VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221830 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-33381 | redhat_vex | grafana: Grafana: Temporary access control bypass for service account token minting | known affected: 27 | 2026-07-02T21:30:24+00:00 | Vulnerability · Source |
| CVE-2026-28383 | redhat_vex | grafana: Grafana: Denial of Service via unbounded memory allocation in plugin resources endpoint | known affected: 25 known not affected: 2 | 2026-07-02T21:30:22+00:00 | Vulnerability · Source |
| CVE-2026-28380 | redhat_vex | grafana: Grafana: Unauthorized snapshot deletion via Broken Access Control in Snapshot API | known affected: 27 | 2026-07-02T21:30:19+00:00 | Vulnerability · Source |
| CVE-2026-9538 | redhat_vex | perl-Archive-Tar: perl-Archive-Tar: Denial of Service via crafted tar header with large entry size | known affected: 10 | 2026-07-02T21:30:09+00:00 | Vulnerability · Source |
| CVE-2026-10275 | redhat_vex | opensc: OpenSC: Buffer overflow in pkcs11-tool Key Generation Module | known affected: 8 | 2026-07-02T21:30:09+00:00 | Vulnerability · Source |
| CVE-2026-39956 | redhat_vex | jq: missing runtime type checks for _strindices lead to crash and limited memory disclosure | fixed: 3 known affected: 14 | 2026-07-02T20:13:13+00:00 | Vulnerability · Source |
| CVE-2026-33947 | redhat_vex | jq: unbounded Recursion in jv_setpath() / jv_getpath() / delpaths_sorted() | fixed: 3 known affected: 14 | 2026-07-02T20:13:05+00:00 | Vulnerability · Source |
| CVE-2026-32316 | redhat_vex | jq: jq: Denial of Service or potential arbitrary code execution due to integer overflow and heap-based buffer overflow | fixed: 3 known affected: 14 | 2026-07-02T20:13:04+00:00 | Vulnerability · Source |
| CVE-2026-21727 | redhat_vex | Grafana: Grafana: Cross-tenant data disclosure and deletion via legacy correlation records | known affected: 24 | 2026-07-02T20:13:04+00:00 | Vulnerability · Source |
| CVE-2026-43496 | redhat_vex | kernel: net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked | known affected: 274 | 2026-07-02T19:46:16+00:00 | Vulnerability · Source |
| CVE-2026-43483 | redhat_vex | kernel: KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated | known affected: 232 known not affected: 42 | 2026-07-02T19:46:13+00:00 | Vulnerability · Source |
| CVE-2026-43477 | redhat_vex | kernel: drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL | known affected: 184 known not affected: 90 | 2026-07-02T19:46:11+00:00 | Vulnerability · Source |
| CVE-2026-43194 | redhat_vex | kernel: net: consume xmit errors of GSO frames | known affected: 274 | 2026-07-02T19:46:07+00:00 | Vulnerability · Source |
| CVE-2026-3633 | redhat_vex | libsoup: libsoup: Header and HTTP request injection via CRLF injection | known affected: 16 | 2026-07-02T19:46:05+00:00 | Vulnerability · Source |
| CVE-2026-3632 | redhat_vex | libsoup: libsoup: HTTP Smuggling and Server-Side Request Forgery via Malformed Hostnames | known affected: 16 | 2026-07-02T19:46:02+00:00 | Vulnerability · Source |
| CVE-2026-43314 | redhat_vex | kernel: dm: remove fake timeout to avoid leak request | known affected: 260 known not affected: 14 | 2026-07-02T19:45:56+00:00 | Vulnerability · Source |
| CVE-2026-43313 | redhat_vex | kernel: ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() | known affected: 260 known not affected: 14 | 2026-07-02T19:45:53+00:00 | Vulnerability · Source |
| CVE-2026-43311 | redhat_vex | kernel: soc/tegra: pmc: Fix unsafe generic_handle_irq() call | known affected: 184 known not affected: 90 | 2026-07-02T19:45:51+00:00 | Vulnerability · Source |
| CVE-2026-43259 | redhat_vex | kernel: phy: fsl-imx8mq-usb: set platform driver data | known affected: 184 known not affected: 90 | 2026-07-02T19:45:48+00:00 | Vulnerability · Source |
| CVE-2026-43092 | redhat_vex | kernel: xsk: validate MTU against usable frame size on bind | known affected: 184 known not affected: 90 | 2026-07-02T19:45:43+00:00 | Vulnerability · Source |
| CVE-2026-56365 | redhat_vex | Magick.NET-Q16-AnyCPU: Magick.NET-Q16-HDRI-AnyCPU: Magick.NET-Q16-HDRI-OpenMP-arm64: Magick.NET-Q16-HDRI-arm64: Magick.NET-Q16-HDRI-x64: Magick.NET-Q16-HDRI-x86: Magick.NET-Q16-OpenMP-arm64: Magick.NET-Q16-OpenMP-x64: Magick.NET-Q16-arm64: Magick.NET-Q16-x64: Magick.NET-Q16-x86: Magick.NET-Q16-HDRI-OpenMP-x64: Magick.NET-Q8-AnyCPU: Magick.NET-Q8-OpenMP-arm64: Magick.NET-Q8-OpenMP-x64: Magick.NET-Q8-arm64: Magick.NET-Q8-x64: Magick.NET-Q8-x86: ImageMagick: Denial of Service due to memory leak in PNG encoder when processing MNG images | known affected: 14 | 2026-07-02T19:45:38+00:00 | Vulnerability · Source |
| CVE-2026-43066 | redhat_vex | kernel: ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths | known affected: 184 known not affected: 90 | 2026-07-02T19:45:38+00:00 | Vulnerability · Source |
| CVE-2026-46063 | redhat_vex | kernel: x86/shstk: Prevent deadlock during shstk sigreturn | known affected: 184 known not affected: 90 | 2026-07-02T19:45:34+00:00 | Vulnerability · Source |
| CVE-2026-31668 | redhat_vex | kernel: seg6: separate dst_cache for input and output paths in seg6 lwtunnel | known affected: 184 known not affected: 90 | 2026-07-02T19:45:33+00:00 | Vulnerability · Source |
| CVE-2026-23261 | redhat_vex | kernel: nvme-fc: release admin tagset if init fails | known affected: 260 known not affected: 14 | 2026-07-02T19:45:29+00:00 | Vulnerability · Source |
| CVE-2026-22735 | redhat_vex | org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events | known affected: 36 | 2026-07-02T19:43:13+00:00 | Vulnerability · Source |
| CVE-2025-71117 | redhat_vex | kernel: Linux kernel: Denial of Service via deadlock in block layer sysfs store callbacks | fixed: 309 known affected: 108 known not affected: 90 | 2026-07-02T19:43:11+00:00 | Vulnerability · Source |
| CVE-2026-1703 | redhat_vex | pip: pip: Information disclosure via path traversal when installing crafted wheel archives | fixed: 2 known affected: 113 | 2026-07-02T19:43:11+00:00 | Vulnerability · Source |
| CVE-2026-42268 | redhat_vex | mod_security: ModSecurity: Denial of Service via unsigned integer underflow in rule verification functions | known affected: 6 | 2026-07-02T19:42:58+00:00 | Vulnerability · Source |
| CVE-2026-43459 | redhat_vex | kernel: ASoC: soc-core: flush delayed work before removing DAIs and widgets | known affected: 232 known not affected: 42 | 2026-07-02T19:42:39+00:00 | Vulnerability · Source |
| CVE-2026-43452 | redhat_vex | kernel: netfilter: x_tables: guard option walkers against 1-byte tail reads | known affected: 274 | 2026-07-02T19:42:36+00:00 | Vulnerability · Source |
| CVE-2026-43407 | redhat_vex | kernel: libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() | known affected: 260 known not affected: 14 | 2026-07-02T19:42:34+00:00 | Vulnerability · Source |
| CVE-2026-42946 | redhat_vex | nginx: ngx_http_scgi_module: ngx_http_uwsgi_module: information disclosure and denial of service | known affected: 55 known not affected: 1 | 2026-07-02T19:42:32+00:00 | Vulnerability · Source |
| CVE-2026-28386 | redhat_vex | openssl: openssl: Denial of Service due to out-of-bounds read in AES-CFB128 | fixed: 3 known affected: 36 known not affected: 32 | 2026-07-02T19:42:30+00:00 | Vulnerability · Source |
| CVE-2026-40016 | redhat_vex | dovecot: Dovecot: Denial of Service due to Sieve script CPU limit bypass | known affected: 24 | 2026-07-02T19:38:04+00:00 | Vulnerability · Source |
| CVE-2026-33227 | redhat_vex | org.apache.activemq/activemq-client: org.apache.activemq/activemq-broker: org.apache.activemq/activemq-all: org.apache.activemq/activemq-web: improper limitation of a pathname to a restricted classpath directory | known affected: 22 | 2026-07-02T19:37:55+00:00 | Vulnerability · Source |
| CVE-2026-31523 | redhat_vex | kernel: nvme-pci: ensure we're polling a polled queue | known affected: 260 known not affected: 14 | 2026-07-02T19:37:54+00:00 | Vulnerability · Source |
| CVE-2026-31435 | redhat_vex | kernel: netfs: Fix read abandonment during retry | known affected: 260 known not affected: 14 | 2026-07-02T19:37:52+00:00 | Vulnerability · Source |
| CVE-2025-64118 | redhat_vex | node-tar: tar: node-tar: Information disclosure via reading a truncated tar file | known affected: 172 | 2026-07-02T19:37:49+00:00 | Vulnerability · Source |
| CVE-2026-43894 | redhat_vex | jq: jq: Arbitrary Code Execution or Denial of Service via Signed Integer Overflow | fixed: 3 known affected: 14 | 2026-07-02T19:37:45+00:00 | Vulnerability · Source |
| CVE-2026-43472 | redhat_vex | kernel: unshare: fix unshare_fs() handling | known affected: 274 | 2026-07-02T19:37:43+00:00 | Vulnerability · Source |
| CVE-2026-43468 | redhat_vex | kernel: net/mlx5: Fix deadlock between devlink lock and esw->wq | known affected: 246 known not affected: 28 | 2026-07-02T19:37:41+00:00 | Vulnerability · Source |
| CVE-2026-43429 | redhat_vex | kernel: USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts | known affected: 274 | 2026-07-02T19:37:38+00:00 | Vulnerability · Source |
| CVE-2026-43351 | redhat_vex | kernel: KVM: arm64: Eagerly init vgic dist/redist on vgic creation | known affected: 184 known not affected: 90 | 2026-07-02T19:37:33+00:00 | Vulnerability · Source |
| CVE-2026-43346 | redhat_vex | kernel: ice: ptp: don't WARN when controlling PF is unavailable | known affected: 184 known not affected: 90 | 2026-07-02T19:37:31+00:00 | Vulnerability · Source |
| CVE-2026-43292 | redhat_vex | kernel: mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node | known affected: 274 | 2026-07-02T19:37:29+00:00 | Vulnerability · Source |
| CVE-2026-43325 | redhat_vex | kernel: wifi: iwlwifi: mvm: don't send a 6E related command when not supported | known affected: 184 known not affected: 90 | 2026-07-02T19:37:28+00:00 | Vulnerability · Source |
| CVE-2026-43296 | redhat_vex | kernel: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky | known affected: 184 known not affected: 90 | 2026-07-02T19:37:26+00:00 | Vulnerability · Source |
| CVE-2026-43278 | redhat_vex | kernel: dm: clear cloned request bio pointer when last clone bio completes | known affected: 260 known not affected: 14 | 2026-07-02T19:37:21+00:00 | Vulnerability · Source |
| CVE-2026-43261 | redhat_vex | kernel: arm64: Add support for TSV110 Spectre-BHB mitigation | known affected: 184 known not affected: 90 | 2026-07-02T19:37:20+00:00 | Vulnerability · Source |