VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221727 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-50021 | redhat_vex | pnpm: pnpm: Integrity bypass allows installation of altered packages via modified lockfile | known affected: 1 known not affected: 3 | 2026-07-09T08:44:40+00:00 | Vulnerability · Source |
| CVE-2026-50016 | redhat_vex | pnpm: pnpm: Arbitrary code execution due to path traversal in dependency aliases | known affected: 1 known not affected: 3 | 2026-07-09T08:40:10+00:00 | Vulnerability · Source |
| CVE-2026-55698 | redhat_vex | pnpm: pnpm: Arbitrary code execution via malicious package-manager lockfile | known affected: 1 known not affected: 3 | 2026-07-09T08:39:53+00:00 | Vulnerability · Source |
| CVE-2026-55697 | redhat_vex | pnpm: pnpm: Arbitrary code execution via improper handling of config dependencies | known affected: 1 known not affected: 3 | 2026-07-09T08:35:54+00:00 | Vulnerability · Source |
| CVE-2026-43866 | redhat_vex | camel-jms: Apache Camel JMS components: Arbitrary Exchange state injection | known affected: 1 known not affected: 1 | 2026-07-09T08:21:11+00:00 | Vulnerability · Source |
| CVE-2026-48995 | redhat_vex | pnpm: pnpm: Supply chain compromise from unverified dependencies | known affected: 1 known not affected: 3 | 2026-07-09T08:20:01+00:00 | Vulnerability · Source |
| CVE-2026-55700 | redhat_vex | pnpm: pnpm: Unauthorized file modification via crafted package manifest | known affected: 1 known not affected: 3 | 2026-07-09T08:10:40+00:00 | Vulnerability · Source |
| CVE-2026-23415 | redhat_vex | kernel: futex: Fix UaF between futex_key_to_node_opt() and vma_replace_policy() | known affected: 184 known not affected: 90 | 2026-07-09T07:59:12+00:00 | Vulnerability · Source |
| CVE-2026-52722 | redhat_vex | gstreamer1-plugins-bad-free: GStreamer: Signed integer overflow in VMnc decoder cursor payload handling | fixed: 114 known affected: 13 | 2026-07-09T07:58:45+00:00 | Vulnerability · Source |
| CVE-2026-31554 | redhat_vex | kernel: futex: Require sys_futex_requeue() to have identical flags | known affected: 184 known not affected: 90 | 2026-07-09T07:53:29+00:00 | Vulnerability · Source |
| CVE-2026-59194 | redhat_vex | pnpm: pnpm: patch-remove could delete project-selected files outside the patches directory | known affected: 1 known not affected: 3 | 2026-07-09T07:35:27+00:00 | Vulnerability · Source |
| CVE-2026-34043 | redhat_vex | serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization | fixed: 574 known affected: 60 known not affected: 2866 | 2026-07-09T07:32:12+00:00 | Vulnerability · Source |
| CVE-2026-27140 | redhat_vex | cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names | fixed: 902 known affected: 11 known not affected: 1355 under investigation: 3 | 2026-07-09T07:31:13+00:00 | Vulnerability · Source |
| CVE-2026-59195 | redhat_vex | pnpm: pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config | known affected: 1 known not affected: 3 | 2026-07-09T07:30:52+00:00 | Vulnerability · Source |
| CVE-2026-50015 | redhat_vex | pnpm: pnpm: Arbitrary file write/delete due to lack of path validation in patch files | known affected: 1 known not affected: 3 | 2026-07-09T07:30:36+00:00 | Vulnerability · Source |
| CVE-2026-55487 | redhat_vex | pnpm: pnpm: Supply chain compromise via manipulated package source strings | known affected: 1 known not affected: 3 | 2026-07-09T07:30:15+00:00 | Vulnerability · Source |
| CVE-2026-54590 | redhat_vex | AsyncSSH: AsyncSSH: Unauthorized file modification via authorized-keys directory escape | known not affected: 1 | 2026-07-09T07:17:03+00:00 | Vulnerability · Source |
| CVE-2025-9714 | redhat_vex | libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c | fixed: 536 known affected: 5 known not affected: 62 | 2026-07-09T07:01:51+00:00 | Vulnerability · Source |
| CVE-2026-15174 | redhat_vex | wireshark: Wireshark: Denial of Service via Catapult DCT2000 protocol dissector crash | known affected: 20 | 2026-07-09T06:59:08+00:00 | Vulnerability · Source |
| CVE-2026-15171 | redhat_vex | wireshark: Wireshark: Denial of service via SSH protocol dissector crash | known affected: 20 | 2026-07-09T06:36:12+00:00 | Vulnerability · Source |
| CVE-2026-15173 | redhat_vex | Wireshark: Wireshark: Denial of Service via pcapng file parser crash | known affected: 20 | 2026-07-09T06:36:11+00:00 | Vulnerability · Source |
| CVE-2026-43190 | redhat_vex | kernel: netfilter: xt_tcpmss: check remaining length before reading optlen | fixed: 1766 known affected: 47 | 2026-07-09T06:20:27+00:00 | Vulnerability · Source |
| CVE-2025-40909 | redhat_vex | perl: Perl threads have a working directory race condition where file operations may target unintended paths | fixed: 2548 known affected: 67 known not affected: 2 | 2026-07-09T05:41:08+00:00 | Vulnerability · Source |
| CVE-2026-46227 | redhat_vex | kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL | fixed: 1980 known not affected: 31 | 2026-07-09T05:25:18+00:00 | Vulnerability · Source |
| CVE-2026-15170 | redhat_vex | wireshark: Wireshark: Denial of service via Z39.50 protocol dissector crash | known affected: 4 | 2026-07-09T03:59:33+00:00 | Vulnerability · Source |
| CVE-2023-6200 | redhat_vex | kernel: ICMPv6 Router Advertisement packets, aka Linux TCP/IP Remote Code Execution Vulnerability | known not affected: 222 | 2026-07-09T03:44:32+00:00 | Vulnerability · Source |
| CVE-2026-44777 | redhat_vex | jq: stack overflow in module loading on mutual include | fixed: 3 known affected: 14 | 2026-07-09T02:27:39+00:00 | Vulnerability · Source |
| CVE-2026-54891 | microsoft_vex | Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl | known not affected: 1 | 2026-07-09T01:50:30+00:00 | Vulnerability · Source |
| CVE-2026-55952 | microsoft_vex | TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension | known not affected: 1 | 2026-07-09T01:50:21+00:00 | Vulnerability · Source |
| CVE-2026-53359 | microsoft_vex | KVM: x86: Fix shadow paging use-after-free due to unexpected role | known not affected: 1 | 2026-07-09T01:50:15+00:00 | Vulnerability · Source |
| CVE-2026-14355 | microsoft_vex | ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD | known affected: 1 known not affected: 1 | 2026-07-09T01:50:09+00:00 | Vulnerability · Source |
| CVE-2026-8286 | microsoft_vex | wrong STARTTLS connection reuse | known affected: 2 known not affected: 4 | 2026-07-09T01:50:03+00:00 | Vulnerability · Source |
| CVE-2026-8925 | microsoft_vex | SASL double-free | known not affected: 3 | 2026-07-09T01:49:49+00:00 | Vulnerability · Source |
| CVE-2026-8927 | microsoft_vex | env-set cross-proxy Digest auth state leak | known affected: 2 known not affected: 4 | 2026-07-09T01:49:26+00:00 | Vulnerability · Source |
| CVE-2026-9080 | microsoft_vex | UAF after pause in socket callback | known not affected: 3 | 2026-07-09T01:49:11+00:00 | Vulnerability · Source |
| CVE-2026-12064 | microsoft_vex | proto-default skips SSH verification | known affected: 1 known not affected: 2 | 2026-07-09T01:48:39+00:00 | Vulnerability · Source |
| CVE-2026-8458 | microsoft_vex | wrong reuse for different services | known affected: 2 known not affected: 4 | 2026-07-09T01:48:27+00:00 | Vulnerability · Source |
| CVE-2026-46252 | microsoft_vex | regulator: core: fix locking in regulator_resolve_supply() error path | fixed: 1 known affected: 3 | 2026-07-09T01:48:25+00:00 | Vulnerability · Source |
| CVE-2026-8924 | microsoft_vex | trailing dot domain super cookie | known affected: 2 known not affected: 4 | 2026-07-09T01:48:07+00:00 | Vulnerability · Source |
| CVE-2026-46242 | microsoft_vex | eventpoll: fix ep_remove struct eventpoll / struct file UAF | fixed: 1 known affected: 1 under investigation: 2 | 2026-07-09T01:48:05+00:00 | Vulnerability · Source |
| CVE-2026-46135 | microsoft_vex | nvmet-tcp: fix race between ICReq handling and queue teardown | fixed: 1 known affected: 3 | 2026-07-09T01:47:55+00:00 | Vulnerability · Source |
| CVE-2026-11856 | microsoft_vex | cross-origin Digest auth state leak | known affected: 2 known not affected: 4 | 2026-07-09T01:47:43+00:00 | Vulnerability · Source |
| CVE-2026-46054 | microsoft_vex | selinux: fix overlayfs mmap() and mprotect() access checks | fixed: 1 known affected: 3 | 2026-07-09T01:47:35+00:00 | Vulnerability · Source |
| CVE-2026-9547 | microsoft_vex | SSH improper host validation | known not affected: 6 | 2026-07-09T01:47:17+00:00 | Vulnerability · Source |
| CVE-2026-8932 | microsoft_vex | incomplete mTLS config matching in conn reuse | known affected: 2 known not affected: 4 | 2026-07-09T01:46:48+00:00 | Vulnerability · Source |
| CVE-2026-9545 | microsoft_vex | exposing HTTP/3 early data | known affected: 1 known not affected: 3 | 2026-07-09T01:46:22+00:00 | Vulnerability · Source |
| CVE-2026-53167 | microsoft_vex | fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios | fixed: 1 known affected: 2 | 2026-07-09T01:46:14+00:00 | Vulnerability · Source |
| CVE-2026-9079 | microsoft_vex | stale proxy password leak | known affected: 2 known not affected: 3 | 2026-07-09T01:46:04+00:00 | Vulnerability · Source |
| CVE-2026-4360 | microsoft_vex | Tarfile.extract() doesn't fully respect filter parameter | known affected: 1 known not affected: 1 | 2026-07-09T01:45:43+00:00 | Vulnerability · Source |
| CVE-2026-53339 | microsoft_vex | i2c: qcom-cci: Fix NULL pointer dereference in cci_remove() | known not affected: 1 | 2026-07-09T01:45:03+00:00 | Vulnerability · Source |