VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
222198 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-46635 | redhat_vex | twig/twig: Twig: Information disclosure via column filter in template language | known not affected: 1 | 2026-07-15T12:49:31+00:00 | Vulnerability · Source |
| CVE-2026-47730 | redhat_vex | twig/twig: Twig: Cross-site Scripting (XSS) vulnerability in HTML profiler dump | known not affected: 1 | 2026-07-15T12:49:30+00:00 | Vulnerability · Source |
| CVE-2026-48808 | redhat_vex | twig/twig: Twig: Information Disclosure via Sandbox Bypass in Column Filter | known not affected: 1 | 2026-07-15T12:49:30+00:00 | Vulnerability · Source |
| CVE-2026-48805 | redhat_vex | twig/twig: Twig: Sandbox bypass vulnerability via deprecated internal wrappers | known not affected: 1 | 2026-07-15T12:49:28+00:00 | Vulnerability · Source |
| CVE-2026-40683 | redhat_vex | OpenStack Keystone: OpenStack Keystone: Unauthorized access due to incorrect LDAP user status handling | fixed: 3 known affected: 8 known not affected: 1 | 2026-07-15T12:48:59+00:00 | Vulnerability · Source |
| CVE-2022-41724 | redhat_vex | golang: crypto/tls: large handshake records may cause panics | fixed: 1716 known affected: 86 known not affected: 2714 | 2026-07-15T12:39:13+00:00 | Vulnerability · Source |
| CVE-2026-53633 | redhat_vex | @vitest/browser: vite-plus: Vitest: Remote code execution via exposed Chrome DevTools Protocol API | known not affected: 1 | 2026-07-15T12:35:56+00:00 | Vulnerability · Source |
| CVE-2026-49978 | redhat_vex | dompurify: DOMPurify: Cross-site scripting vulnerability allows code execution | known affected: 13 under investigation: 34 | 2026-07-15T12:32:55+00:00 | Vulnerability · Source |
| CVE-2026-50651 | redhat_vex | dotnet: SocketsHttpHandler Http2Connection - HTTP/2 SETTINGS/PING ACK flood causing OOM | fixed: 6 known affected: 10 known not affected: 17 under investigation: 130 | 2026-07-15T12:32:42+00:00 | Vulnerability · Source |
| CVE-2026-23490 | redhat_vex | pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID | fixed: 1821 known affected: 26 known not affected: 6113 | 2026-07-15T12:32:07+00:00 | Vulnerability · Source |
| CVE-2026-48806 | redhat_vex | twig/twig: Twig: Information disclosure and limited data modification via sandbox bypass | known not affected: 1 | 2026-07-15T12:29:14+00:00 | Vulnerability · Source |
| CVE-2026-46633 | redhat_vex | twig/twig: Twig: Arbitrary code execution via crafted template name | known not affected: 1 | 2026-07-15T12:29:13+00:00 | Vulnerability · Source |
| CVE-2026-49981 | redhat_vex | twig/twig: Twig: Information disclosure via sandbox bypass | known not affected: 1 | 2026-07-15T12:28:51+00:00 | Vulnerability · Source |
| CVE-2026-46639 | redhat_vex | twig/twig: Twig: Sandbox bypass allows information disclosure and method invocation | known not affected: 1 | 2026-07-15T12:27:46+00:00 | Vulnerability · Source |
| CVE-2026-46638 | redhat_vex | twig/twig: Twig: Security bypass allows unauthorized template execution | known not affected: 1 | 2026-07-15T12:25:18+00:00 | Vulnerability · Source |
| CVE-2026-46640 | redhat_vex | twig/twig: Twig: Arbitrary code execution via improper handling of dynamic attributes | known not affected: 1 | 2026-07-15T12:24:57+00:00 | Vulnerability · Source |
| CVE-2026-48807 | redhat_vex | twig/twig: Twig: Sandbox bypass allows information disclosure | known not affected: 1 | 2026-07-15T12:24:43+00:00 | Vulnerability · Source |
| CVE-2026-47732 | redhat_vex | twig/twig: Twig: Security policy bypass leads to information disclosure | known not affected: 1 | 2026-07-15T12:24:34+00:00 | Vulnerability · Source |
| CVE-2026-8177 | redhat_vex | perl-XML-LibXML: XML::LibXML: Denial of Service via truncated UTF-8 in XML node names | fixed: 39 known affected: 2 known not affected: 1 | 2026-07-15T12:23:45+00:00 | Vulnerability · Source |
| CVE-2026-34881 | redhat_vex | openstack-glance: OpenStack Glance: Server-Side Request Forgery leading to unauthorized internal network access | fixed: 3 known affected: 6 | 2026-07-15T12:23:36+00:00 | Vulnerability · Source |
| CVE-2026-42790 | redhat_vex | erlang: Erlang OTP public_key: Certificate validation bypass allows hostname spoofing | fixed: 30 known affected: 40 | 2026-07-15T12:20:32+00:00 | Vulnerability · Source |
| CVE-2026-42789 | redhat_vex | erlang: Erlang OTP public_key: Certificate chain forgery via improper trust chain validation | fixed: 30 known affected: 40 | 2026-07-15T12:20:28+00:00 | Vulnerability · Source |
| CVE-2026-43001 | redhat_vex | OpenStack Keystone: OpenStack Keystone: Unauthorized cross-project access due to improper validation in EC2 credential creation | fixed: 3 known affected: 5 known not affected: 4 | 2026-07-15T12:11:28+00:00 | Vulnerability · Source |
| CVE-2026-45736 | redhat_vex | ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray` | fixed: 29 known affected: 58 known not affected: 383 | 2026-07-15T10:31:05+00:00 | Vulnerability · Source |
| CVE-2026-43514 | redhat_vex | tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy | fixed: 4 known affected: 28 | 2026-07-15T10:19:37+00:00 | Vulnerability · Source |
| CVE-2026-47736 | redhat_vex | puma: Puma: Denial of Service due to unbounded memory growth in PROXY protocol v1 | known not affected: 19 | 2026-07-15T10:17:11+00:00 | Vulnerability · Source |
| CVE-2026-47737 | redhat_vex | puma: Puma: Source IP spoofing via PROXY protocol header re-parsing | known not affected: 19 | 2026-07-15T10:16:31+00:00 | Vulnerability · Source |
| CVE-2026-42997 | redhat_vex | OpenStack Ironic: OpenStack Ironic: Information disclosure via credential forwarding during mold import | fixed: 4 known affected: 9 known not affected: 4 | 2026-07-15T09:56:18+00:00 | Vulnerability · Source |
| CVE-2026-15028 | redhat_vex | libarchive: heap overflow OOB read while parsing a tar archive contains a PAX extended header | fixed: 3 known affected: 21 | 2026-07-15T09:15:14+00:00 | Vulnerability · Source |
| CVE-2026-46579 | redhat_vex | openshift/router: openshift/router: mTLS client certificate spoofing via unstripped X-SSL-Client headers on HTTP frontend | fixed: 16 known affected: 1 known not affected: 1476 | 2026-07-15T09:09:53+00:00 | Vulnerability · Source |
| CVE-2026-6523 | redhat_vex | wireshark: Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark | known affected: 4 known not affected: 16 | 2026-07-15T09:08:31+00:00 | Vulnerability · Source |
| CVE-2026-6525 | redhat_vex | wireshark: NULL Pointer Dereference in Wireshark | known not affected: 20 | 2026-07-15T09:08:30+00:00 | Vulnerability · Source |
| CVE-2026-9759 | redhat_vex | wireshark: NULL Pointer Dereference in Wireshark | known affected: 4 known not affected: 16 | 2026-07-15T09:07:15+00:00 | Vulnerability · Source |
| CVE-2026-5299 | redhat_vex | wireshark: Uncontrolled Recursion in Wireshark | known affected: 4 known not affected: 16 | 2026-07-15T09:07:12+00:00 | Vulnerability · Source |
| CVE-2026-42586 | redhat_vex | netty-codec-redis: Netty: Command injection via CRLF characters in Redis codec encoder | fixed: 1 known affected: 4 known not affected: 2 | 2026-07-15T08:56:28+00:00 | Vulnerability · Source |
| CVE-2026-4647 | redhat_vex | binutils: Out-of-Bounds Read in XCOFF Relocation Processing in GNU Binutils BFD Library | fixed: 3 known affected: 39 known not affected: 34 | 2026-07-15T08:10:56+00:00 | Vulnerability · Source |
| CVE-2026-14251 | redhat_vex | gitops-operator: gitops-operator: Missing allowedNamespace check in ReconcilerHook for ClusterRole/Role cases enables potential privilege escalation and DoS | known affected: 2 | 2026-07-15T08:06:07+00:00 | Vulnerability · Source |
| CVE-2026-42264 | redhat_vex | axios: Axios: Prototype pollution allows information disclosure and request manipulation | fixed: 44 known affected: 47 known not affected: 176 | 2026-07-15T07:51:06+00:00 | Vulnerability · Source |
| CVE-2026-10846 | redhat_vex | ldns: ldns: Off-path poisoning attacks due to insufficient query-response matching | known affected: 25 | 2026-07-15T06:55:46+00:00 | Vulnerability · Source |
| CVE-2026-12325 | redhat_vex | firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component | fixed: 260 known affected: 8 | 2026-07-15T05:48:54+00:00 | Vulnerability · Source |
| CVE-2026-12324 | redhat_vex | firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component | fixed: 260 known affected: 8 | 2026-07-15T05:48:51+00:00 | Vulnerability · Source |
| CVE-2026-39244 | redhat_vex | adm-zip: adm-zip: Denial of Service via crafted ZIP file leading to excessive memory allocation | known affected: 15 under investigation: 7 | 2026-07-15T05:48:37+00:00 | Vulnerability · Source |
| CVE-2026-12330 | redhat_vex | firefox: thunderbird: Incorrect boundary conditions in the Internationalization component | fixed: 260 known affected: 8 | 2026-07-15T05:47:54+00:00 | Vulnerability · Source |
| CVE-2026-12327 | redhat_vex | firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 | fixed: 260 known affected: 8 | 2026-07-15T05:47:51+00:00 | Vulnerability · Source |
| CVE-2026-12315 | redhat_vex | firefox: thunderbird: Mitigation bypass in the DOM: Security component | fixed: 260 known affected: 8 | 2026-07-15T05:47:48+00:00 | Vulnerability · Source |
| CVE-2026-12314 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:47:47+00:00 | Vulnerability · Source |
| CVE-2026-12313 | redhat_vex | firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component | fixed: 260 known affected: 8 | 2026-07-15T05:47:46+00:00 | Vulnerability · Source |
| CVE-2026-12312 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:47:41+00:00 | Vulnerability · Source |
| CVE-2026-12311 | redhat_vex | firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component | fixed: 260 known affected: 8 | 2026-07-15T05:47:39+00:00 | Vulnerability · Source |
| CVE-2026-12310 | redhat_vex | firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 | fixed: 260 known affected: 8 | 2026-07-15T05:47:37+00:00 | Vulnerability · Source |