VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221646 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2022-41724 redhat_vex golang: crypto/tls: large handshake records may cause panics fixed: 1716 known affected: 86 known not affected: 2714 2026-07-15T05:04:43+00:00 Vulnerability · Source
CVE-2022-41723 redhat_vex golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding fixed: 1546 known affected: 288 known not affected: 11950 2026-07-15T05:04:33+00:00 Vulnerability · Source
CVE-2022-30631 redhat_vex golang: compress/gzip: stack exhaustion in Reader.Read fixed: 4253 known affected: 91 known not affected: 2159 2026-07-15T05:04:28+00:00 Vulnerability · Source
CVE-2026-48525 redhat_vex python-pyjwt: PyJWT: Denial of Service via processing of crafted detached JWS tokens fixed: 4 known affected: 191 known not affected: 6 2026-07-15T05:04:24+00:00 Vulnerability · Source
CVE-2026-48524 redhat_vex python-pyjwt: PyJWT: Denial of Service via unverified JSON Web Token key IDs known affected: 184 known not affected: 5 2026-07-15T05:04:22+00:00 Vulnerability · Source
CVE-2023-39325 redhat_vex golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) fixed: 4761 known affected: 244 known not affected: 30354 2026-07-15T05:00:03+00:00 Vulnerability · Source
CVE-2026-8177 redhat_vex perl-XML-LibXML: XML::LibXML: Denial of Service via truncated UTF-8 in XML node names fixed: 26 known affected: 3 known not affected: 1 2026-07-15T04:47:38+00:00 Vulnerability · Source
CVE-2026-12505 redhat_vex cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall fixed: 143 known affected: 5 2026-07-15T04:44:40+00:00 Vulnerability · Source
CVE-2026-50651 redhat_vex dotnet: SocketsHttpHandler Http2Connection - HTTP/2 SETTINGS/PING ACK flood causing OOM known affected: 12 known not affected: 17 under investigation: 130 2026-07-15T03:50:44+00:00 Vulnerability · Source
CVE-2026-40898 redhat_vex github.com/quic-go/quic-go: quic-go: Denial of Service via excessive memory allocation in HTTP/3 trailers fixed: 4 known affected: 17 known not affected: 8 2026-07-15T03:45:50+00:00 Vulnerability · Source
CVE-2025-43213 redhat_vex webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash fixed: 509 known affected: 4 known not affected: 5 2026-07-15T03:16:38+00:00 Vulnerability · Source
CVE-2021-47952 redhat_vex python-jsonpickle: python-jsonpickle: Arbitrary Code Execution via Malicious JSON Deserialization known not affected: 2 2026-07-15T03:16:31+00:00 Vulnerability · Source
CVE-2026-1207 redhat_vex Django: Django: SQL Injection via RasterField band index parameter fixed: 122 known affected: 6 known not affected: 4552 2026-07-15T03:13:09+00:00 Vulnerability · Source
CVE-2026-0877 redhat_vex firefox: thunderbird: Mitigation bypass in the DOM: Security component fixed: 320 known affected: 7 2026-07-15T03:13:07+00:00 Vulnerability · Source
CVE-2025-70974 redhat_vex fastjson: Fastjson: Remote Code Execution via JNDI Injection due to autoType mishandling known not affected: 14 2026-07-15T03:13:03+00:00 Vulnerability · Source
CVE-2026-0636 redhat_vex bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java fixed: 29 known affected: 32 known not affected: 291 2026-07-15T03:13:00+00:00 Vulnerability · Source
CVE-2025-43441 redhat_vex webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash fixed: 482 known affected: 4 known not affected: 5 2026-07-15T03:12:35+00:00 Vulnerability · Source
CVE-2026-48618 redhat_vex nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch fixed: 210 known affected: 28 2026-07-15T03:07:47+00:00 Vulnerability · Source
CVE-2026-8946 redhat_vex firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component fixed: 260 known affected: 8 2026-07-15T03:00:00+00:00 Vulnerability · Source
CVE-2026-48779 redhat_vex ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments fixed: 101 known affected: 58 known not affected: 295 under investigation: 30 2026-07-15T03:00:00+00:00 Vulnerability · Source
CVE-2026-45829 redhat_vex chromadb: ChromaDB Python Project: Arbitrary code execution via pre-authentication code injection known not affected: 4 2026-07-15T03:00:00+00:00 Vulnerability · Source
CVE-2026-13149 redhat_vex brace-expansion: Brace-expansion: Denial of Service due to exponential-time complexity fixed: 12 known affected: 183 known not affected: 65 2026-07-15T03:00:00+00:00 Vulnerability · Source
CVE-2026-24869 redhat_vex firefox: Use-after-free in the Layout: Scrolling and Overflow component known not affected: 12 2026-07-15T02:42:36+00:00 Vulnerability · Source
CVE-2026-2447 redhat_vex libvpx: Heap buffer overflow in libvpx fixed: 721 known affected: 7 2026-07-15T02:42:24+00:00 Vulnerability · Source
CVE-2026-23868 redhat_vex giflib: Giflib: Double-free vulnerability leading to memory corruption fixed: 480 known affected: 3 2026-07-15T02:42:01+00:00 Vulnerability · Source
CVE-2026-25521 redhat_vex locutus: Locutus is vulnerable to Prototype Pollution known not affected: 6 2026-07-15T02:41:27+00:00 Vulnerability · Source
CVE-2026-2797 redhat_vex firefox: thunderbird: Use-after-free in the JavaScript: GC component known not affected: 18 2026-07-15T02:38:06+00:00 Vulnerability · Source
CVE-2026-2759 redhat_vex firefox: thunderbird: Incorrect boundary conditions in the Graphics: ImageLib component fixed: 320 known affected: 6 2026-07-15T02:38:02+00:00 Vulnerability · Source
CVE-2026-2611 redhat_vex mlflow: MLflow: Arbitrary Code Execution via Improper Origin Validation known not affected: 19 2026-07-15T02:37:51+00:00 Vulnerability · Source
CVE-2026-2761 redhat_vex firefox: thunderbird: Sandbox escape in the Graphics: WebRender component fixed: 320 known affected: 6 2026-07-15T02:36:52+00:00 Vulnerability · Source
CVE-2026-2651 redhat_vex github.com/mlflow/mlflow: MLflow: Arbitrary code execution via unauthorized multipart upload access known not affected: 19 2026-07-15T02:36:38+00:00 Vulnerability · Source
CVE-2026-2766 redhat_vex firefox: thunderbird: Use-after-free in the JavaScript Engine: JIT component fixed: 320 known affected: 8 2026-07-15T02:36:21+00:00 Vulnerability · Source
CVE-2026-31837 redhat_vex istio: Istio: Information disclosure and authentication bypass via JWKS resolver unavailability fixed: 36 known affected: 9 known not affected: 271 2026-07-15T02:32:38+00:00 Vulnerability · Source
CVE-2026-33870 redhat_vex io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values fixed: 67 known affected: 33 known not affected: 460 2026-07-15T02:26:36+00:00 Vulnerability · Source
CVE-2026-37555 redhat_vex libsndfile: integer overflow in ima_reader_init() fixed: 328 known affected: 7 2026-07-15T02:23:27+00:00 Vulnerability · Source
CVE-2026-3505 redhat_vex bouncycastle: BC-JAVA: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion fixed: 17 known affected: 14 known not affected: 218 2026-07-15T02:23:21+00:00 Vulnerability · Source
CVE-2026-41044 redhat_vex org.apache.activemq/activemq-broker: org.apache.activemq/activemq-all: Apache ActiveMQ: Arbitrary code execution via improper input validation in admin console known affected: 1 known not affected: 13 2026-07-15T02:22:26+00:00 Vulnerability · Source
CVE-2026-40860 redhat_vex Apache Camel: camel-jms: camel-sjms: camel-sjms2: camel-amqp: camel-activemq: camel-activemq6: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage fixed: 2 known affected: 2 known not affected: 7 2026-07-15T02:22:22+00:00 Vulnerability · Source
CVE-2026-42258 redhat_vex ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments fixed: 1913 known affected: 3 known not affected: 11 under investigation: 9 2026-07-15T02:17:56+00:00 Vulnerability · Source
CVE-2026-4698 redhat_vex firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component fixed: 320 known affected: 8 2026-07-15T02:07:35+00:00 Vulnerability · Source
CVE-2026-48526 redhat_vex python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens fixed: 815 known affected: 58 known not affected: 571 2026-07-15T02:06:31+00:00 Vulnerability · Source
CVE-2026-58253 microsoft_vex NATS Server: Route API Auth Bypass fixed: 1 known affected: 1 2026-07-15T01:41:30+00:00 Vulnerability · Source
CVE-2026-58209 microsoft_vex NATS Server: MQTT retained and QoS replay bypass subscribe deny filters fixed: 1 known affected: 1 2026-07-15T01:41:23+00:00 Vulnerability · Source
CVE-2026-58252 microsoft_vex NATS Server: Subscribe Authz Bypass via Wildcard-Overlap fixed: 1 known affected: 1 2026-07-15T01:41:15+00:00 Vulnerability · Source
CVE-2026-58250 microsoft_vex NATS Server: Pre-auth server crash via double INFO in leafnode handshake fixed: 1 known affected: 1 2026-07-15T01:41:08+00:00 Vulnerability · Source
CVE-2026-58208 microsoft_vex NATS Server: MQTT-over-WebSocket Path Can Crash WebSocket-Only JetStream Servers Before MQTT Is Enabled fixed: 1 known affected: 1 2026-07-15T01:41:00+00:00 Vulnerability · Source
CVE-2026-58251 microsoft_vex NATS Server: Queue Subscribe Authz Bypass fixed: 1 known affected: 1 2026-07-15T01:40:53+00:00 Vulnerability · Source
CVE-2026-58207 microsoft_vex NATS Server: Remote crash via integer overflow in Connz pagination fixed: 1 known affected: 1 2026-07-15T01:40:45+00:00 Vulnerability · Source
CVE-2026-56288 microsoft_vex NULL Pointer Dereference in GNU patch fixed: 1 known affected: 2 2026-07-15T01:40:21+00:00 Vulnerability · Source
CVE-2026-56289 microsoft_vex Loop with Unreachable Exit Condition in GNU patch fixed: 1 known affected: 2 2026-07-15T01:40:12+00:00 Vulnerability · Source