VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221769 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2024-9341 redhat_vex Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library fixed: 535 known affected: 4 known not affected: 2798 2026-07-07T14:24:52+00:00 Vulnerability · Source
CVE-2026-46181 redhat_vex kernel: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() fixed: 1457 known affected: 33 known not affected: 76 under investigation: 14 2026-07-07T14:15:12+00:00 Vulnerability · Source
CVE-2026-44420 redhat_vex freerdp: FreeRDP: Arbitrary code execution and denial of service via heap-buffer-overflow fixed: 65 known affected: 24 2026-07-07T14:14:37+00:00 Vulnerability · Source
CVE-2026-41516 redhat_vex OP-TEE: OP-TEE: Information disclosure via Bleichenbacher-style padding oracle in RSA PKCS#1 v1.5 decryption known not affected: 1 2026-07-07T13:46:43+00:00 Vulnerability · Source
CVE-2026-42778 redhat_vex Apache MINA: deserialization of untrusted data (incomplete fix for CVE-2026-41409) known affected: 5 known not affected: 22 2026-07-07T13:32:53+00:00 Vulnerability · Source
CVE-2026-41409 redhat_vex Apache MINA: Apache MINA: Arbitrary code execution via incomplete deserialization fix known affected: 8 known not affected: 19 2026-07-07T13:32:52+00:00 Vulnerability · Source
CVE-2026-46303 redhat_vex kernel: isofs: validate Rock Ridge CE continuation extent against volume size known affected: 76 known not affected: 198 2026-07-07T13:12:10+00:00 Vulnerability · Source
CVE-2026-46323 redhat_vex kernel: Linux kernel: Use-After-Free in net/gro due to improper handling of zerocopy skbs fixed: 1148 known affected: 78 known not affected: 112 2026-07-07T13:02:41+00:00 Vulnerability · Source
CVE-2026-41515 redhat_vex optee_os: OP-TEE: Information disclosure via padding oracle in RSA-OAEP decryption known not affected: 1 2026-07-07T12:43:08+00:00 Vulnerability · Source
CVE-2026-41434 redhat_vex OP-TEE: OP-TEE: Denial of Service via unbounded recursion in PKCS#11 TA known not affected: 1 2026-07-07T12:43:07+00:00 Vulnerability · Source
CVE-2026-42546 redhat_vex OP-TEE: OP-TEE: Denial of Service due to resource leak in shared memory cleanup known not affected: 1 2026-07-07T12:43:07+00:00 Vulnerability · Source
CVE-2026-53763 redhat_vex OP-TEE: OP-TEE: Data integrity compromise due to integer overflow in AES-GCM known not affected: 1 2026-07-07T12:42:17+00:00 Vulnerability · Source
CVE-2026-44362 redhat_vex optee: OP-TEE: Subkey rollback protection bypass allows loading of unauthorized Trusted Applications known not affected: 1 2026-07-07T12:42:14+00:00 Vulnerability · Source
CVE-2026-41514 redhat_vex optee: OP-TEE: Information disclosure via padding oracle in RSA-OAEP decryption known not affected: 1 2026-07-07T12:42:12+00:00 Vulnerability · Source
CVE-2026-40257 redhat_vex optee: OP-TEE: Memory corruption due to heap overflow in ARM Crypto Extensions SHA-3 implementation known not affected: 1 2026-07-07T12:42:03+00:00 Vulnerability · Source
CVE-2025-49795 redhat_vex libxml: Null pointer dereference leads to Denial of service (DoS) fixed: 57 known affected: 5 known not affected: 13 2026-07-07T12:21:30+00:00 Vulnerability · Source
CVE-2026-48936 redhat_vex nodejs: Node.js: Local server can be started without network permission via Permission API flaw fixed: 20 known affected: 40 2026-07-07T12:06:41+00:00 Vulnerability · Source
CVE-2026-55686 redhat_vex github.com/containers/podman: Podman: Host filesystem modification via malicious container image WORKDIR symlink fixed: 4 known affected: 37 2026-07-07T12:04:57+00:00 Vulnerability · Source
CVE-2026-30923 redhat_vex libModSecurity3: ModSecurity: ModSecurity: Denial of Service via crafted query string parameter in t:hexDecode transformation known not affected: 8 2026-07-07T11:48:27+00:00 Vulnerability · Source
CVE-2026-44283 redhat_vex etcd: etcd: Authenticated user can bypass RBAC for unauthorized data access known affected: 3 under investigation: 4 2026-07-07T11:42:22+00:00 Vulnerability · Source
CVE-2026-41293 redhat_vex tomcat-coyote: Apache Tomcat: HTTP/2 request headers not validated known affected: 66 known not affected: 2 under investigation: 14 2026-07-07T11:42:21+00:00 Vulnerability · Source
CVE-2026-54902 redhat_vex Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback known not affected: 1 2026-07-07T11:33:11+00:00 Vulnerability · Source
CVE-2026-54901 redhat_vex Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking known not affected: 1 2026-07-07T11:33:09+00:00 Vulnerability · Source
CVE-2026-54502 redhat_vex Oj: Stack Buffer Overflow in Oj.dump via Large Indent known not affected: 1 2026-07-07T11:33:08+00:00 Vulnerability · Source
CVE-2026-8450 redhat_vex perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in send_file() fixed: 6 known affected: 1 2026-07-07T11:25:14+00:00 Vulnerability · Source
CVE-2026-14476 redhat_vex sssd: sssd: GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication bypass known affected: 163 2026-07-07T11:09:15+00:00 Vulnerability · Source
CVE-2026-14474 redhat_vex sssd: sssd: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation known affected: 163 2026-07-07T11:09:08+00:00 Vulnerability · Source
CVE-2026-54500 redhat_vex oj: Oj: Information disclosure via uninitialized stack memory read known not affected: 1 2026-07-07T10:34:59+00:00 Vulnerability · Source
CVE-2026-54898 redhat_vex oj: Oj: Denial of Service via input string mutation during JSON parsing known not affected: 1 2026-07-07T10:34:55+00:00 Vulnerability · Source
CVE-2026-54900 redhat_vex oj: Oj: Heap corruption via crafted JSON object key known not affected: 1 2026-07-07T10:34:07+00:00 Vulnerability · Source
CVE-2026-54592 redhat_vex oj: Oj: Denial of Service via deeply nested JSON input known not affected: 1 2026-07-07T10:34:01+00:00 Vulnerability · Source
CVE-2026-54903 redhat_vex oj: Oj: Heap corruption and Denial of Service via integer overflow in JSON parsing known not affected: 1 2026-07-07T10:34:00+00:00 Vulnerability · Source
CVE-2026-54897 redhat_vex oj: Oj: Use-After-Free in Oj::Doc Iterators via reentrant close known not affected: 1 2026-07-07T10:32:36+00:00 Vulnerability · Source
CVE-2026-54896 redhat_vex oj: Oj: Heap buffer overflow in exception serialization known not affected: 1 2026-07-07T10:32:29+00:00 Vulnerability · Source
CVE-2026-54899 redhat_vex oj: Oj: Use-After-Free in parser symbol key cache toggle known not affected: 1 2026-07-07T10:27:12+00:00 Vulnerability · Source
CVE-2022-36033 redhat_vex jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled fixed: 136 known affected: 25 known not affected: 12 2026-07-07T09:58:51+00:00 Vulnerability · Source
CVE-2021-22573 redhat_vex google-oauth-client: Token signature not verified fixed: 4 known affected: 7 known not affected: 8 2026-07-07T09:23:35+00:00 Vulnerability · Source
CVE-2026-53094 redhat_vex kernel: bpf: Fix stale offload->prog pointer after constant blinding known affected: 184 known not affected: 90 2026-07-07T08:50:32+00:00 Vulnerability · Source
CVE-2026-41240 redhat_vex DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization fixed: 49 known affected: 19 known not affected: 386 2026-07-07T07:59:56+00:00 Vulnerability · Source
CVE-2026-44580 redhat_vex next.js: Next.js: Cross-site scripting allows arbitrary code execution via untrusted script content known affected: 6 known not affected: 59 2026-07-07T07:57:08+00:00 Vulnerability · Source
CVE-2026-44581 redhat_vex next.js: Next.js: Stored Cross-Site Scripting via malformed nonce values in cached responses known affected: 22 2026-07-07T07:57:01+00:00 Vulnerability · Source
CVE-2026-12491 redhat_vex vllm: vllm: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations known affected: 28 2026-07-07T07:44:28+00:00 Vulnerability · Source
CVE-2026-44288 redhat_vex protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences known affected: 44 known not affected: 1 2026-07-07T06:26:33+00:00 Vulnerability · Source
CVE-2026-45991 redhat_vex kernel: udf: fix partition descriptor append bookkeeping known affected: 232 known not affected: 28 under investigation: 14 2026-07-07T06:18:03+00:00 Vulnerability · Source
CVE-2026-54231 redhat_vex abrt: unsanitized systemd journal content written to dump directory files enables content injection known affected: 59 2026-07-07T05:17:10+00:00 Vulnerability · Source
CVE-2026-3184 redhat_vex util-linux: util-linux: Access control bypass due to improper hostname canonicalization fixed: 3 known not affected: 56 2026-07-07T04:11:59+00:00 Vulnerability · Source
CVE-2025-69277 redhat_vex libsodium: pynacl: libsodium: Improper validation of elliptic curve points could lead to data integrity or information disclosure. fixed: 4 known affected: 211 2026-07-07T03:40:58+00:00 Vulnerability · Source
CVE-2025-67873 redhat_vex capstone: Capstone: Heap buffer overflow via skipdata callback allows denial of service or arbitrary code execution. fixed: 238 known not affected: 129 2026-07-07T03:40:32+00:00 Vulnerability · Source
CVE-2026-40227 redhat_vex systemd: systemd: Denial of Service via malicious IPC API call with null element fixed: 4 known not affected: 131 2026-07-07T02:37:39+00:00 Vulnerability · Source
CVE-2026-26131 redhat_vex dotnet: .NET: Privilege escalation via incorrect default permissions fixed: 1 known affected: 30 known not affected: 124 2026-07-07T02:32:12+00:00 Vulnerability · Source