VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
222161 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2023-39325 | redhat_vex | golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) | fixed: 4761 known affected: 244 known not affected: 30354 | 2026-07-16T08:05:10+00:00 | Vulnerability · Source |
| CVE-2025-61726 | redhat_vex | golang: net/url: Memory exhaustion in query parameter parsing in net/url | fixed: 10108 known affected: 453 known not affected: 16781 | 2026-07-16T08:04:37+00:00 | Vulnerability · Source |
| CVE-2026-42582 | redhat_vex | netty: io.netty/netty-codec-http3: Netty: Denial of Service due to improper length validation in header block decoding | known affected: 1 | 2026-07-16T08:04:32+00:00 | Vulnerability · Source |
| CVE-2026-15075 | redhat_vex | vertx-core: Eclipse Vert.x: Information disclosure via improper handling of HTTP 30x redirects | known affected: 17 under investigation: 11 | 2026-07-16T08:02:19+00:00 | Vulnerability · Source |
| CVE-2026-39830 | redhat_vex | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses | fixed: 605 known affected: 187 known not affected: 508 under investigation: 4 | 2026-07-16T08:02:05+00:00 | Vulnerability · Source |
| CVE-2026-34986 | redhat_vex | github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object | fixed: 1888 known affected: 171 known not affected: 10842 under investigation: 1 | 2026-07-16T08:01:57+00:00 | Vulnerability · Source |
| CVE-2026-12382 | redhat_vex | aap-gateway: missing requestHeadersToRemove allows mTLS bypass via Subject header spoofing | fixed: 1 known affected: 1 known not affected: 323 | 2026-07-16T07:56:12+00:00 | Vulnerability · Source |
| CVE-2026-54512 | redhat_vex | jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass | fixed: 1 known affected: 87 known not affected: 79 under investigation: 3 | 2026-07-16T07:55:37+00:00 | Vulnerability · Source |
| CVE-2026-55204 | redhat_vex | haproxy: HAProxy: Denial of Service via HPACK dynamic table insertions | known affected: 27 | 2026-07-16T07:54:18+00:00 | Vulnerability · Source |
| CVE-2026-42508 | redhat_vex | golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey | fixed: 505 known affected: 47 known not affected: 468 under investigation: 3 | 2026-07-16T07:48:28+00:00 | Vulnerability · Source |
| CVE-2026-55203 | redhat_vex | haproxy: HAProxy: Response smuggling due to integer overflow in FastCGI record length handling | known affected: 27 | 2026-07-16T07:46:30+00:00 | Vulnerability · Source |
| CVE-2026-59733 | redhat_vex | rclone: Rclone: Unauthorized access to private repositories via directory traversal | known not affected: 1 | 2026-07-16T07:41:40+00:00 | Vulnerability · Source |
| CVE-2026-49458 | redhat_vex | dompurify: DOMPurify: Cross-site scripting due to improper sanitization of DOM nodes | known affected: 13 under investigation: 35 | 2026-07-16T07:31:18+00:00 | Vulnerability · Source |
| CVE-2026-49459 | redhat_vex | dompurify: DOMPurify: Cross-site scripting bypass allows arbitrary script execution | known affected: 13 under investigation: 35 | 2026-07-16T07:26:17+00:00 | Vulnerability · Source |
| CVE-2026-48125 | redhat_vex | ua-parser-js: UAParser.js: Denial of Service via crafted Client Hints header | known affected: 19 known not affected: 1 | 2026-07-16T07:26:08+00:00 | Vulnerability · Source |
| CVE-2026-46209 | redhat_vex | kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() | fixed: 884 known affected: 22 known not affected: 42 | 2026-07-16T07:25:04+00:00 | Vulnerability · Source |
| CVE-2026-43027 | redhat_vex | kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup | fixed: 1930 known affected: 36 known not affected: 28 | 2026-07-16T07:25:03+00:00 | Vulnerability · Source |
| CVE-2026-53166 | redhat_vex | kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock | fixed: 1487 known affected: 50 known not affected: 14 | 2026-07-16T07:25:00+00:00 | Vulnerability · Source |
| CVE-2026-46189 | redhat_vex | kernel: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path | fixed: 1623 known affected: 50 known not affected: 14 | 2026-07-16T07:24:58+00:00 | Vulnerability · Source |
| CVE-2026-31408 | redhat_vex | kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold | fixed: 1980 known affected: 64 | 2026-07-16T07:24:49+00:00 | Vulnerability · Source |
| CVE-2026-31613 | redhat_vex | kernel: smb: client: fix OOB reads parsing symlink error response | fixed: 884 known affected: 22 known not affected: 42 | 2026-07-16T07:24:49+00:00 | Vulnerability · Source |
| CVE-2025-68183 | redhat_vex | kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr | fixed: 1930 known affected: 33 known not affected: 31 | 2026-07-16T07:24:49+00:00 | Vulnerability · Source |
| CVE-2026-43499 | redhat_vex | kernel: rtmutex: Use waiter::task instead of current in remove_waiter() | fixed: 1487 known affected: 64 | 2026-07-16T07:24:49+00:00 | Vulnerability · Source |
| CVE-2026-15697 | redhat_vex | svg.js: svg.js: Remote object prototype pollution | under investigation: 2 | 2026-07-16T07:01:34+00:00 | Vulnerability · Source |
| CVE-2026-39835 | redhat_vex | golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate | fixed: 680 known affected: 145 known not affected: 339 under investigation: 1 | 2026-07-16T06:36:32+00:00 | Vulnerability · Source |
| CVE-2026-27904 | redhat_vex | minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions | fixed: 393 known affected: 77 known not affected: 1107 | 2026-07-16T06:26:03+00:00 | Vulnerability · Source |
| CVE-2026-59204 | redhat_vex | Pillow: Pillow: Denial of Service via crafted JPEG2000 image | known affected: 66 under investigation: 25 | 2026-07-16T06:25:59+00:00 | Vulnerability · Source |
| CVE-2026-6321 | redhat_vex | fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies | fixed: 286 known affected: 32 known not affected: 611 | 2026-07-16T06:11:09+00:00 | Vulnerability · Source |
| CVE-2026-15809 | redhat_vex | github.com/cri-o/cri-o: Fix Bypass for CVE-2022-4318 — /etc/passwd Injection via HOME env | known affected: 5 | 2026-07-16T05:40:56+00:00 | Vulnerability · Source |
| CVE-2026-46595 | redhat_vex | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation | fixed: 209 known affected: 61 known not affected: 914 under investigation: 3 | 2026-07-16T05:21:04+00:00 | Vulnerability · Source |
| CVE-2026-40898 | redhat_vex | github.com/quic-go/quic-go: quic-go: Denial of Service via excessive memory allocation in HTTP/3 trailers | fixed: 6 known affected: 14 known not affected: 10 | 2026-07-16T04:58:47+00:00 | Vulnerability · Source |
| CVE-2026-11525 | redhat_vex | undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header | fixed: 196 known affected: 47 | 2026-07-16T04:58:41+00:00 | Vulnerability · Source |
| CVE-2026-5078 | redhat_vex | morgan: morgan: Log forgery due to unneutralized control characters | fixed: 4 known affected: 18 known not affected: 1 under investigation: 8 | 2026-07-16T04:58:29+00:00 | Vulnerability · Source |
| CVE-2026-42587 | redhat_vex | netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression | fixed: 26 known affected: 44 known not affected: 145 | 2026-07-16T04:35:55+00:00 | Vulnerability · Source |
| CVE-2026-44740 | redhat_vex | github.com/go-git/go-billy: Billy: Denial of Service via crafted input due to insufficient validation | fixed: 121 known affected: 215 known not affected: 70 | 2026-07-16T03:45:07+00:00 | Vulnerability · Source |
| CVE-2026-44431 | redhat_vex | urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers | fixed: 95 known affected: 136 known not affected: 510 | 2026-07-16T03:44:02+00:00 | Vulnerability · Source |
| CVE-2026-42257 | redhat_vex | net-imap: Net::IMAP: Arbitrary IMAP command injection via CRLF sequences in unvalidated input | fixed: 12 known affected: 133 | 2026-07-16T03:44:00+00:00 | Vulnerability · Source |
| CVE-2026-48524 | redhat_vex | python-pyjwt: PyJWT: Denial of Service via unverified JSON Web Token key IDs | known affected: 182 known not affected: 7 | 2026-07-16T02:56:00+00:00 | Vulnerability · Source |
| CVE-2026-42258 | redhat_vex | ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments | fixed: 1909 known affected: 4 known not affected: 11 under investigation: 9 | 2026-07-16T02:51:58+00:00 | Vulnerability · Source |
| CVE-2025-66471 | redhat_vex | urllib3: urllib3 Streaming API improperly handles highly compressed data | fixed: 1948 known affected: 359 known not affected: 3318 under investigation: 1 | 2026-07-16T02:48:22+00:00 | Vulnerability · Source |
| CVE-2026-39820 | redhat_vex | net/mail: golang: Go net/mail: Denial of Service via crafted email inputs | fixed: 96 known affected: 143 known not affected: 246 under investigation: 132 | 2026-07-16T02:31:03+00:00 | Vulnerability · Source |
| CVE-2025-68121 | redhat_vex | crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption | fixed: 6920 known affected: 203 known not affected: 3906 under investigation: 42 | 2026-07-16T02:26:41+00:00 | Vulnerability · Source |
| CVE-2026-42499 | redhat_vex | net/mail: golang: net/mail: Denial of Service via pathological email address parsing | fixed: 96 known affected: 157 known not affected: 247 under investigation: 117 | 2026-07-16T02:22:14+00:00 | Vulnerability · Source |
| CVE-2026-53550 | redhat_vex | js-yaml: js-yaml: Denial of Service via crafted YAML merge keys | fixed: 8 known affected: 136 known not affected: 51 | 2026-07-16T02:22:08+00:00 | Vulnerability · Source |
| CVE-2026-48523 | redhat_vex | python-pyjwt: PyJWT: Verifier-side algorithm bypass leads to unauthorized information access | known affected: 179 known not affected: 19 | 2026-07-16T02:17:40+00:00 | Vulnerability · Source |
| CVE-2026-53606 | redhat_vex | apostrophecms sanitize-html: sanitize-html: Cross-Site Scripting (XSS) via insufficient URI scheme validation | known affected: 18 under investigation: 2 | 2026-07-16T02:11:57+00:00 | Vulnerability · Source |
| CVE-2026-48525 | redhat_vex | python-pyjwt: PyJWT: Denial of Service via processing of crafted detached JWS tokens | known affected: 191 known not affected: 7 | 2026-07-16T02:11:56+00:00 | Vulnerability · Source |
| CVE-2026-44990 | redhat_vex | sanitize-html: `sanitize-html`: Stored Cross-Site Scripting via HTML sanitizer bypass | fixed: 19 known affected: 12 known not affected: 572 | 2026-07-16T02:11:49+00:00 | Vulnerability · Source |
| CVE-2026-53537 | redhat_vex | multipart: Python-Multipart: Information disclosure via header parsing discrepancy | known affected: 51 known not affected: 3 | 2026-07-16T02:10:14+00:00 | Vulnerability · Source |
| CVE-2026-6733 | redhat_vex | undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery. | fixed: 200 known affected: 46 | 2026-07-16T02:10:10+00:00 | Vulnerability · Source |