known affected: 33 2026-07-14T11:37:25+00:00 Vulnerability · Source
CVE-2026-59856 redhat_vex vim: Vim: Arbitrary code execution via crafted PHP file in omni-completion fixed: 4 known affected: 33 2026-07-14T11:35:29+00:00 Vulnerability · Source
CVE-2026-53365 redhat_vex kernel: vsock/virtio: fix zerocopy completion for multi-skb sends known affected: 184 known not affected: 90 2026-07-14T11:18:08+00:00 Vulnerability · Source
CVE-2026-2673 redhat_vex openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group fixed: 4 known affected: 16 known not affected: 30 2026-07-14T11:09:45+00:00 Vulnerability · Source
CVE-2026-31411 redhat_vex kernel: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() fixed: 453 known affected: 64 known not affected: 76 2026-07-14T11:08:04+00:00 Vulnerability · Source
CVE-2025-71089 redhat_vex kernel: iommu: disable SVA when CONFIG_X86 is set fixed: 1364 known affected: 98 known not affected: 42 2026-07-14T11:08:01+00:00 Vulnerability · Source
CVE-2025-71066 redhat_vex kernel: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change fixed: 762 known affected: 22 known not affected: 42 2026-07-14T11:08:01+00:00 Vulnerability · Source
CVE-2026-54059 redhat_vex python-pillow: Pillow: Denial of Service via crafted PCF font data fixed: 52 known affected: 10 2026-07-14T10:53:27+00:00 Vulnerability · Source
CVE-2026-46529 redhat_vex atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen fixed: 301 known affected: 12 2026-07-14T10:53:22+00:00 Vulnerability · Source
CVE-2026-53266 redhat_vex kernel: Linux kernel: netfilter: ebtables SNAT target writes to shared memory pages during ARP hardware address rewrite fixed: 453 known affected: 99 known not affected: 42 2026-07-14T10:52:02+00:00 Vulnerability · Source
CVE-2026-42880 redhat_vex argoproj/argo-cd: Argo CD: Information disclosure of Kubernetes Secret data via Server-Side Apply dry-run mechanism fixed: 20 known affected: 1 known not affected: 112 2026-07-14T10:16:24+00:00 Vulnerability · Source
CVE-2026-12478 redhat_vex libsoup: Incomplete fix for CVE-2026-0716: Out-of-bounds read in libsoup WebSocket frame processing (unmasked path) known affected: 4 2026-07-14T10:06:12+00:00 Vulnerability · Source
CVE-2026-59939 redhat_vex httplib2: httplib2: Denial of Service via unbounded decompression of HTTP response bodies known affected: 212 known not affected: 1 2026-07-14T10:05:52+00:00 Vulnerability · Source
CVE-2025-65637 redhat_vex github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload fixed: 2037 known affected: 272 known not affected: 22243 2026-07-14T09:59:33+00:00 Vulnerability · Source
CVE-2026-4430 redhat_vex LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents fixed: 2854 known affected: 316 2026-07-14T07:56:16+00:00 Vulnerability · Source
CVE-2026-52718 redhat_vex gstreamer1-plugins-bad-free: GStreamer: Denial of service via AV1 tile_list_obu parser byte/bit confusion fixed: 83 known affected: 5 known not affected: 11 2026-07-14T07:45:58+00:00 Vulnerability · Source
CVE-2026-52719 redhat_vex gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read via JPEG segment length validation in VA decoder fixed: 83 known affected: 5 known not affected: 11 2026-07-14T07:45:54+00:00 Vulnerability · Source
CVE-2026-12413 redhat_vex librenswan: IKEv2 Denial of Service via malformed fragmentation known affected: 10 known not affected: 3 2026-07-14T07:31:06+00:00 Vulnerability · Source
CVE-2026-50722 redhat_vex librenswan: IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload known affected: 13 2026-07-14T06:50:36+00:00 Vulnerability · Source
CVE-2026-56209 redhat_vex libaom: libaom: arbitrary address write via SVC layer context OOB and cyclic refresh map pointer hijack fixed: 3 known affected: 51 known not affected: 3 2026-07-14T06:22:15+00:00 Vulnerability · Source
CVE-2026-58049 redhat_vex FFmpeg: FFmpeg: Memory corruption via crafted RASC video stream known affected: 50 known not affected: 3 2026-07-14T06:22:13+00:00 Vulnerability · Source
CVE-2026-56211 redhat_vex libaom: libaom: remote code execution via SVC layer context handling with attacker-controlled frames fixed: 3 known affected: 51 known not affected: 3 2026-07-14T06:22:12+00:00 Vulnerability · Source
CVE-2026-55574 redhat_vex vllm: vLLM: Denial of Service via adversarial regular expression in structured outputs API known affected: 22 known not affected: 4 2026-07-14T06:21:21+00:00 Vulnerability · Source
CVE-2026-56210 redhat_vex libaom: libaom: heap-buffer-overflow read via missing bounds check in ctrl_set_layer_id fixed: 3 known affected: 51 known not affected: 3 2026-07-14T06:21:16+00:00 Vulnerability · Source
CVE-2026-54234 redhat_vex vllm: vLLM: Denial of Service via malformed speculative decoding workload known affected: 22 known not affected: 4 2026-07-14T06:21:02+00:00 Vulnerability · Source