VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221666 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-57216 | microsoft_vex | RabbitMQ: AMQP 1.0, AMQP 0-9-1, Stream Protocol loopback enforcement can lead to remote guest sessions due to listener-address loopback checks | known affected: 1 | 2026-07-15T01:02:45+00:00 | Vulnerability · Source |
| CVE-2026-57213 | microsoft_vex | RabbitMQ: Stored XSS federation management plugin via unsanitized consumer_tag rendering | known affected: 1 | 2026-07-15T01:02:32+00:00 | Vulnerability · Source |
| CVE-2026-57217 | microsoft_vex | RabbitMQ: Topic authorization can lead to cross-tenant routing-key bypass | known affected: 1 | 2026-07-15T01:02:26+00:00 | Vulnerability · Source |
| CVE-2026-57220 | microsoft_vex | RabbitMQ: Stream listener does not enforce configured frame-size limit during authentication, permitting unauth'd mem-exhaust DoS | known affected: 1 | 2026-07-15T01:02:20+00:00 | Vulnerability · Source |
| CVE-2026-57219 | microsoft_vex | RabbitMQ: Unauthenticated disclosure of OAuth client credentials via an HTTP API endpoint with certain less common OAuth 2 configurations | known affected: 1 | 2026-07-15T01:02:14+00:00 | Vulnerability · Source |
| CVE-2026-59831 | microsoft_vex | GitHub CLI `gh codespace jupyter` could allow remote code execution when connecting to a malicious Codespace | known affected: 1 | 2026-07-15T01:02:07+00:00 | Vulnerability · Source |
| CVE-2026-59875 | microsoft_vex | node-tar: Uncaught Exception DoS via NUL byte in PAX path/linkpath records | known affected: 1 | 2026-07-15T01:01:52+00:00 | Vulnerability · Source |
| CVE-2026-42505 | microsoft_vex | Invoking Encrypted Client Hello privacy leak in crypto/tls | known affected: 2 | 2026-07-15T01:01:45+00:00 | Vulnerability · Source |
| CVE-2026-39822 | microsoft_vex | Root escape via symlink plus trailing slash in os | known affected: 2 | 2026-07-15T01:01:36+00:00 | Vulnerability · Source |
| CVE-2026-13221 | microsoft_vex | Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk | fixed: 1 known affected: 1 | 2026-07-15T01:01:27+00:00 | Vulnerability · Source |
| CVE-2026-57432 | microsoft_vex | Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack | fixed: 1 known affected: 1 | 2026-07-15T01:01:20+00:00 | Vulnerability · Source |
| CVE-2026-44431 | redhat_vex | urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers | fixed: 90 known affected: 142 known not affected: 505 | 2026-07-15T00:41:30+00:00 | Vulnerability · Source |
| CVE-2024-22047 | redhat_vex | audited: race condition can lead to audit logs being incorrectly attributed to the wrong user | fixed: 2 known not affected: 1862 | 2026-07-15T00:08:17+00:00 | Vulnerability · Source |
| CVE-2026-60103 | redhat_vex | blender: Blender: Denial of Service and information disclosure via crafted .blend file | known not affected: 1 | 2026-07-15T00:07:46+00:00 | Vulnerability · Source |
| CVE-2026-28390 | redhat_vex | openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing | fixed: 301 known affected: 307 known not affected: 283 under investigation: 7 | 2026-07-15T00:07:03+00:00 | Vulnerability · Source |
| CVE-2026-34980 | redhat_vex | cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network | fixed: 19 known affected: 15 known not affected: 261 | 2026-07-15T00:06:57+00:00 | Vulnerability · Source |
| CVE-2026-48914 | redhat_vex | qemu-kvm: Heap buffer overflow in virtio-blk SCSI request handling | fixed: 116 known affected: 59 | 2026-07-15T00:06:50+00:00 | Vulnerability · Source |
| CVE-2026-39246 | redhat_vex | decompress: decompress: arbitrary symlink creation during archive extraction leads to information disclosure | known affected: 4 | 2026-07-15T00:00:53+00:00 | Vulnerability · Source |
| CVE-2026-48523 | redhat_vex | python-pyjwt: PyJWT: Verifier-side algorithm bypass leads to unauthorized information access | fixed: 4 known affected: 179 known not affected: 18 | 2026-07-14T23:54:34+00:00 | Vulnerability · Source |
| CVE-2026-53550 | redhat_vex | js-yaml: js-yaml: Denial of Service via crafted YAML merge keys | fixed: 4 known affected: 138 known not affected: 50 | 2026-07-14T23:54:34+00:00 | Vulnerability · Source |
| CVE-2026-6637 | redhat_vex | postgresql: PostgreSQL: Arbitrary code execution vulnerability in 'refint' module | fixed: 559 known affected: 111 known not affected: 75 | 2026-07-14T23:41:18+00:00 | Vulnerability · Source |
| CVE-2026-6479 | redhat_vex | postgresql: PostgreSQL: Denial of Service via uncontrolled recursion in SSL/GSS negotiation | fixed: 306 known affected: 49 known not affected: 137 | 2026-07-14T23:41:15+00:00 | Vulnerability · Source |
| CVE-2026-45822 | redhat_vex | decode-uri-component: decode-uri-component: Denial of Service via crafted input | known affected: 13 known not affected: 30 | 2026-07-14T22:56:53+00:00 | Vulnerability · Source |
| CVE-2026-53016 | redhat_vex | kernel: crypto: ccp - copy IV using skcipher ivsize | fixed: 612 known affected: 70 known not affected: 42 | 2026-07-14T22:23:01+00:00 | Vulnerability · Source |
| CVE-2026-56117 | redhat_vex | dhcpcd: dhcpcd: Local heap use-after-free vulnerability leads to denial of service. | known affected: 1 | 2026-07-14T22:10:45+00:00 | Vulnerability · Source |
| CVE-2026-56113 | redhat_vex | dhcpcd: dhcpcd: Denial of Service via crafted DHCPv6 RENEW reply | known affected: 1 | 2026-07-14T22:05:55+00:00 | Vulnerability · Source |
| CVE-2026-56114 | redhat_vex | dhcpcd: dhcpcd: Denial of Service due to stack out-of-bounds write via crafted DHCPv6 message | known affected: 1 | 2026-07-14T22:05:53+00:00 | Vulnerability · Source |
| CVE-2026-47099 | redhat_vex | telejson: TeleJSON: Arbitrary code execution via DOM-based cross-site scripting | known affected: 5 | 2026-07-14T22:05:52+00:00 | Vulnerability · Source |
| CVE-2026-48864 | redhat_vex | libsolv: Heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data | fixed: 326 known affected: 11 known not affected: 1 | 2026-07-14T21:36:10+00:00 | Vulnerability · Source |
| CVE-2025-6170 | redhat_vex | libxml2: Stack Buffer Overflow in xmllint Interactive Shell Command Handling | fixed: 146 known affected: 12 | 2026-07-14T21:21:37+00:00 | Vulnerability · Source |
| CVE-2026-39882 | redhat_vex | github.com/open-telemetry/opentelemetry-go: golang: OpenTelemetry-Go: Memory exhaustion via uncapped HTTP response body reading | fixed: 4 known not affected: 120 under investigation: 1 | 2026-07-14T21:20:45+00:00 | Vulnerability · Source |
| CVE-2026-14683 | redhat_vex | HdrHistogram: HdrHistogram: Denial of Service via uncontrolled memory allocation | known affected: 7 known not affected: 9 | 2026-07-14T20:55:54+00:00 | Vulnerability · Source |
| CVE-2025-68114 | redhat_vex | capstone: Capstone: Memory corruption via unchecked vsnprintf return | fixed: 276 known not affected: 129 | 2026-07-14T20:55:13+00:00 | Vulnerability · Source |
| CVE-2026-56115 | redhat_vex | dhcpcd: dhcpcd: Denial of Service via crafted DHCPv6 ADVERTISE message | known affected: 1 | 2026-07-14T20:51:26+00:00 | Vulnerability · Source |
| CVE-2026-44546 | redhat_vex | daphne: daphne: Information disclosure via header injection due to parser differential | known affected: 8 | 2026-07-14T20:51:24+00:00 | Vulnerability · Source |
| CVE-2026-54516 | redhat_vex | jackson-databind: jackson-databind: Security bypass due to improper handling of renamed properties | known affected: 64 known not affected: 38 | 2026-07-14T20:51:23+00:00 | Vulnerability · Source |
| CVE-2026-54515 | redhat_vex | jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified | known affected: 101 known not affected: 1 | 2026-07-14T20:51:20+00:00 | Vulnerability · Source |
| CVE-2026-54517 | redhat_vex | jackson-databind: jackson-databind: Information disclosure via improper JsonView filter application | known affected: 89 known not affected: 13 | 2026-07-14T20:51:19+00:00 | Vulnerability · Source |
| CVE-2026-50292 | redhat_vex | libinput: local privilege escalation via crafted uinput devices | fixed: 45 known affected: 11 | 2026-07-14T20:51:15+00:00 | Vulnerability · Source |
| CVE-2026-53362 | redhat_vex | kernel: kernel: ipv6 frag escape | fixed: 663 known not affected: 198 | 2026-07-14T20:49:17+00:00 | Vulnerability · Source |
| CVE-2026-59869 | redhat_vex | js-yaml: js-yaml: Denial of Service via crafted YAML documents | fixed: 15 known affected: 69 known not affected: 4 under investigation: 122 | 2026-07-14T20:41:38+00:00 | Vulnerability · Source |
| CVE-2026-52965 | redhat_vex | kernel: drm/ttm: Fix ttm_bo_swapout() infinite LRU walk on swapout failure | known affected: 184 known not affected: 90 | 2026-07-14T20:35:59+00:00 | Vulnerability · Source |
| CVE-2026-52966 | redhat_vex | kernel: drm: Replace old pointer to new idr | known affected: 274 | 2026-07-14T20:35:55+00:00 | Vulnerability · Source |
| CVE-2026-52968 | redhat_vex | kernel: KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic | known affected: 232 known not affected: 28 under investigation: 14 | 2026-07-14T20:35:54+00:00 | Vulnerability · Source |
| CVE-2026-53001 | redhat_vex | kernel: netfilter: xtables: restrict several matches to inet family | known affected: 274 | 2026-07-14T20:20:43+00:00 | Vulnerability · Source |
| CVE-2026-53004 | redhat_vex | kernel: sctp: fix OOB write to userspace in sctp_getsockopt_peer_auth_chunks | known affected: 274 | 2026-07-14T20:20:42+00:00 | Vulnerability · Source |
| CVE-2026-14685 | redhat_vex | HdrHistogram: HdrHistogram: Local state issue via 'Count' argument manipulation | known affected: 7 known not affected: 9 | 2026-07-14T20:10:51+00:00 | Vulnerability · Source |
| CVE-2026-48068 | redhat_vex | grpc-js: @grpc/grpc-js: Server crash via malformed HTTP/2 stream initiation | known affected: 5 | 2026-07-14T20:10:47+00:00 | Vulnerability · Source |
| CVE-2026-48038 | redhat_vex | joi: joi: Denial of Service via uncaught RangeError on deeply nested input through recursive link() schemas | known affected: 6 known not affected: 2 | 2026-07-14T20:10:44+00:00 | Vulnerability · Source |
| CVE-2026-44918 | redhat_vex | openstack-ironic: Prevent rehoming resources to nodes with different owner | known affected: 10 known not affected: 4 | 2026-07-14T20:10:42+00:00 | Vulnerability · Source |