VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221692 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-6352 | redhat_vex | gitlab: GitLab EE: Auditor-level users can modify compliance records via improper authorization in GraphQL | known not affected: 4 | 2026-07-09T15:29:22+00:00 | Vulnerability · Source |
| CVE-2026-41568 | redhat_vex | github.com/docker/docker: github.com/moby/moby: Moby: Denial of Service via race condition in docker cp mount setup | fixed: 108 known affected: 20 known not affected: 18 under investigation: 316 | 2026-07-09T15:29:20+00:00 | Vulnerability · Source |
| CVE-2025-54410 | redhat_vex | github.com/moby/moby: Moby's Firewalld reload removes bridge network isolation | fixed: 108 known affected: 15 known not affected: 16 | 2026-07-09T15:29:18+00:00 | Vulnerability · Source |
| CVE-2024-45310 | redhat_vex | runc: runc can be tricked into creating empty files/directories on host | fixed: 112 known affected: 8 known not affected: 36 | 2026-07-09T15:29:16+00:00 | Vulnerability · Source |
| CVE-2026-58203 | redhat_vex | pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size | known affected: 47 known not affected: 5 | 2026-07-09T15:24:05+00:00 | Vulnerability · Source |
| CVE-2026-15172 | redhat_vex | wireshark: Wireshark: Denial of service via FMP/NOTIFY protocol dissector crash | known affected: 20 | 2026-07-09T15:21:07+00:00 | Vulnerability · Source |
| CVE-2026-45571 | redhat_vex | github.com/go-git/go-git: go-git: Path validation flaw allows unauthorized file access | fixed: 108 known not affected: 16 | 2026-07-09T15:17:24+00:00 | Vulnerability · Source |
| CVE-2026-41506 | redhat_vex | golang: github.com/go-git/go-git: go-git: Information disclosure of HTTP authentication credentials via redirects | fixed: 111 known affected: 222 known not affected: 16 | 2026-07-09T15:17:13+00:00 | Vulnerability · Source |
| CVE-2026-39834 | redhat_vex | golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service due to integer overflow in SSH channel write | fixed: 108 known affected: 35 known not affected: 18 under investigation: 290 | 2026-07-09T15:17:12+00:00 | Vulnerability · Source |
| CVE-2026-33540 | redhat_vex | github.com/distribution/distribution: Distribution: Information disclosure via improper validation of authentication realm URL | fixed: 108 known affected: 6 known not affected: 16 | 2026-07-09T15:16:50+00:00 | Vulnerability · Source |
| CVE-2026-27903 | redhat_vex | minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns | fixed: 108 known affected: 288 known not affected: 16 | 2026-07-09T15:16:46+00:00 | Vulnerability · Source |
| CVE-2026-25934 | redhat_vex | go-git/go-git: go-git: Data integrity issue due to improper verification of pack and index files | fixed: 108 known affected: 195 known not affected: 16 | 2026-07-09T15:16:37+00:00 | Vulnerability · Source |
| CVE-2026-24117 | redhat_vex | github.com/sigstore/rekor: Rekor Server-Side Request Forgery (SSRF) | fixed: 108 known affected: 136 known not affected: 16 | 2026-07-09T15:14:23+00:00 | Vulnerability · Source |
| CVE-2026-23831 | redhat_vex | github.com/sigstore/rekor: Rekor denial of service | fixed: 108 known affected: 185 known not affected: 16 | 2026-07-09T15:14:20+00:00 | Vulnerability · Source |
| CVE-2026-22772 | redhat_vex | fulcio: Fulcio: Server-Side Request Forgery (SSRF) via unanchored regex in MetaIssuer URL validation | fixed: 114 known affected: 239 known not affected: 31 | 2026-07-09T15:14:16+00:00 | Vulnerability · Source |
| CVE-2025-64329 | redhat_vex | github.com/containerd/containerd: containerd: Memory exhaustion via CRI Attach implementation goroutine leaks | fixed: 112 known affected: 372 known not affected: 47 under investigation: 1 | 2026-07-09T15:14:09+00:00 | Vulnerability · Source |
| CVE-2025-58058 | redhat_vex | github.com/ulikunitz/xz: github.com/ulikunitz/xz leaks memory | fixed: 116 known affected: 262 known not affected: 32 | 2026-07-09T15:14:05+00:00 | Vulnerability · Source |
| CVE-2025-22870 | redhat_vex | golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net | fixed: 329 known affected: 604 known not affected: 105 | 2026-07-09T15:13:53+00:00 | Vulnerability · Source |
| CVE-2024-40635 | redhat_vex | containerd: containerd has an integer overflow in User ID handling | fixed: 108 known affected: 51 known not affected: 16 | 2026-07-09T15:13:50+00:00 | Vulnerability · Source |
| CVE-2026-41567 | redhat_vex | docker: Moby/Docker Engine: Arbitrary Code Execution via malicious container image and compressed archive upload | fixed: 108 known affected: 63 known not affected: 23 | 2026-07-09T15:05:03+00:00 | Vulnerability · Source |
| CVE-2026-39883 | redhat_vex | github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris | fixed: 116 known not affected: 32 | 2026-07-09T15:04:56+00:00 | Vulnerability · Source |
| CVE-2025-21613 | redhat_vex | go-git: argument injection via the URL field | fixed: 362 known affected: 15 known not affected: 1076 | 2026-07-09T15:03:32+00:00 | Vulnerability · Source |
| CVE-2025-21614 | redhat_vex | go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies | fixed: 336 known affected: 17 known not affected: 969 under investigation: 221 | 2026-07-09T15:03:31+00:00 | Vulnerability · Source |
| CVE-2025-8766 | redhat_vex | noobaa-core: Excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container | fixed: 108 known not affected: 16 | 2026-07-09T15:03:26+00:00 | Vulnerability · Source |
| CVE-2024-25621 | redhat_vex | github.com/containerd/containerd: containerd local privilege escalation | fixed: 194 known affected: 91 known not affected: 737 | 2026-07-09T15:03:25+00:00 | Vulnerability · Source |
| CVE-2026-43051 | redhat_vex | kernel: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq | fixed: 762 known affected: 50 known not affected: 14 | 2026-07-09T14:57:03+00:00 | Vulnerability · Source |
| CVE-2026-53343 | microsoft_vex | ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow | fixed: 1 known affected: 1 | 2026-07-09T14:51:00+00:00 | Vulnerability · Source |
| CVE-2026-53356 | microsoft_vex | drm/i915/gem: Fix phys BO pread/pwrite with offset | fixed: 1 known affected: 1 | 2026-07-09T14:50:52+00:00 | Vulnerability · Source |
| CVE-2026-53349 | microsoft_vex | netfilter: nf_conntrack: destroy stale expectfn expectations on unregister | fixed: 1 known affected: 1 | 2026-07-09T14:50:45+00:00 | Vulnerability · Source |
| CVE-2026-53329 | microsoft_vex | drm/amd/display: Use krealloc_array() in dal_vector_reserve() | fixed: 1 known affected: 1 | 2026-07-09T14:50:35+00:00 | Vulnerability · Source |
| CVE-2026-53352 | microsoft_vex | signal: clear JOBCTL_PENDING_MASK for caller in zap_other_threads() | fixed: 1 known affected: 1 | 2026-07-09T14:50:28+00:00 | Vulnerability · Source |
| CVE-2026-53353 | microsoft_vex | hsr: Remove WARN_ONCE() in hsr_addr_is_self(). | fixed: 1 known affected: 1 | 2026-07-09T14:50:20+00:00 | Vulnerability · Source |
| CVE-2026-53347 | microsoft_vex | drm/virtio: Fix driver removal with disabled KMS | fixed: 1 known affected: 1 | 2026-07-09T14:50:12+00:00 | Vulnerability · Source |
| CVE-2026-53337 | microsoft_vex | net: bonding: fix NULL pointer dereference in bond_do_ioctl() | fixed: 1 known affected: 1 | 2026-07-09T14:50:04+00:00 | Vulnerability · Source |
| CVE-2026-53355 | microsoft_vex | net: rds: clear i_sends on setup unwind | fixed: 1 known affected: 1 | 2026-07-09T14:49:56+00:00 | Vulnerability · Source |
| CVE-2026-42055 | microsoft_vex | NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability | fixed: 1 known affected: 2 | 2026-07-09T14:49:41+00:00 | Vulnerability · Source |
| CVE-2026-52908 | microsoft_vex | RDMA: During rereg_mr ensure that REREG_ACCESS is compatible | fixed: 1 known affected: 1 | 2026-07-09T14:49:31+00:00 | Vulnerability · Source |
| CVE-2026-52910 | microsoft_vex | bpf: Free reuseport cBPF prog after RCU grace period. | fixed: 1 known affected: 1 | 2026-07-09T14:49:23+00:00 | Vulnerability · Source |
| CVE-2026-53295 | microsoft_vex | mailbox: add sanity check for channel array | fixed: 1 known affected: 1 | 2026-07-09T14:49:16+00:00 | Vulnerability · Source |
| CVE-2026-53314 | microsoft_vex | padata: Put CPU offline callback in ONLINE section to allow failure | fixed: 1 known affected: 1 | 2026-07-09T14:49:08+00:00 | Vulnerability · Source |
| CVE-2026-53291 | microsoft_vex | ALSA: hda/conexant: Fix missing error check for jack detection | fixed: 1 known affected: 1 | 2026-07-09T14:49:00+00:00 | Vulnerability · Source |
| CVE-2026-53287 | microsoft_vex | audit: fix incorrect inheritable capability in CAPSET records | fixed: 1 known affected: 1 | 2026-07-09T14:48:53+00:00 | Vulnerability · Source |
| CVE-2026-53289 | microsoft_vex | ice: fix NULL pointer dereference in ice_reset_all_vfs() | fixed: 1 known affected: 1 | 2026-07-09T14:48:45+00:00 | Vulnerability · Source |
| CVE-2026-53293 | microsoft_vex | drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG | fixed: 1 known affected: 1 | 2026-07-09T14:48:37+00:00 | Vulnerability · Source |
| CVE-2026-53304 | microsoft_vex | scsi: sg: Resolve soft lockup issue when opening /dev/sgX | fixed: 1 known affected: 1 | 2026-07-09T14:48:30+00:00 | Vulnerability · Source |
| CVE-2026-53034 | microsoft_vex | bpf, sockmap: Fix af_unix null-ptr-deref in proto update | fixed: 1 known affected: 1 | 2026-07-09T14:48:23+00:00 | Vulnerability · Source |
| CVE-2026-53056 | microsoft_vex | drm/msm/dpu: fix mismatch between power and frequency | fixed: 1 known affected: 1 | 2026-07-09T14:48:15+00:00 | Vulnerability · Source |
| CVE-2026-52967 | microsoft_vex | smb/client: fix possible infinite loop and oob read in symlink_data() | fixed: 1 known affected: 1 | 2026-07-09T14:48:07+00:00 | Vulnerability · Source |
| CVE-2026-53111 | microsoft_vex | bpf: test_run: Fix the null pointer dereference issue in bpf_lwt_xmit_push_encap | fixed: 1 known affected: 1 | 2026-07-09T14:48:00+00:00 | Vulnerability · Source |
| CVE-2026-52970 | microsoft_vex | netfilter: nft_ct: fix missing expect put in obj eval | fixed: 1 known affected: 1 | 2026-07-09T14:47:52+00:00 | Vulnerability · Source |