VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
222203 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-62641 | redhat_vex | roundcubemail: Roundcube Webmail: Denial of Service via crafted TNEF compressed-RTF size | known not affected: 1 | 2026-07-14T18:05:04+00:00 | Vulnerability · Source |
| CVE-2026-52977 | redhat_vex | kernel: futex: Prevent lockup in requeue-PI during signal/ timeout wakeup | known affected: 184 known not affected: 90 | 2026-07-14T18:05:03+00:00 | Vulnerability · Source |
| CVE-2026-52980 | redhat_vex | kernel: sched/fair: Clear rel_deadline when initializing forked entities | known affected: 76 known not affected: 198 | 2026-07-14T18:05:02+00:00 | Vulnerability · Source |
| CVE-2026-62642 | redhat_vex | roundcubemail: Roundcube Webmail: Denial of Service via infinite loop in TNEF decoder | known not affected: 1 | 2026-07-14T18:05:01+00:00 | Vulnerability · Source |
| CVE-2026-62644 | redhat_vex | roundcubemail: Roundcube Webmail: Account takeover via username spoofing in password plugin | known not affected: 1 | 2026-07-14T18:05:01+00:00 | Vulnerability · Source |
| CVE-2026-46173 | redhat_vex | kernel: exit: prevent preemption of oopsing TASK_DEAD task | fixed: 1658 known affected: 36 known not affected: 76 | 2026-07-14T18:04:39+00:00 | Vulnerability · Source |
| CVE-2026-43414 | redhat_vex | kernel: scsi: qla2xxx: Completely fix fcport double free | fixed: 1224 known affected: 36 known not affected: 76 | 2026-07-14T18:04:33+00:00 | Vulnerability · Source |
| CVE-2026-43330 | redhat_vex | kernel: crypto: caam - fix overflow on long hmac keys | fixed: 616 known not affected: 198 | 2026-07-14T18:04:31+00:00 | Vulnerability · Source |
| CVE-2025-68724 | redhat_vex | kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id | fixed: 1930 known affected: 23 known not affected: 42 | 2026-07-14T18:04:21+00:00 | Vulnerability · Source |
| CVE-2025-38653 | redhat_vex | kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al | fixed: 1503 known affected: 36 known not affected: 76 | 2026-07-14T18:04:17+00:00 | Vulnerability · Source |
| CVE-2026-46086 | redhat_vex | kernel: net: bridge: use a stable FDB dst snapshot in RCU readers | fixed: 453 known affected: 140 | 2026-07-14T18:04:13+00:00 | Vulnerability · Source |
| CVE-2026-27144 | redhat_vex | golang: cmd/compile: no-op interface conversion bypasses overlap checking | fixed: 3333 known affected: 5 known not affected: 222 | 2026-07-14T17:54:24+00:00 | Vulnerability · Source |
| CVE-2026-27143 | redhat_vex | golang: cmd/compile: possible memory corruption after bound check elimination | fixed: 3329 known affected: 5 known not affected: 226 | 2026-07-14T17:54:24+00:00 | Vulnerability · Source |
| CVE-2026-42583 | redhat_vex | netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder | fixed: 5 known affected: 36 known not affected: 87 | 2026-07-14T17:42:10+00:00 | Vulnerability · Source |
| CVE-2026-24308 | redhat_vex | Apache ZooKeeper: Apache ZooKeeper: Information disclosure via improper handling of configuration values | fixed: 6 known affected: 7 known not affected: 210 | 2026-07-14T17:41:40+00:00 | Vulnerability · Source |
| CVE-2026-62643 | redhat_vex | roundcubemail: Roundcube Webmail: Server-Side Request Forgery via insufficient CSS sanitization | known not affected: 1 | 2026-07-14T17:40:12+00:00 | Vulnerability · Source |
| CVE-2026-44825 | redhat_vex | solr: Apache Solr: Remote attacker gains administrative access via hardcoded credentials in Basic Authentication setup. | known not affected: 2 | 2026-07-14T17:38:46+00:00 | Vulnerability · Source |
| CVE-2026-52972 | redhat_vex | kernel: crypto: af_alg - Cap AEAD AD length to 0x80000000 | known affected: 232 known not affected: 42 | 2026-07-14T17:38:42+00:00 | Vulnerability · Source |
| CVE-2026-54433 | redhat_vex | roundcubemail: Roundcube Webmail: Arbitrary code execution via zero-click cross-site scripting | known not affected: 1 | 2026-07-14T17:38:40+00:00 | Vulnerability · Source |
| CVE-2026-46316 | redhat_vex | kernel: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry | fixed: 1224 known affected: 24 known not affected: 90 | 2026-07-14T17:33:06+00:00 | Vulnerability · Source |
| CVE-2026-43074 | redhat_vex | kernel: eventpoll: defer struct eventpoll free to RCU grace period | fixed: 1504 known affected: 22 known not affected: 76 under investigation: 14 | 2026-07-14T17:32:55+00:00 | Vulnerability · Source |
| CVE-2026-46116 | redhat_vex | kernel: xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete | fixed: 760 known affected: 126 under investigation: 14 | 2026-07-14T17:32:42+00:00 | Vulnerability · Source |
| CVE-2026-41159 | redhat_vex | mermaid: Mermaid: Information disclosure and page defacement via CSS injection | known affected: 3 | 2026-07-14T16:31:17+00:00 | Vulnerability · Source |
| CVE-2026-44897 | redhat_vex | mistune: Mistune: Cross-site scripting (XSS) via improper sanitization of HTML heading ID attribute | known affected: 23 known not affected: 2 | 2026-07-14T16:31:15+00:00 | Vulnerability · Source |
| CVE-2026-9358 | redhat_vex | postcss-selector-parser: Postcss: Denial of Service via uncontrolled recursion in AST Serialization | fixed: 4 known affected: 164 known not affected: 57 | 2026-07-14T16:31:03+00:00 | Vulnerability · Source |
| CVE-2026-53439 | redhat_vex | jenkins: Jenkins: Information Disclosure via Missing Permission Checks | known affected: 1 | 2026-07-14T16:30:56+00:00 | Vulnerability · Source |
| CVE-2026-52962 | redhat_vex | kernel: ceph: fix a buffer leak in __ceph_setxattr() | known affected: 260 known not affected: 14 | 2026-07-14T16:28:48+00:00 | Vulnerability · Source |
| CVE-2026-56140 | redhat_vex | org.apache.camel/camel-aws2-sns: Apache Camel AWS SNS Component: Defense-in-depth hardening due to improper input validation | known not affected: 4 | 2026-07-14T16:28:46+00:00 | Vulnerability · Source |
| CVE-2026-48775 | redhat_vex | langgraph: langgraph-checkpoint: LangGraph: Arbitrary code execution via insecure deserialization of modified checkpoint bytes | known affected: 7 | 2026-07-14T16:28:40+00:00 | Vulnerability · Source |
| CVE-2025-71330 | redhat_vex | image-size: image-size: Denial of Service via crafted ICNS image buffer | known affected: 28 | 2026-07-14T16:28:38+00:00 | Vulnerability · Source |
| CVE-2026-52963 | redhat_vex | kernel: ALSA: usb-audio: Bound MIDI endpoint descriptor scans | known affected: 246 known not affected: 28 | 2026-07-14T16:28:35+00:00 | Vulnerability · Source |
| CVE-2026-48776 | redhat_vex | langgraph: langgraph-sdk: LangGraph Python SDK: Unsafe URL path construction leads to unauthorized resource access | known affected: 7 | 2026-07-14T16:28:32+00:00 | Vulnerability · Source |
| CVE-2026-12199 | redhat_vex | nltk: NLTK: Remote unauthenticated denial of service in WordNet Browser HTTP server | known affected: 11 | 2026-07-14T16:28:27+00:00 | Vulnerability · Source |
| CVE-2026-52964 | redhat_vex | kernel: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans | known affected: 184 known not affected: 90 | 2026-07-14T16:28:24+00:00 | Vulnerability · Source |
| CVE-2026-10142 | redhat_vex | kafka-python: kafka-python: Denial of Service due to crafted frame length in protocol parser | known affected: 2 | 2026-07-14T16:28:14+00:00 | Vulnerability · Source |
| CVE-2025-71329 | redhat_vex | image-size: image-size: Denial of Service via crafted image buffer with zero-valued size field | known affected: 5 known not affected: 23 | 2026-07-14T16:28:13+00:00 | Vulnerability · Source |
| CVE-2026-42567 | redhat_vex | svelte: Svelte: Regular Expression Denial of Service (ReDoS) | known affected: 2 | 2026-07-14T16:28:09+00:00 | Vulnerability · Source |
| CVE-2026-10732 | redhat_vex | decompress: Decompress: Arbitrary file write leading to remote code execution via crafted ZIP archive (Zip Slip) | known affected: 6 known not affected: 16 | 2026-07-14T16:28:02+00:00 | Vulnerability · Source |
| CVE-2026-53364 | redhat_vex | kernel: Bluetooth: hci_conn: Fix memory leak in hci_le_big_terminate() | known affected: 184 known not affected: 90 | 2026-07-14T16:22:38+00:00 | Vulnerability · Source |
| CVE-2026-6653 | redhat_vex | libxml2: mingw-libxml2: libxml2: Denial of Service via crafted XML input due to use-after-free | known affected: 14 known not affected: 11 | 2026-07-14T16:17:24+00:00 | Vulnerability · Source |
| CVE-2024-21529 | redhat_vex | dset: Prototype Pollution | fixed: 1 known not affected: 4 | 2026-07-14T16:06:30+00:00 | Vulnerability · Source |
| CVE-2026-40977 | redhat_vex | Spring Boot: Spring Boot: Local file corruption via PID file manipulation | fixed: 1 known affected: 21 | 2026-07-14T16:03:28+00:00 | Vulnerability · Source |
| CVE-2026-42041 | redhat_vex | axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling | fixed: 142 known affected: 37 known not affected: 2448 | 2026-07-14T15:56:21+00:00 | Vulnerability · Source |
| CVE-2026-35172 | redhat_vex | github.com/distribution/distribution: Distribution: Information disclosure via stale references after content deletion | fixed: 122 known affected: 3 known not affected: 2374 under investigation: 4 | 2026-07-14T15:41:22+00:00 | Vulnerability · Source |
| CVE-2026-44973 | redhat_vex | github.com/go-git/go-billy: Go-billy: Arbitrary file access due to path traversal vulnerability | under investigation: 2 | 2026-07-14T15:41:04+00:00 | Vulnerability · Source |
| CVE-2026-44293 | redhat_vex | protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors | fixed: 29 known affected: 20 known not affected: 2159 | 2026-07-14T15:21:20+00:00 | Vulnerability · Source |
| CVE-2026-9595 | redhat_vex | webpack-dev-server: webpack-dev-server: Information disclosure and denial of service via improper proxy configuration | fixed: 12 known affected: 68 known not affected: 1972 | 2026-07-14T15:21:03+00:00 | Vulnerability · Source |
| CVE-2026-11332 | redhat_vex | ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution | known affected: 47 under investigation: 12 | 2026-07-14T15:01:48+00:00 | Vulnerability · Source |
| CVE-2026-39245 | redhat_vex | decompress: decompress: path traversal via indexOf containment bypass allows arbitrary file write (bypass of CVE-2020-12265 fix) | fixed: 3 known affected: 1 known not affected: 2 | 2026-07-14T14:58:03+00:00 | Vulnerability · Source |
| CVE-2026-42771 | redhat_vex | openssl: Possible Out of Bounds Read in X509_VERIFY_PARAM_set1_email() | known affected: 56 known not affected: 5 | 2026-07-14T14:21:22+00:00 | Vulnerability · Source |