VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221754 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2025-68973 | redhat_vex | GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write | fixed: 394 known affected: 3 known not affected: 149 | 2026-07-08T22:06:22+00:00 | Vulnerability · Source |
| CVE-2025-61686 | redhat_vex | react-router: React Router has Path Traversal in File Session Storage | known not affected: 173 | 2026-07-08T22:05:25+00:00 | Vulnerability · Source |
| CVE-2025-15269 | redhat_vex | fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing | fixed: 112 known affected: 2 | 2026-07-08T22:05:18+00:00 | Vulnerability · Source |
| CVE-2026-46292 | redhat_vex | kernel: pmdomain: core: Fix detach procedure for virtual devices in genpd | known affected: 184 known not affected: 90 | 2026-07-08T22:04:12+00:00 | Vulnerability · Source |
| CVE-2026-22610 | redhat_vex | angular: Angular: Cross-site scripting vulnerability in Template Compiler | fixed: 4 known affected: 10 known not affected: 226 | 2026-07-08T22:02:45+00:00 | Vulnerability · Source |
| CVE-2026-47210 | redhat_vex | vm2: vm2: Arbitrary code execution via sandbox escape when executing untrusted code with async support. | fixed: 1 known not affected: 4 under investigation: 1 | 2026-07-08T21:53:54+00:00 | Vulnerability · Source |
| CVE-2026-47208 | redhat_vex | vm2: vm2: Sandbox Breakout Using Promise Species | fixed: 2 known affected: 1 known not affected: 6 | 2026-07-08T21:53:51+00:00 | Vulnerability · Source |
| CVE-2026-47141 | redhat_vex | vm2: vm2: NodeVM observability builtins leak host process and HTTP request data | fixed: 2 known affected: 1 known not affected: 6 | 2026-07-08T21:53:50+00:00 | Vulnerability · Source |
| CVE-2026-47140 | redhat_vex | vm2: vm2: Arbitrary code execution due to incomplete sandbox restrictions | fixed: 2 known affected: 1 known not affected: 6 | 2026-07-08T21:53:48+00:00 | Vulnerability · Source |
| CVE-2026-43869 | redhat_vex | Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation | fixed: 43 known affected: 15 known not affected: 855 | 2026-07-08T21:51:46+00:00 | Vulnerability · Source |
| CVE-2026-41607 | redhat_vex | Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability | fixed: 36 known affected: 14 known not affected: 438 | 2026-07-08T21:51:19+00:00 | Vulnerability · Source |
| CVE-2026-41605 | redhat_vex | Apache Thrift: Apache Thrift: Integer Overflow or Wraparound Vulnerability | fixed: 36 known affected: 14 known not affected: 438 | 2026-07-08T21:51:11+00:00 | Vulnerability · Source |
| CVE-2026-41604 | redhat_vex | Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability | fixed: 36 known affected: 14 known not affected: 438 | 2026-07-08T21:51:08+00:00 | Vulnerability · Source |
| CVE-2026-41602 | redhat_vex | github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation | fixed: 48 known affected: 12 known not affected: 646 | 2026-07-08T21:50:57+00:00 | Vulnerability · Source |
| CVE-2026-40293 | redhat_vex | OpenFGA: github.com/openfga/openfga: OpenFGA: Information disclosure of preshared API key via playground endpoint | fixed: 12 known affected: 2 known not affected: 369 | 2026-07-08T21:50:44+00:00 | Vulnerability · Source |
| CVE-2026-33487 | redhat_vex | github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue | fixed: 32 known not affected: 523 | 2026-07-08T21:50:28+00:00 | Vulnerability · Source |
| CVE-2026-32285 | redhat_vex | github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input | fixed: 54 known affected: 7 known not affected: 510 | 2026-07-08T21:50:15+00:00 | Vulnerability · Source |
| CVE-2025-48431 | redhat_vex | Apache Thrift: c_glib: Apache Thrift c_glib: Denial of Service via specially crafted requests | fixed: 18 known affected: 20 known not affected: 595 | 2026-07-08T21:49:27+00:00 | Vulnerability · Source |
| CVE-2026-47139 | redhat_vex | vm2: vm2: Sandbox escape via internal HTTP built-ins leading to network restriction bypass | fixed: 2 known affected: 1 known not affected: 6 | 2026-07-08T21:49:02+00:00 | Vulnerability · Source |
| CVE-2026-47137 | redhat_vex | vm2: vm2: Sandbox escape leading to arbitrary code execution via security bypass | fixed: 2 known affected: 1 known not affected: 6 | 2026-07-08T21:48:58+00:00 | Vulnerability · Source |
| CVE-2026-47135 | redhat_vex | vm2: vm2: Sandbox escape allows arbitrary code execution on the host system | fixed: 2 known affected: 1 known not affected: 6 | 2026-07-08T21:48:57+00:00 | Vulnerability · Source |
| CVE-2026-9673 | redhat_vex | json-2-csv: json-2-csv: CSV Injection vulnerability allows arbitrary code execution via `preventCsvInjection` bypass. | fixed: 2 known not affected: 6 under investigation: 1 | 2026-07-08T21:48:54+00:00 | Vulnerability · Source |
| CVE-2026-47131 | redhat_vex | vm2: vm2: Arbitrary code execution via sandbox escape vulnerability | fixed: 2 known affected: 1 known not affected: 6 | 2026-07-08T21:48:54+00:00 | Vulnerability · Source |
| CVE-2026-24781 | redhat_vex | vm2: vm2: Arbitrary code execution via sandbox breakout through inspect function | fixed: 2 known affected: 1 known not affected: 6 | 2026-07-08T21:41:02+00:00 | Vulnerability · Source |
| CVE-2026-46284 | redhat_vex | kernel: mm/hugetlb: fix early boot crash on parameters without '=' separator | known affected: 14 known not affected: 260 | 2026-07-08T21:37:53+00:00 | Vulnerability · Source |
| CVE-2026-3219 | redhat_vex | pip: pip: Incorrect file installation due to improper archive handling | fixed: 2 known affected: 114 | 2026-07-08T21:37:04+00:00 | Vulnerability · Source |
| CVE-2026-15154 | redhat_vex | guardrails-detectors: guardrails-detectors: Unauthenticated Regular-Expression Denial of Service (ReDoS) via detector_params.regex | known affected: 1 | 2026-07-08T21:05:04+00:00 | Vulnerability · Source |
| CVE-2025-59530 | redhat_vex | github.com/quic-go/quic-go: quic-go Crash Due to Premature HANDSHAKE_DONE Frame | fixed: 418 known affected: 16 known not affected: 2496 | 2026-07-08T21:02:31+00:00 | Vulnerability · Source |
| CVE-2025-68151 | redhat_vex | github.com/coredns/coredns/core/dnsserver: CoreDNS DoS via unbounded connections and oversized messages | fixed: 16 known affected: 1 known not affected: 84 | 2026-07-08T20:58:27+00:00 | Vulnerability · Source |
| CVE-2025-47950 | redhat_vex | coredns: CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification | fixed: 20 known not affected: 65 | 2026-07-08T20:58:15+00:00 | Vulnerability · Source |
| CVE-2026-26018 | redhat_vex | github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation | fixed: 20 known affected: 1 known not affected: 80 | 2026-07-08T20:57:01+00:00 | Vulnerability · Source |
| CVE-2026-26017 | redhat_vex | github.com/coredns/coredns: CoreDNS: DNS access control bypass due to plugin execution order flaw | fixed: 20 known affected: 1 known not affected: 80 | 2026-07-08T20:56:57+00:00 | Vulnerability · Source |
| CVE-2026-52936 | redhat_vex | kernel: crypto: jitterentropy - replace long-held spinlock with mutex | known affected: 260 known not affected: 14 | 2026-07-08T20:44:45+00:00 | Vulnerability · Source |
| CVE-2025-57847 | redhat_vex | ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions | known affected: 15 known not affected: 1 | 2026-07-08T20:35:09+00:00 | Vulnerability · Source |
| CVE-2026-8357 | redhat_vex | libreoffice: LibreOffice Calc: Arbitrary code execution via heap buffer overflow in formula compilation | fixed: 712 known affected: 316 | 2026-07-08T19:41:30+00:00 | Vulnerability · Source |
| CVE-2026-52937 | redhat_vex | kernel: tap: fix stack info leak in tap_ioctl() SIOCGIFHWADDR | known affected: 232 known not affected: 42 | 2026-07-08T19:35:43+00:00 | Vulnerability · Source |
| CVE-2026-34059 | redhat_vex | httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() | fixed: 437 known affected: 15 known not affected: 38 | 2026-07-08T19:33:41+00:00 | Vulnerability · Source |
| CVE-2026-34032 | redhat_vex | httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check | fixed: 437 known affected: 15 known not affected: 38 | 2026-07-08T19:33:37+00:00 | Vulnerability · Source |
| CVE-2026-33857 | redhat_vex | httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions | fixed: 437 known affected: 15 known not affected: 38 | 2026-07-08T19:33:36+00:00 | Vulnerability · Source |
| CVE-2025-53020 | redhat_vex | mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase | fixed: 315 known not affected: 47 | 2026-07-08T19:33:27+00:00 | Vulnerability · Source |
| CVE-2026-33007 | redhat_vex | httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash | fixed: 437 known affected: 15 known not affected: 38 | 2026-07-08T19:33:27+00:00 | Vulnerability · Source |
| CVE-2026-28780 | redhat_vex | Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow | fixed: 433 known affected: 15 known not affected: 38 | 2026-07-08T19:33:27+00:00 | Vulnerability · Source |
| CVE-2026-52941 | redhat_vex | kernel: net/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint | known affected: 232 known not affected: 42 | 2026-07-08T19:29:06+00:00 | Vulnerability · Source |
| CVE-2026-52921 | redhat_vex | kernel: netfilter: ipset: stop hash:* range iteration at end | known affected: 274 | 2026-07-08T19:29:06+00:00 | Vulnerability · Source |
| CVE-2024-27398 | redhat_vex | kernel: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout | fixed: 538 known affected: 112 | 2026-07-08T19:29:02+00:00 | Vulnerability · Source |
| CVE-2025-13151 | redhat_vex | libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string | fixed: 136 known affected: 9 | 2026-07-08T19:28:58+00:00 | Vulnerability · Source |
| CVE-2026-52940 | redhat_vex | kernel: tun: zero the whole vnet header in tun_put_user() | known affected: 90 known not affected: 184 | 2026-07-08T19:28:53+00:00 | Vulnerability · Source |
| CVE-2026-52939 | redhat_vex | kernel: net/rds: fix NULL deref in rds_ib_send_cqe_handler() on masked atomic completion | known affected: 14 known not affected: 260 | 2026-07-08T19:28:52+00:00 | Vulnerability · Source |
| CVE-2026-46295 | redhat_vex | kernel: KVM: x86: Do IRR scan in __kvm_apic_update_irr even if PIR is empty | known affected: 90 known not affected: 184 | 2026-07-08T19:28:50+00:00 | Vulnerability · Source |
| CVE-2026-46294 | redhat_vex | kernel: dm: fix a buffer overflow in ioctl processing | known affected: 274 | 2026-07-08T19:28:49+00:00 | Vulnerability · Source |