VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

222198 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-46635 redhat_vex twig/twig: Twig: Information disclosure via column filter in template language known not affected: 1 2026-07-15T12:49:31+00:00 Vulnerability · Source
CVE-2026-47730 redhat_vex twig/twig: Twig: Cross-site Scripting (XSS) vulnerability in HTML profiler dump known not affected: 1 2026-07-15T12:49:30+00:00 Vulnerability · Source
CVE-2026-48808 redhat_vex twig/twig: Twig: Information Disclosure via Sandbox Bypass in Column Filter known not affected: 1 2026-07-15T12:49:30+00:00 Vulnerability · Source
CVE-2026-48805 redhat_vex twig/twig: Twig: Sandbox bypass vulnerability via deprecated internal wrappers known not affected: 1 2026-07-15T12:49:28+00:00 Vulnerability · Source
CVE-2026-40683 redhat_vex OpenStack Keystone: OpenStack Keystone: Unauthorized access due to incorrect LDAP user status handling fixed: 3 known affected: 8 known not affected: 1 2026-07-15T12:48:59+00:00 Vulnerability · Source
CVE-2022-41724 redhat_vex golang: crypto/tls: large handshake records may cause panics fixed: 1716 known affected: 86 known not affected: 2714 2026-07-15T12:39:13+00:00 Vulnerability · Source
CVE-2026-53633 redhat_vex @vitest/browser: vite-plus: Vitest: Remote code execution via exposed Chrome DevTools Protocol API known not affected: 1 2026-07-15T12:35:56+00:00 Vulnerability · Source
CVE-2026-49978 redhat_vex dompurify: DOMPurify: Cross-site scripting vulnerability allows code execution known affected: 13 under investigation: 34 2026-07-15T12:32:55+00:00 Vulnerability · Source
CVE-2026-50651 redhat_vex dotnet: SocketsHttpHandler Http2Connection - HTTP/2 SETTINGS/PING ACK flood causing OOM fixed: 6 known affected: 10 known not affected: 17 under investigation: 130 2026-07-15T12:32:42+00:00 Vulnerability · Source
CVE-2026-23490 redhat_vex pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID fixed: 1821 known affected: 26 known not affected: 6113 2026-07-15T12:32:07+00:00 Vulnerability · Source
CVE-2026-48806 redhat_vex twig/twig: Twig: Information disclosure and limited data modification via sandbox bypass known not affected: 1 2026-07-15T12:29:14+00:00 Vulnerability · Source
CVE-2026-46633 redhat_vex twig/twig: Twig: Arbitrary code execution via crafted template name known not affected: 1 2026-07-15T12:29:13+00:00 Vulnerability · Source
CVE-2026-49981 redhat_vex twig/twig: Twig: Information disclosure via sandbox bypass known not affected: 1 2026-07-15T12:28:51+00:00 Vulnerability · Source
CVE-2026-46639 redhat_vex twig/twig: Twig: Sandbox bypass allows information disclosure and method invocation known not affected: 1 2026-07-15T12:27:46+00:00 Vulnerability · Source
CVE-2026-46638 redhat_vex twig/twig: Twig: Security bypass allows unauthorized template execution known not affected: 1 2026-07-15T12:25:18+00:00 Vulnerability · Source
CVE-2026-46640 redhat_vex twig/twig: Twig: Arbitrary code execution via improper handling of dynamic attributes known not affected: 1 2026-07-15T12:24:57+00:00 Vulnerability · Source
CVE-2026-48807 redhat_vex twig/twig: Twig: Sandbox bypass allows information disclosure known not affected: 1 2026-07-15T12:24:43+00:00 Vulnerability · Source
CVE-2026-47732 redhat_vex twig/twig: Twig: Security policy bypass leads to information disclosure known not affected: 1 2026-07-15T12:24:34+00:00 Vulnerability · Source
CVE-2026-8177 redhat_vex perl-XML-LibXML: XML::LibXML: Denial of Service via truncated UTF-8 in XML node names fixed: 39 known affected: 2 known not affected: 1 2026-07-15T12:23:45+00:00 Vulnerability · Source
CVE-2026-34881 redhat_vex openstack-glance: OpenStack Glance: Server-Side Request Forgery leading to unauthorized internal network access fixed: 3 known affected: 6 2026-07-15T12:23:36+00:00 Vulnerability · Source
CVE-2026-42790 redhat_vex erlang: Erlang OTP public_key: Certificate validation bypass allows hostname spoofing fixed: 30 known affected: 40 2026-07-15T12:20:32+00:00 Vulnerability · Source
CVE-2026-42789 redhat_vex erlang: Erlang OTP public_key: Certificate chain forgery via improper trust chain validation fixed: 30 known affected: 40 2026-07-15T12:20:28+00:00 Vulnerability · Source
CVE-2026-43001 redhat_vex OpenStack Keystone: OpenStack Keystone: Unauthorized cross-project access due to improper validation in EC2 credential creation fixed: 3 known affected: 5 known not affected: 4 2026-07-15T12:11:28+00:00 Vulnerability · Source
CVE-2026-45736 redhat_vex ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray` fixed: 29 known affected: 58 known not affected: 383 2026-07-15T10:31:05+00:00 Vulnerability · Source
CVE-2026-43514 redhat_vex tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy fixed: 4 known affected: 28 2026-07-15T10:19:37+00:00 Vulnerability · Source
CVE-2026-47736 redhat_vex puma: Puma: Denial of Service due to unbounded memory growth in PROXY protocol v1 known not affected: 19 2026-07-15T10:17:11+00:00 Vulnerability · Source
CVE-2026-47737 redhat_vex puma: Puma: Source IP spoofing via PROXY protocol header re-parsing known not affected: 19 2026-07-15T10:16:31+00:00 Vulnerability · Source
CVE-2026-42997 redhat_vex OpenStack Ironic: OpenStack Ironic: Information disclosure via credential forwarding during mold import fixed: 4 known affected: 9 known not affected: 4 2026-07-15T09:56:18+00:00 Vulnerability · Source
CVE-2026-15028 redhat_vex libarchive: heap overflow OOB read while parsing a tar archive contains a PAX extended header fixed: 3 known affected: 21 2026-07-15T09:15:14+00:00 Vulnerability · Source
CVE-2026-46579 redhat_vex openshift/router: openshift/router: mTLS client certificate spoofing via unstripped X-SSL-Client headers on HTTP frontend fixed: 16 known affected: 1 known not affected: 1476 2026-07-15T09:09:53+00:00 Vulnerability · Source
CVE-2026-6523 redhat_vex wireshark: Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark known affected: 4 known not affected: 16 2026-07-15T09:08:31+00:00 Vulnerability · Source
CVE-2026-6525 redhat_vex wireshark: NULL Pointer Dereference in Wireshark known not affected: 20 2026-07-15T09:08:30+00:00 Vulnerability · Source
CVE-2026-9759 redhat_vex wireshark: NULL Pointer Dereference in Wireshark known affected: 4 known not affected: 16 2026-07-15T09:07:15+00:00 Vulnerability · Source
CVE-2026-5299 redhat_vex wireshark: Uncontrolled Recursion in Wireshark known affected: 4 known not affected: 16 2026-07-15T09:07:12+00:00 Vulnerability · Source
CVE-2026-42586 redhat_vex netty-codec-redis: Netty: Command injection via CRLF characters in Redis codec encoder fixed: 1 known affected: 4 known not affected: 2 2026-07-15T08:56:28+00:00 Vulnerability · Source
CVE-2026-4647 redhat_vex binutils: Out-of-Bounds Read in XCOFF Relocation Processing in GNU Binutils BFD Library fixed: 3 known affected: 39 known not affected: 34 2026-07-15T08:10:56+00:00 Vulnerability · Source
CVE-2026-14251 redhat_vex gitops-operator: gitops-operator: Missing allowedNamespace check in ReconcilerHook for ClusterRole/Role cases enables potential privilege escalation and DoS known affected: 2 2026-07-15T08:06:07+00:00 Vulnerability · Source
CVE-2026-42264 redhat_vex axios: Axios: Prototype pollution allows information disclosure and request manipulation fixed: 44 known affected: 47 known not affected: 176 2026-07-15T07:51:06+00:00 Vulnerability · Source
CVE-2026-10846 redhat_vex ldns: ldns: Off-path poisoning attacks due to insufficient query-response matching known affected: 25 2026-07-15T06:55:46+00:00 Vulnerability · Source
CVE-2026-12325 redhat_vex firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component fixed: 260 known affected: 8 2026-07-15T05:48:54+00:00 Vulnerability · Source
CVE-2026-12324 redhat_vex firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component fixed: 260 known affected: 8 2026-07-15T05:48:51+00:00 Vulnerability · Source
CVE-2026-39244 redhat_vex adm-zip: adm-zip: Denial of Service via crafted ZIP file leading to excessive memory allocation known affected: 15 under investigation: 7 2026-07-15T05:48:37+00:00 Vulnerability · Source
CVE-2026-12330 redhat_vex firefox: thunderbird: Incorrect boundary conditions in the Internationalization component fixed: 260 known affected: 8 2026-07-15T05:47:54+00:00 Vulnerability · Source
CVE-2026-12327 redhat_vex firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 fixed: 260 known affected: 8 2026-07-15T05:47:51+00:00 Vulnerability · Source
CVE-2026-12315 redhat_vex firefox: thunderbird: Mitigation bypass in the DOM: Security component fixed: 260 known affected: 8 2026-07-15T05:47:48+00:00 Vulnerability · Source
CVE-2026-12314 redhat_vex firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 fixed: 260 known affected: 8 2026-07-15T05:47:47+00:00 Vulnerability · Source
CVE-2026-12313 redhat_vex firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component fixed: 260 known affected: 8 2026-07-15T05:47:46+00:00 Vulnerability · Source
CVE-2026-12312 redhat_vex firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 fixed: 260 known affected: 8 2026-07-15T05:47:41+00:00 Vulnerability · Source
CVE-2026-12311 redhat_vex firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component fixed: 260 known affected: 8 2026-07-15T05:47:39+00:00 Vulnerability · Source
CVE-2026-12310 redhat_vex firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 fixed: 260 known affected: 8 2026-07-15T05:47:37+00:00 Vulnerability · Source