VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221830 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-43171 | redhat_vex | kernel: EFI/CPER: don't dump the entire memory region | known affected: 260 known not affected: 14 | 2026-07-02T19:37:18+00:00 | Vulnerability · Source |
| CVE-2026-43170 | redhat_vex | kernel: usb: dwc3: gadget: Move vbus draw to workqueue context | known affected: 184 known not affected: 90 | 2026-07-02T19:37:16+00:00 | Vulnerability · Source |
| CVE-2026-43169 | redhat_vex | kernel: drm/buddy: Prevent BUG_ON by validating rounded allocation | known affected: 184 known not affected: 90 | 2026-07-02T19:37:14+00:00 | Vulnerability · Source |
| CVE-2026-43059 | redhat_vex | kernel: Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers | known affected: 184 known not affected: 90 | 2026-07-02T19:37:14+00:00 | Vulnerability · Source |
| CVE-2026-43089 | redhat_vex | kernel: xfrm_user: fix info leak in build_mapping() | known affected: 274 | 2026-07-02T19:37:11+00:00 | Vulnerability · Source |
| CVE-2026-40701 | redhat_vex | nginx: ngx_http_ssl_module: data corruption and denial of service | known affected: 55 known not affected: 1 | 2026-07-02T19:34:36+00:00 | Vulnerability · Source |
| CVE-2026-40460 | redhat_vex | nginx: NGINX: Authorization bypass via IP spoofing in HTTP/3 QUIC module | fixed: 4 known affected: 54 | 2026-07-02T19:34:33+00:00 | Vulnerability · Source |
| CVE-2026-7168 | redhat_vex | curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse | fixed: 3 known affected: 25 | 2026-07-02T19:34:33+00:00 | Vulnerability · Source |
| CVE-2026-5766 | redhat_vex | django: Django: Service degradation via understated Content-Length header in ASGI requests | known affected: 39 | 2026-07-02T19:34:30+00:00 | Vulnerability · Source |
| CVE-2026-54411 | redhat_vex | linux-pam: Plaintext password recovery via timing discrepancy in pam_userdb module | fixed: 4 known affected: 18 | 2026-07-02T19:33:10+00:00 | Vulnerability · Source |
| CVE-2026-2340 | redhat_vex | samba: vfs_worm does not block directory modification | fixed: 3903 known affected: 59 | 2026-07-02T19:30:32+00:00 | Vulnerability · Source |
| CVE-2025-47910 | redhat_vex | net/http: CrossOriginProtection bypass in net/http | fixed: 8 known affected: 341 | 2026-07-02T19:22:37+00:00 | Vulnerability · Source |
| CVE-2025-22873 | redhat_vex | os: os: Information disclosure via path traversal using specially crafted filenames | fixed: 8 known affected: 245 | 2026-07-02T19:22:36+00:00 | Vulnerability · Source |
| CVE-2025-14505 | redhat_vex | elliptic: Key handling flaws in Elliptic | known affected: 62 | 2026-07-02T19:22:34+00:00 | Vulnerability · Source |
| CVE-2026-43084 | redhat_vex | kernel: netfilter: nfnetlink_queue: make hash table per queue | known affected: 246 known not affected: 28 | 2026-07-02T19:17:42+00:00 | Vulnerability · Source |
| CVE-2026-40974 | redhat_vex | Spring Boot: Cassandra: Spring Boot: Security bypass in Cassandra SSL connections | known affected: 21 | 2026-07-02T19:17:36+00:00 | Vulnerability · Source |
| CVE-2026-40971 | redhat_vex | Spring Boot: Spring Boot: Information disclosure and data tampering via missing hostname verification | known affected: 21 | 2026-07-02T19:17:34+00:00 | Vulnerability · Source |
| CVE-2026-40970 | redhat_vex | Spring Boot: Spring Boot: Missing hostname verification in Elasticsearch auto-configuration allows information disclosure | known affected: 21 | 2026-07-02T19:17:34+00:00 | Vulnerability · Source |
| CVE-2026-40186 | redhat_vex | sanitize-html: ApostropheCMS: sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements | known affected: 14 | 2026-07-02T19:17:29+00:00 | Vulnerability · Source |
| CVE-2026-34230 | redhat_vex | rack: Rack: Denial of Service via crafted Accept-Encoding header | known affected: 50 | 2026-07-02T19:17:24+00:00 | Vulnerability · Source |
| CVE-2026-32288 | redhat_vex | archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive | fixed: 8 known affected: 259 | 2026-07-02T19:17:19+00:00 | Vulnerability · Source |
| CVE-2026-31682 | redhat_vex | kernel: bridge: br_nd_send: linearize skb before parsing ND options | known affected: 260 known not affected: 14 | 2026-07-02T19:17:18+00:00 | Vulnerability · Source |
| CVE-2026-31676 | redhat_vex | kernel: rxrpc: only handle RESPONSE during service challenge | known affected: 260 known not affected: 14 | 2026-07-02T19:17:14+00:00 | Vulnerability · Source |
| CVE-2026-48090 | redhat_vex | envoy: Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk) | known not affected: 2 | 2026-07-02T19:16:58+00:00 | Vulnerability · Source |
| CVE-2026-47692 | redhat_vex | envoy: Envoy: PROXY Protocol v2 header generator emits "skipped" TLVs, causing 65 KB attacker-controlled spillover into the upstream application stream | known affected: 2 | 2026-07-02T19:16:53+00:00 | Vulnerability · Source |
| CVE-2026-47205 | redhat_vex | envoy: Envoy: ext_authz Use-After-Free during Stream Teardown with Per-Route Overrides | known not affected: 2 | 2026-07-02T19:16:49+00:00 | Vulnerability · Source |
| CVE-2026-46102 | redhat_vex | kernel: net: strparser: fix skb_head leak in strp_abort_strp() | known affected: 232 known not affected: 42 | 2026-07-02T19:16:43+00:00 | Vulnerability · Source |
| CVE-2026-46079 | redhat_vex | kernel: rbd: fix null-ptr-deref when device_add_disk() fails | known affected: 184 known not affected: 90 | 2026-07-02T19:16:41+00:00 | Vulnerability · Source |
| CVE-2026-46078 | redhat_vex | kernel: erofs: fix the out-of-bounds nameoff handling for trailing dirents | known affected: 184 known not affected: 90 | 2026-07-02T19:16:38+00:00 | Vulnerability · Source |
| CVE-2026-46070 | redhat_vex | kernel: md/raid5: validate payload size before accessing journal metadata | known affected: 260 known not affected: 14 | 2026-07-02T19:16:36+00:00 | Vulnerability · Source |
| CVE-2026-46065 | redhat_vex | kernel: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info | known affected: 232 known not affected: 42 | 2026-07-02T19:16:31+00:00 | Vulnerability · Source |
| CVE-2026-45130 | redhat_vex | vim: Vim: Heap buffer overflow allows arbitrary code execution or denial of service | known affected: 33 | 2026-07-02T19:16:30+00:00 | Vulnerability · Source |
| CVE-2026-43427 | redhat_vex | kernel: usb: class: cdc-wdm: fix reordering issue in read code path | known affected: 274 | 2026-07-02T19:16:28+00:00 | Vulnerability · Source |
| CVE-2026-31666 | redhat_vex | kernel: btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref() | known affected: 260 known not affected: 14 | 2026-07-02T19:11:11+00:00 | Vulnerability · Source |
| CVE-2026-24137 | redhat_vex | github.com/sigstore/sigstore: sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal | known affected: 170 | 2026-07-02T19:11:09+00:00 | Vulnerability · Source |
| CVE-2026-23276 | redhat_vex | kernel: net: add xmit recursion limit to tunnel xmit functions | known affected: 274 | 2026-07-02T19:11:02+00:00 | Vulnerability · Source |
| CVE-2026-23262 | redhat_vex | kernel: gve: Fix stats report corruption on queue count change | known affected: 232 known not affected: 42 | 2026-07-02T19:10:58+00:00 | Vulnerability · Source |
| CVE-2026-22737 | redhat_vex | Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views | known affected: 36 | 2026-07-02T19:10:49+00:00 | Vulnerability · Source |
| CVE-2026-11769 | redhat_vex | grafana-operator: Grafana Operator: Privilege escalation and information disclosure via path traversal in jsonnet templating. | known not affected: 4 | 2026-07-02T19:10:45+00:00 | Vulnerability · Source |
| CVE-2025-71273 | redhat_vex | kernel: wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() | known affected: 260 known not affected: 14 | 2026-07-02T19:10:39+00:00 | Vulnerability · Source |
| CVE-2025-68471 | redhat_vex | avahi: Avahi: Denial of Service via unsolicited CNAME announcements | fixed: 3 known affected: 89 | 2026-07-02T19:10:20+00:00 | Vulnerability · Source |
| CVE-2025-61730 | redhat_vex | crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls | fixed: 8 known affected: 208 | 2026-07-02T19:10:19+00:00 | Vulnerability · Source |
| CVE-2025-61723 | redhat_vex | encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem | fixed: 8 known affected: 355 | 2026-07-02T19:10:15+00:00 | Vulnerability · Source |
| CVE-2025-61725 | redhat_vex | net/mail: Excessive CPU consumption in ParseAddress in net/mail | fixed: 8 known affected: 240 | 2026-07-02T19:10:11+00:00 | Vulnerability · Source |
| CVE-2025-61594 | redhat_vex | uri: URI module: Credential exposure via URI + operator | fixed: 384 known affected: 11 | 2026-07-02T19:10:06+00:00 | Vulnerability · Source |
| CVE-2025-58189 | redhat_vex | crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information | fixed: 8 known affected: 355 | 2026-07-02T19:10:05+00:00 | Vulnerability · Source |
| CVE-2025-58185 | redhat_vex | encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 | fixed: 8 known affected: 366 | 2026-07-02T19:10:04+00:00 | Vulnerability · Source |
| CVE-2026-4408 | redhat_vex | samba: Remote Code Execution in SAMR | fixed: 4194 known affected: 29 | 2026-07-02T19:05:52+00:00 | Vulnerability · Source |
| CVE-2026-3012 | redhat_vex | samba: group policy certificate enrollment uses http:// without validation | fixed: 3903 known affected: 59 | 2026-07-02T19:05:44+00:00 | Vulnerability · Source |
| CVE-2026-1933 | redhat_vex | samba: Missing access check on reparse point operations | fixed: 3903 known affected: 59 | 2026-07-02T19:05:40+00:00 | Vulnerability · Source |