VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221646 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-44740 redhat_vex github.com/go-git/go-billy: Billy: Denial of Service via crafted input due to insufficient validation fixed: 112 known affected: 218 known not affected: 70 2026-07-15T05:51:28+00:00 Vulnerability · Source
CVE-2026-12325 redhat_vex firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component fixed: 260 known affected: 8 2026-07-15T05:48:54+00:00 Vulnerability · Source
CVE-2026-12324 redhat_vex firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component fixed: 260 known affected: 8 2026-07-15T05:48:51+00:00 Vulnerability · Source
CVE-2026-39244 redhat_vex adm-zip: adm-zip: Denial of Service via crafted ZIP file leading to excessive memory allocation known affected: 15 under investigation: 7 2026-07-15T05:48:37+00:00 Vulnerability · Source
CVE-2026-12330 redhat_vex firefox: thunderbird: Incorrect boundary conditions in the Internationalization component fixed: 260 known affected: 8 2026-07-15T05:47:54+00:00 Vulnerability · Source
CVE-2026-12327 redhat_vex firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 fixed: 260 known affected: 8 2026-07-15T05:47:51+00:00 Vulnerability · Source
CVE-2026-12315 redhat_vex firefox: thunderbird: Mitigation bypass in the DOM: Security component fixed: 260 known affected: 8 2026-07-15T05:47:48+00:00 Vulnerability · Source
CVE-2026-12314 redhat_vex firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 fixed: 260 known affected: 8 2026-07-15T05:47:47+00:00 Vulnerability · Source
CVE-2026-12313 redhat_vex firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component fixed: 260 known affected: 8 2026-07-15T05:47:46+00:00 Vulnerability · Source
CVE-2026-12312 redhat_vex firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 fixed: 260 known affected: 8 2026-07-15T05:47:41+00:00 Vulnerability · Source
CVE-2026-12311 redhat_vex firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component fixed: 260 known affected: 8 2026-07-15T05:47:39+00:00 Vulnerability · Source
CVE-2026-12310 redhat_vex firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 fixed: 260 known affected: 8 2026-07-15T05:47:37+00:00 Vulnerability · Source
CVE-2026-12309 redhat_vex firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 fixed: 260 known affected: 8 2026-07-15T05:47:34+00:00 Vulnerability · Source
CVE-2026-12308 redhat_vex firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 fixed: 260 known affected: 8 2026-07-15T05:47:31+00:00 Vulnerability · Source
CVE-2026-12307 redhat_vex firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 fixed: 260 known affected: 8 2026-07-15T05:47:27+00:00 Vulnerability · Source
CVE-2026-12306 redhat_vex firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 fixed: 260 known affected: 8 2026-07-15T05:47:26+00:00 Vulnerability · Source
CVE-2026-12305 redhat_vex firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 fixed: 260 known affected: 8 2026-07-15T05:47:24+00:00 Vulnerability · Source
CVE-2026-12302 redhat_vex firefox: thunderbird: Mitigation bypass in the DOM: Security component fixed: 260 known affected: 8 2026-07-15T05:47:21+00:00 Vulnerability · Source
CVE-2026-12304 redhat_vex firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component fixed: 260 known affected: 8 2026-07-15T05:47:21+00:00 Vulnerability · Source
CVE-2026-42504 redhat_vex mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header known affected: 117 known not affected: 26 under investigation: 240 2026-07-15T05:41:25+00:00 Vulnerability · Source
CVE-2026-39832 redhat_vex golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions fixed: 580 known affected: 95 known not affected: 189 under investigation: 3 2026-07-15T05:41:08+00:00 Vulnerability · Source
CVE-2026-39831 redhat_vex golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check fixed: 128 known affected: 176 known not affected: 113 under investigation: 74 2026-07-15T05:37:18+00:00 Vulnerability · Source
CVE-2026-39820 redhat_vex net/mail: golang: Go net/mail: Denial of Service via crafted email inputs fixed: 85 known affected: 148 known not affected: 225 under investigation: 132 2026-07-15T05:37:07+00:00 Vulnerability · Source
CVE-2025-61728 redhat_vex golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip fixed: 6567 known affected: 110 known not affected: 4103 2026-07-15T05:33:36+00:00 Vulnerability · Source
CVE-2026-39828 redhat_vex golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions fixed: 241 known affected: 154 known not affected: 403 under investigation: 1 2026-07-15T05:33:18+00:00 Vulnerability · Source
CVE-2026-39829 redhat_vex golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters fixed: 628 known affected: 171 known not affected: 525 under investigation: 3 2026-07-15T05:33:08+00:00 Vulnerability · Source
CVE-2026-42508 redhat_vex golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey fixed: 496 known affected: 51 known not affected: 261 under investigation: 3 2026-07-15T05:33:05+00:00 Vulnerability · Source
CVE-2026-46595 redhat_vex golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation fixed: 207 known affected: 60 known not affected: 889 under investigation: 3 2026-07-15T05:31:47+00:00 Vulnerability · Source
CVE-2026-39821 redhat_vex golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing fixed: 603 known affected: 259 known not affected: 1002 under investigation: 5 2026-07-15T05:31:43+00:00 Vulnerability · Source
CVE-2026-12329 redhat_vex firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 fixed: 260 known affected: 8 2026-07-15T05:31:38+00:00 Vulnerability · Source
CVE-2026-12328 redhat_vex firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 fixed: 260 known affected: 8 2026-07-15T05:31:33+00:00 Vulnerability · Source
CVE-2026-12299 redhat_vex firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component fixed: 260 known affected: 8 2026-07-15T05:31:28+00:00 Vulnerability · Source
CVE-2026-12298 redhat_vex firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12 fixed: 260 known affected: 8 2026-07-15T05:31:24+00:00 Vulnerability · Source
CVE-2026-12297 redhat_vex firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component fixed: 260 known affected: 8 2026-07-15T05:31:18+00:00 Vulnerability · Source
CVE-2026-12296 redhat_vex firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component fixed: 260 known affected: 8 2026-07-15T05:31:14+00:00 Vulnerability · Source
CVE-2026-12295 redhat_vex firefox: thunderbird: Sandbox escape in the DOM: Navigation component fixed: 260 known affected: 8 2026-07-15T05:31:06+00:00 Vulnerability · Source
CVE-2026-12294 redhat_vex firefox: thunderbird: Sandbox escape in the DOM: Workers component fixed: 260 known affected: 8 2026-07-15T05:31:00+00:00 Vulnerability · Source
CVE-2026-12292 redhat_vex firefox: thunderbird: Incorrect boundary conditions in the Web Audio component fixed: 260 known affected: 8 2026-07-15T05:30:53+00:00 Vulnerability · Source
CVE-2026-12291 redhat_vex firefox: thunderbird: Use-after-free in the Networking: HTTP component fixed: 260 known affected: 8 2026-07-15T05:30:47+00:00 Vulnerability · Source
CVE-2026-12290 redhat_vex firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 fixed: 260 known affected: 8 2026-07-15T05:30:38+00:00 Vulnerability · Source
CVE-2026-12289 redhat_vex firefox: thunderbird: Privilege escalation in the Graphics: WebRender component fixed: 260 known affected: 8 2026-07-15T05:30:33+00:00 Vulnerability · Source
CVE-2026-27145 redhat_vex crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries fixed: 141 known affected: 115 known not affected: 334 under investigation: 38 2026-07-15T05:28:44+00:00 Vulnerability · Source
CVE-2025-66506 redhat_vex github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token fixed: 320 known affected: 66 known not affected: 1247 2026-07-15T05:28:17+00:00 Vulnerability · Source
CVE-2025-66418 redhat_vex urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion fixed: 1933 known affected: 421 known not affected: 2586 under investigation: 1 2026-07-15T05:27:51+00:00 Vulnerability · Source
CVE-2025-64756 redhat_vex glob: glob: Command Injection Vulnerability via Malicious Filenames fixed: 171 known affected: 145 known not affected: 1097 2026-07-15T05:27:34+00:00 Vulnerability · Source
CVE-2025-52881 redhat_vex runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects fixed: 2378 known affected: 46 known not affected: 3931 2026-07-15T05:26:36+00:00 Vulnerability · Source
CVE-2025-22869 redhat_vex golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh fixed: 2719 known affected: 54 known not affected: 6259 under investigation: 1 2026-07-15T05:26:22+00:00 Vulnerability · Source
CVE-2025-22868 redhat_vex golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws fixed: 1876 known affected: 95 known not affected: 8426 2026-07-15T05:26:14+00:00 Vulnerability · Source
CVE-2024-24786 redhat_vex golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON fixed: 2012 known affected: 115 known not affected: 11938 under investigation: 58 2026-07-15T05:04:56+00:00 Vulnerability · Source
CVE-2024-24784 redhat_vex golang: net/mail: comments in display names are incorrectly handled fixed: 1678 known affected: 56 known not affected: 714 2026-07-15T05:04:49+00:00 Vulnerability · Source