VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221676 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2024-12243 | redhat_vex | gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS | fixed: 304 known affected: 19 | 2026-07-14T13:22:54+00:00 | Vulnerability · Source |
| CVE-2026-59674 | redhat_vex | suricata: Suricata: Privilege escalation via symbolic link following | known not affected: 1 | 2026-07-14T13:17:29+00:00 | Vulnerability · Source |
| CVE-2026-42502 | redhat_vex | golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering | fixed: 108 known affected: 569 known not affected: 16 under investigation: 2 | 2026-07-14T13:14:26+00:00 | Vulnerability · Source |
| CVE-2026-39826 | redhat_vex | html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping | fixed: 8 known affected: 361 under investigation: 17 | 2026-07-14T13:13:58+00:00 | Vulnerability · Source |
| CVE-2026-33814 | redhat_vex | net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame | fixed: 216 known affected: 100 known not affected: 118 under investigation: 17 | 2026-07-14T13:13:42+00:00 | Vulnerability · Source |
| CVE-2023-6779 | redhat_vex | glibc: off-by-one heap-based buffer overflow in __vsyslog_internal() | known not affected: 452 | 2026-07-14T13:13:24+00:00 | Vulnerability · Source |
| CVE-2023-6246 | redhat_vex | glibc: heap-based buffer overflow in __vsyslog_internal() | known not affected: 452 | 2026-07-14T13:12:54+00:00 | Vulnerability · Source |
| CVE-2024-6387 | redhat_vex | openssh: regreSSHion - race condition in SSH allows RCE/DoS | fixed: 275 known not affected: 1985 | 2026-07-14T13:11:55+00:00 | Vulnerability · Source |
| CVE-2026-40372 | redhat_vex | ASP.NET Core: ASP.NET: ASP.NET Core: Privilege escalation via improper cryptographic signature verification | known not affected: 47 | 2026-07-14T13:07:30+00:00 | Vulnerability · Source |
| CVE-2025-47911 | redhat_vex | golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html | fixed: 140 known affected: 577 known not affected: 95 under investigation: 1 | 2026-07-14T13:01:55+00:00 | Vulnerability · Source |
| CVE-2026-46598 | redhat_vex | golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input | fixed: 108 known affected: 165 known not affected: 16 under investigation: 3 | 2026-07-14T13:01:36+00:00 | Vulnerability · Source |
| CVE-2026-39827 | redhat_vex | golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via repeated rejected channel openings | fixed: 108 known affected: 8 known not affected: 16 under investigation: 318 | 2026-07-14T13:01:33+00:00 | Vulnerability · Source |
| CVE-2026-42506 | redhat_vex | golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing | fixed: 144 known affected: 611 known not affected: 103 under investigation: 2 | 2026-07-14T12:57:18+00:00 | Vulnerability · Source |
| CVE-2026-39817 | redhat_vex | cmd/go: golang: Go tool pack: Arbitrary file write via malicious archive extraction | under investigation: 17 | 2026-07-14T12:57:17+00:00 | Vulnerability · Source |
| CVE-2025-58190 | redhat_vex | golang.org/x/net/html: Infinite parsing loop in golang.org/x/net | fixed: 36 known affected: 326 known not affected: 189 under investigation: 1 | 2026-07-14T12:52:44+00:00 | Vulnerability · Source |
| CVE-2026-13325 | redhat_vex | virt-handler-rhel9: kubevirt: kubevirt: DisableTLS migration setting removes authentication, exposing unauthenticated virtqemud proxy on all interfaces | known affected: 1 known not affected: 1 | 2026-07-14T12:46:33+00:00 | Vulnerability · Source |
| CVE-2026-48933 | redhat_vex | nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt() | fixed: 210 known affected: 28 | 2026-07-14T12:38:30+00:00 | Vulnerability · Source |
| CVE-2026-42338 | redhat_vex | ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input | fixed: 244 known affected: 21 known not affected: 220 | 2026-07-14T12:38:25+00:00 | Vulnerability · Source |
| CVE-2026-48615 | redhat_vex | nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling | fixed: 210 known affected: 28 | 2026-07-14T12:38:25+00:00 | Vulnerability · Source |
| CVE-2026-12482 | redhat_vex | keras: Keras: Arbitrary File Operations via Malicious Tar Archive Processing | known affected: 9 | 2026-07-14T12:32:03+00:00 | Vulnerability · Source |
| CVE-2026-58470 | redhat_vex | wget: GNU Wget: Integer overflow in Content-Range header parsing causes download desynchronization | known affected: 9 | 2026-07-14T11:58:12+00:00 | Vulnerability · Source |
| CVE-2026-54428 | redhat_vex | org.apache.httpcomponents.core5/httpcore5-h2: Apache HttpComponents Core: Denial of Service via oversized HTTP/2 HPACK header blocks | known affected: 13 known not affected: 3 under investigation: 1 | 2026-07-14T11:51:45+00:00 | Vulnerability · Source |
| CVE-2026-43304 | redhat_vex | kernel: libceph: define and enforce CEPH_MAX_KEY_LEN | known affected: 260 known not affected: 14 | 2026-07-14T11:37:43+00:00 | Vulnerability · Source |
| CVE-2024-12224 | redhat_vex | idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded | known affected: 88 known not affected: 84 | 2026-07-14T11:37:35+00:00 | Vulnerability · Source |
| CVE-2026-59857 | redhat_vex | vim: Vim: Denial of Service via out-of-bounds write in spell sound-folding | fixed: 4 known affected: 33 | 2026-07-14T11:37:31+00:00 | Vulnerability · Source |
| CVE-2026-59858 | redhat_vex | vim: Vim: Arbitrary command execution via crafted tags file in C omni-completion | fixed: 4 known affected: 33 | 2026-07-14T11:37:25+00:00 | Vulnerability · Source |
| CVE-2026-59856 | redhat_vex | vim: Vim: Arbitrary code execution via crafted PHP file in omni-completion | fixed: 4 known affected: 33 | 2026-07-14T11:35:29+00:00 | Vulnerability · Source |
| CVE-2026-53365 | redhat_vex | kernel: vsock/virtio: fix zerocopy completion for multi-skb sends | known affected: 184 known not affected: 90 | 2026-07-14T11:18:08+00:00 | Vulnerability · Source |
| CVE-2026-2673 | redhat_vex | openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group | fixed: 4 known affected: 16 known not affected: 30 | 2026-07-14T11:09:45+00:00 | Vulnerability · Source |
| CVE-2026-31411 | redhat_vex | kernel: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() | fixed: 453 known affected: 64 known not affected: 76 | 2026-07-14T11:08:04+00:00 | Vulnerability · Source |
| CVE-2025-71089 | redhat_vex | kernel: iommu: disable SVA when CONFIG_X86 is set | fixed: 1364 known affected: 98 known not affected: 42 | 2026-07-14T11:08:01+00:00 | Vulnerability · Source |
| CVE-2025-71066 | redhat_vex | kernel: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change | fixed: 762 known affected: 22 known not affected: 42 | 2026-07-14T11:08:01+00:00 | Vulnerability · Source |
| CVE-2026-54059 | redhat_vex | python-pillow: Pillow: Denial of Service via crafted PCF font data | fixed: 52 known affected: 10 | 2026-07-14T10:53:27+00:00 | Vulnerability · Source |
| CVE-2026-46529 | redhat_vex | atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen | fixed: 301 known affected: 12 | 2026-07-14T10:53:22+00:00 | Vulnerability · Source |
| CVE-2026-53266 | redhat_vex | kernel: Linux kernel: netfilter: ebtables SNAT target writes to shared memory pages during ARP hardware address rewrite | fixed: 453 known affected: 99 known not affected: 42 | 2026-07-14T10:52:02+00:00 | Vulnerability · Source |
| CVE-2026-42880 | redhat_vex | argoproj/argo-cd: Argo CD: Information disclosure of Kubernetes Secret data via Server-Side Apply dry-run mechanism | fixed: 20 known affected: 1 known not affected: 112 | 2026-07-14T10:16:24+00:00 | Vulnerability · Source |
| CVE-2026-12478 | redhat_vex | libsoup: Incomplete fix for CVE-2026-0716: Out-of-bounds read in libsoup WebSocket frame processing (unmasked path) | known affected: 4 | 2026-07-14T10:06:12+00:00 | Vulnerability · Source |
| CVE-2026-59939 | redhat_vex | httplib2: httplib2: Denial of Service via unbounded decompression of HTTP response bodies | known affected: 212 known not affected: 1 | 2026-07-14T10:05:52+00:00 | Vulnerability · Source |
| CVE-2025-65637 | redhat_vex | github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload | fixed: 2037 known affected: 272 known not affected: 22243 | 2026-07-14T09:59:33+00:00 | Vulnerability · Source |
| CVE-2026-4430 | redhat_vex | LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents | fixed: 2854 known affected: 316 | 2026-07-14T07:56:16+00:00 | Vulnerability · Source |
| CVE-2026-52718 | redhat_vex | gstreamer1-plugins-bad-free: GStreamer: Denial of service via AV1 tile_list_obu parser byte/bit confusion | fixed: 83 known affected: 5 known not affected: 11 | 2026-07-14T07:45:58+00:00 | Vulnerability · Source |
| CVE-2026-52719 | redhat_vex | gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read via JPEG segment length validation in VA decoder | fixed: 83 known affected: 5 known not affected: 11 | 2026-07-14T07:45:54+00:00 | Vulnerability · Source |
| CVE-2026-12413 | redhat_vex | librenswan: IKEv2 Denial of Service via malformed fragmentation | known affected: 10 known not affected: 3 | 2026-07-14T07:31:06+00:00 | Vulnerability · Source |
| CVE-2026-50722 | redhat_vex | librenswan: IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload | known affected: 13 | 2026-07-14T06:50:36+00:00 | Vulnerability · Source |
| CVE-2026-56209 | redhat_vex | libaom: libaom: arbitrary address write via SVC layer context OOB and cyclic refresh map pointer hijack | fixed: 3 known affected: 51 known not affected: 3 | 2026-07-14T06:22:15+00:00 | Vulnerability · Source |
| CVE-2026-58049 | redhat_vex | FFmpeg: FFmpeg: Memory corruption via crafted RASC video stream | known affected: 50 known not affected: 3 | 2026-07-14T06:22:13+00:00 | Vulnerability · Source |
| CVE-2026-56211 | redhat_vex | libaom: libaom: remote code execution via SVC layer context handling with attacker-controlled frames | fixed: 3 known affected: 51 known not affected: 3 | 2026-07-14T06:22:12+00:00 | Vulnerability · Source |
| CVE-2026-55574 | redhat_vex | vllm: vLLM: Denial of Service via adversarial regular expression in structured outputs API | known affected: 22 known not affected: 4 | 2026-07-14T06:21:21+00:00 | Vulnerability · Source |
| CVE-2026-56210 | redhat_vex | libaom: libaom: heap-buffer-overflow read via missing bounds check in ctrl_set_layer_id | fixed: 3 known affected: 51 known not affected: 3 | 2026-07-14T06:21:16+00:00 | Vulnerability · Source |
| CVE-2026-54234 | redhat_vex | vllm: vLLM: Denial of Service via malformed speculative decoding workload | known affected: 22 known not affected: 4 | 2026-07-14T06:21:02+00:00 | Vulnerability · Source |