VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221769 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2024-9341 | redhat_vex | Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library | fixed: 535 known affected: 4 known not affected: 2798 | 2026-07-07T14:24:52+00:00 | Vulnerability · Source |
| CVE-2026-46181 | redhat_vex | kernel: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() | fixed: 1457 known affected: 33 known not affected: 76 under investigation: 14 | 2026-07-07T14:15:12+00:00 | Vulnerability · Source |
| CVE-2026-44420 | redhat_vex | freerdp: FreeRDP: Arbitrary code execution and denial of service via heap-buffer-overflow | fixed: 65 known affected: 24 | 2026-07-07T14:14:37+00:00 | Vulnerability · Source |
| CVE-2026-41516 | redhat_vex | OP-TEE: OP-TEE: Information disclosure via Bleichenbacher-style padding oracle in RSA PKCS#1 v1.5 decryption | known not affected: 1 | 2026-07-07T13:46:43+00:00 | Vulnerability · Source |
| CVE-2026-42778 | redhat_vex | Apache MINA: deserialization of untrusted data (incomplete fix for CVE-2026-41409) | known affected: 5 known not affected: 22 | 2026-07-07T13:32:53+00:00 | Vulnerability · Source |
| CVE-2026-41409 | redhat_vex | Apache MINA: Apache MINA: Arbitrary code execution via incomplete deserialization fix | known affected: 8 known not affected: 19 | 2026-07-07T13:32:52+00:00 | Vulnerability · Source |
| CVE-2026-46303 | redhat_vex | kernel: isofs: validate Rock Ridge CE continuation extent against volume size | known affected: 76 known not affected: 198 | 2026-07-07T13:12:10+00:00 | Vulnerability · Source |
| CVE-2026-46323 | redhat_vex | kernel: Linux kernel: Use-After-Free in net/gro due to improper handling of zerocopy skbs | fixed: 1148 known affected: 78 known not affected: 112 | 2026-07-07T13:02:41+00:00 | Vulnerability · Source |
| CVE-2026-41515 | redhat_vex | optee_os: OP-TEE: Information disclosure via padding oracle in RSA-OAEP decryption | known not affected: 1 | 2026-07-07T12:43:08+00:00 | Vulnerability · Source |
| CVE-2026-41434 | redhat_vex | OP-TEE: OP-TEE: Denial of Service via unbounded recursion in PKCS#11 TA | known not affected: 1 | 2026-07-07T12:43:07+00:00 | Vulnerability · Source |
| CVE-2026-42546 | redhat_vex | OP-TEE: OP-TEE: Denial of Service due to resource leak in shared memory cleanup | known not affected: 1 | 2026-07-07T12:43:07+00:00 | Vulnerability · Source |
| CVE-2026-53763 | redhat_vex | OP-TEE: OP-TEE: Data integrity compromise due to integer overflow in AES-GCM | known not affected: 1 | 2026-07-07T12:42:17+00:00 | Vulnerability · Source |
| CVE-2026-44362 | redhat_vex | optee: OP-TEE: Subkey rollback protection bypass allows loading of unauthorized Trusted Applications | known not affected: 1 | 2026-07-07T12:42:14+00:00 | Vulnerability · Source |
| CVE-2026-41514 | redhat_vex | optee: OP-TEE: Information disclosure via padding oracle in RSA-OAEP decryption | known not affected: 1 | 2026-07-07T12:42:12+00:00 | Vulnerability · Source |
| CVE-2026-40257 | redhat_vex | optee: OP-TEE: Memory corruption due to heap overflow in ARM Crypto Extensions SHA-3 implementation | known not affected: 1 | 2026-07-07T12:42:03+00:00 | Vulnerability · Source |
| CVE-2025-49795 | redhat_vex | libxml: Null pointer dereference leads to Denial of service (DoS) | fixed: 57 known affected: 5 known not affected: 13 | 2026-07-07T12:21:30+00:00 | Vulnerability · Source |
| CVE-2026-48936 | redhat_vex | nodejs: Node.js: Local server can be started without network permission via Permission API flaw | fixed: 20 known affected: 40 | 2026-07-07T12:06:41+00:00 | Vulnerability · Source |
| CVE-2026-55686 | redhat_vex | github.com/containers/podman: Podman: Host filesystem modification via malicious container image WORKDIR symlink | fixed: 4 known affected: 37 | 2026-07-07T12:04:57+00:00 | Vulnerability · Source |
| CVE-2026-30923 | redhat_vex | libModSecurity3: ModSecurity: ModSecurity: Denial of Service via crafted query string parameter in t:hexDecode transformation | known not affected: 8 | 2026-07-07T11:48:27+00:00 | Vulnerability · Source |
| CVE-2026-44283 | redhat_vex | etcd: etcd: Authenticated user can bypass RBAC for unauthorized data access | known affected: 3 under investigation: 4 | 2026-07-07T11:42:22+00:00 | Vulnerability · Source |
| CVE-2026-41293 | redhat_vex | tomcat-coyote: Apache Tomcat: HTTP/2 request headers not validated | known affected: 66 known not affected: 2 under investigation: 14 | 2026-07-07T11:42:21+00:00 | Vulnerability · Source |
| CVE-2026-54902 | redhat_vex | Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback | known not affected: 1 | 2026-07-07T11:33:11+00:00 | Vulnerability · Source |
| CVE-2026-54901 | redhat_vex | Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking | known not affected: 1 | 2026-07-07T11:33:09+00:00 | Vulnerability · Source |
| CVE-2026-54502 | redhat_vex | Oj: Stack Buffer Overflow in Oj.dump via Large Indent | known not affected: 1 | 2026-07-07T11:33:08+00:00 | Vulnerability · Source |
| CVE-2026-8450 | redhat_vex | perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in send_file() | fixed: 6 known affected: 1 | 2026-07-07T11:25:14+00:00 | Vulnerability · Source |
| CVE-2026-14476 | redhat_vex | sssd: sssd: GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication bypass | known affected: 163 | 2026-07-07T11:09:15+00:00 | Vulnerability · Source |
| CVE-2026-14474 | redhat_vex | sssd: sssd: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation | known affected: 163 | 2026-07-07T11:09:08+00:00 | Vulnerability · Source |
| CVE-2026-54500 | redhat_vex | oj: Oj: Information disclosure via uninitialized stack memory read | known not affected: 1 | 2026-07-07T10:34:59+00:00 | Vulnerability · Source |
| CVE-2026-54898 | redhat_vex | oj: Oj: Denial of Service via input string mutation during JSON parsing | known not affected: 1 | 2026-07-07T10:34:55+00:00 | Vulnerability · Source |
| CVE-2026-54900 | redhat_vex | oj: Oj: Heap corruption via crafted JSON object key | known not affected: 1 | 2026-07-07T10:34:07+00:00 | Vulnerability · Source |
| CVE-2026-54592 | redhat_vex | oj: Oj: Denial of Service via deeply nested JSON input | known not affected: 1 | 2026-07-07T10:34:01+00:00 | Vulnerability · Source |
| CVE-2026-54903 | redhat_vex | oj: Oj: Heap corruption and Denial of Service via integer overflow in JSON parsing | known not affected: 1 | 2026-07-07T10:34:00+00:00 | Vulnerability · Source |
| CVE-2026-54897 | redhat_vex | oj: Oj: Use-After-Free in Oj::Doc Iterators via reentrant close | known not affected: 1 | 2026-07-07T10:32:36+00:00 | Vulnerability · Source |
| CVE-2026-54896 | redhat_vex | oj: Oj: Heap buffer overflow in exception serialization | known not affected: 1 | 2026-07-07T10:32:29+00:00 | Vulnerability · Source |
| CVE-2026-54899 | redhat_vex | oj: Oj: Use-After-Free in parser symbol key cache toggle | known not affected: 1 | 2026-07-07T10:27:12+00:00 | Vulnerability · Source |
| CVE-2022-36033 | redhat_vex | jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled | fixed: 136 known affected: 25 known not affected: 12 | 2026-07-07T09:58:51+00:00 | Vulnerability · Source |
| CVE-2021-22573 | redhat_vex | google-oauth-client: Token signature not verified | fixed: 4 known affected: 7 known not affected: 8 | 2026-07-07T09:23:35+00:00 | Vulnerability · Source |
| CVE-2026-53094 | redhat_vex | kernel: bpf: Fix stale offload->prog pointer after constant blinding | known affected: 184 known not affected: 90 | 2026-07-07T08:50:32+00:00 | Vulnerability · Source |
| CVE-2026-41240 | redhat_vex | DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization | fixed: 49 known affected: 19 known not affected: 386 | 2026-07-07T07:59:56+00:00 | Vulnerability · Source |
| CVE-2026-44580 | redhat_vex | next.js: Next.js: Cross-site scripting allows arbitrary code execution via untrusted script content | known affected: 6 known not affected: 59 | 2026-07-07T07:57:08+00:00 | Vulnerability · Source |
| CVE-2026-44581 | redhat_vex | next.js: Next.js: Stored Cross-Site Scripting via malformed nonce values in cached responses | known affected: 22 | 2026-07-07T07:57:01+00:00 | Vulnerability · Source |
| CVE-2026-12491 | redhat_vex | vllm: vllm: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations | known affected: 28 | 2026-07-07T07:44:28+00:00 | Vulnerability · Source |
| CVE-2026-44288 | redhat_vex | protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences | known affected: 44 known not affected: 1 | 2026-07-07T06:26:33+00:00 | Vulnerability · Source |
| CVE-2026-45991 | redhat_vex | kernel: udf: fix partition descriptor append bookkeeping | known affected: 232 known not affected: 28 under investigation: 14 | 2026-07-07T06:18:03+00:00 | Vulnerability · Source |
| CVE-2026-54231 | redhat_vex | abrt: unsanitized systemd journal content written to dump directory files enables content injection | known affected: 59 | 2026-07-07T05:17:10+00:00 | Vulnerability · Source |
| CVE-2026-3184 | redhat_vex | util-linux: util-linux: Access control bypass due to improper hostname canonicalization | fixed: 3 known not affected: 56 | 2026-07-07T04:11:59+00:00 | Vulnerability · Source |
| CVE-2025-69277 | redhat_vex | libsodium: pynacl: libsodium: Improper validation of elliptic curve points could lead to data integrity or information disclosure. | fixed: 4 known affected: 211 | 2026-07-07T03:40:58+00:00 | Vulnerability · Source |
| CVE-2025-67873 | redhat_vex | capstone: Capstone: Heap buffer overflow via skipdata callback allows denial of service or arbitrary code execution. | fixed: 238 known not affected: 129 | 2026-07-07T03:40:32+00:00 | Vulnerability · Source |
| CVE-2026-40227 | redhat_vex | systemd: systemd: Denial of Service via malicious IPC API call with null element | fixed: 4 known not affected: 131 | 2026-07-07T02:37:39+00:00 | Vulnerability · Source |
| CVE-2026-26131 | redhat_vex | dotnet: .NET: Privilege escalation via incorrect default permissions | fixed: 1 known affected: 30 known not affected: 124 | 2026-07-07T02:32:12+00:00 | Vulnerability · Source |