VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
222244 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-50633 | redhat_vex | apache-cxf: org.apache.cxf/cxf-integration-jca: Apache CXF: Arbitrary code execution via JNDI Injection | fixed: 1 known affected: 1 known not affected: 1 | 2026-07-09T15:31:11+00:00 | Vulnerability · Source |
| CVE-2026-50632 | redhat_vex | cxf: org.apache.cxf/cxf-rt-transports-jms: Apache CXF: Arbitrary code execution via untrusted JMS configuration | fixed: 1 known affected: 4 known not affected: 1 | 2026-07-09T15:31:06+00:00 | Vulnerability · Source |
| CVE-2026-50628 | redhat_vex | cxf: org.apache.cxf/cxf-rt-rs-security-oauth2: cxf: Unauthorized access due to logic error in OAuthRequestFilter | fixed: 1 known affected: 4 known not affected: 2 | 2026-07-09T15:31:02+00:00 | Vulnerability · Source |
| CVE-2026-50627 | redhat_vex | apache-cxf: org.apache.cxf/cxf-rt-rs-security-oauth2: Apache CXF: Token Confusion/Routing attacks due to improper validation of JWT audience claims | fixed: 1 known affected: 4 known not affected: 2 | 2026-07-09T15:31:01+00:00 | Vulnerability · Source |
| CVE-2026-50011 | redhat_vex | netty-codec-redis: Netty: Denial of Service via malicious Redis array header | fixed: 1 known affected: 4 known not affected: 1 | 2026-07-09T15:30:56+00:00 | Vulnerability · Source |
| CVE-2026-50010 | redhat_vex | netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass | fixed: 7 known affected: 35 known not affected: 17 | 2026-07-09T15:30:52+00:00 | Vulnerability · Source |
| CVE-2026-49875 | redhat_vex | cxf: org.apache.cxf/cxf-core: Apache CXF: Information disclosure via out-of-band external entity resolution due to missing JAXP hardening | fixed: 2 known affected: 7 | 2026-07-09T15:30:51+00:00 | Vulnerability · Source |
| CVE-2026-48059 | redhat_vex | netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers | fixed: 9 known affected: 27 known not affected: 66 | 2026-07-09T15:30:47+00:00 | Vulnerability · Source |
| CVE-2026-48043 | redhat_vex | netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak | fixed: 21 known affected: 33 known not affected: 56 | 2026-07-09T15:30:43+00:00 | Vulnerability · Source |
| CVE-2026-48006 | redhat_vex | netty-codec-redis: Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator | fixed: 1 known affected: 4 known not affected: 1 | 2026-07-09T15:30:42+00:00 | Vulnerability · Source |
| CVE-2026-47691 | redhat_vex | io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records | fixed: 5 known affected: 31 known not affected: 11 | 2026-07-09T15:30:37+00:00 | Vulnerability · Source |
| CVE-2026-46340 | redhat_vex | netty-transport-sctp: Netty-transport-sctp: Denial of Service due to unbounded memory growth from SctpMessage fragments | fixed: 1 known affected: 4 known not affected: 2 | 2026-07-09T15:30:35+00:00 | Vulnerability · Source |
| CVE-2026-45674 | redhat_vex | netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation | fixed: 5 known affected: 31 known not affected: 11 | 2026-07-09T15:30:32+00:00 | Vulnerability · Source |
| CVE-2026-45416 | redhat_vex | netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake | fixed: 7 known affected: 35 known not affected: 17 | 2026-07-09T15:30:31+00:00 | Vulnerability · Source |
| CVE-2026-44930 | redhat_vex | apache-cxf: org.apache.cxf.services.xkms/cxf-services-xkms-x509-repo-ldap: Apache CXF: Information Disclosure via LDAP Injection | fixed: 1 known affected: 2 | 2026-07-09T15:30:27+00:00 | Vulnerability · Source |
| CVE-2026-44893 | redhat_vex | netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message | fixed: 9 known affected: 25 known not affected: 67 | 2026-07-09T15:30:26+00:00 | Vulnerability · Source |
| CVE-2026-44890 | redhat_vex | netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payloads | fixed: 1 known affected: 4 known not affected: 1 | 2026-07-09T15:30:23+00:00 | Vulnerability · Source |
| CVE-2026-44249 | redhat_vex | netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation | fixed: 19 known affected: 33 known not affected: 68 | 2026-07-09T15:30:21+00:00 | Vulnerability · Source |
| CVE-2026-44417 | redhat_vex | org.apache.cxf/cxf-rt-transports-jms: Apache CXF: Remote Code Execution via untrusted JMS configuration | fixed: 1 known affected: 4 known not affected: 1 | 2026-07-09T15:30:21+00:00 | Vulnerability · Source |
| CVE-2026-44250 | redhat_vex | netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payload with deeply nested arrays | fixed: 1 known affected: 4 known not affected: 1 | 2026-07-09T15:30:18+00:00 | Vulnerability · Source |
| CVE-2026-44248 | redhat_vex | netty: io.netty/netty-codec-mqtt: Netty: Denial of Service due to excessive resource consumption from crafted MQTT 5 header | fixed: 1 known affected: 4 known not affected: 3 | 2026-07-09T15:30:13+00:00 | Vulnerability · Source |
| CVE-2026-42584 | redhat_vex | netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion | fixed: 25 known affected: 34 known not affected: 140 | 2026-07-09T15:30:07+00:00 | Vulnerability · Source |
| CVE-2026-42581 | redhat_vex | netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers | fixed: 25 known not affected: 125 under investigation: 49 | 2026-07-09T15:30:04+00:00 | Vulnerability · Source |
| CVE-2026-42579 | redhat_vex | netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement | fixed: 25 known not affected: 125 under investigation: 38 | 2026-07-09T15:29:58+00:00 | Vulnerability · Source |
| CVE-2026-42578 | redhat_vex | netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation | fixed: 25 known affected: 33 known not affected: 141 | 2026-07-09T15:29:53+00:00 | Vulnerability · Source |
| CVE-2024-5535 | redhat_vex | openssl: SSL_select_next_proto buffer overread | fixed: 390 known affected: 50 known not affected: 182 | 2026-07-09T15:29:23+00:00 | Vulnerability · Source |
| CVE-2026-6352 | redhat_vex | gitlab: GitLab EE: Auditor-level users can modify compliance records via improper authorization in GraphQL | known not affected: 4 | 2026-07-09T15:29:22+00:00 | Vulnerability · Source |
| CVE-2026-41568 | redhat_vex | github.com/docker/docker: github.com/moby/moby: Moby: Denial of Service via race condition in docker cp mount setup | fixed: 108 known affected: 20 known not affected: 18 under investigation: 316 | 2026-07-09T15:29:20+00:00 | Vulnerability · Source |
| CVE-2025-54410 | redhat_vex | github.com/moby/moby: Moby's Firewalld reload removes bridge network isolation | fixed: 108 known affected: 15 known not affected: 16 | 2026-07-09T15:29:18+00:00 | Vulnerability · Source |
| CVE-2024-45310 | redhat_vex | runc: runc can be tricked into creating empty files/directories on host | fixed: 112 known affected: 8 known not affected: 36 | 2026-07-09T15:29:16+00:00 | Vulnerability · Source |
| CVE-2026-58203 | redhat_vex | pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size | known affected: 47 known not affected: 5 | 2026-07-09T15:24:05+00:00 | Vulnerability · Source |
| CVE-2026-15172 | redhat_vex | wireshark: Wireshark: Denial of service via FMP/NOTIFY protocol dissector crash | known affected: 20 | 2026-07-09T15:21:07+00:00 | Vulnerability · Source |
| CVE-2026-45571 | redhat_vex | github.com/go-git/go-git: go-git: Path validation flaw allows unauthorized file access | fixed: 108 known not affected: 16 | 2026-07-09T15:17:24+00:00 | Vulnerability · Source |
| CVE-2026-41506 | redhat_vex | golang: github.com/go-git/go-git: go-git: Information disclosure of HTTP authentication credentials via redirects | fixed: 111 known affected: 222 known not affected: 16 | 2026-07-09T15:17:13+00:00 | Vulnerability · Source |
| CVE-2026-39834 | redhat_vex | golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service due to integer overflow in SSH channel write | fixed: 108 known affected: 35 known not affected: 18 under investigation: 290 | 2026-07-09T15:17:12+00:00 | Vulnerability · Source |
| CVE-2026-33540 | redhat_vex | github.com/distribution/distribution: Distribution: Information disclosure via improper validation of authentication realm URL | fixed: 108 known affected: 6 known not affected: 16 | 2026-07-09T15:16:50+00:00 | Vulnerability · Source |
| CVE-2026-27903 | redhat_vex | minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns | fixed: 108 known affected: 288 known not affected: 16 | 2026-07-09T15:16:46+00:00 | Vulnerability · Source |
| CVE-2026-25934 | redhat_vex | go-git/go-git: go-git: Data integrity issue due to improper verification of pack and index files | fixed: 108 known affected: 195 known not affected: 16 | 2026-07-09T15:16:37+00:00 | Vulnerability · Source |
| CVE-2026-24117 | redhat_vex | github.com/sigstore/rekor: Rekor Server-Side Request Forgery (SSRF) | fixed: 108 known affected: 136 known not affected: 16 | 2026-07-09T15:14:23+00:00 | Vulnerability · Source |
| CVE-2026-23831 | redhat_vex | github.com/sigstore/rekor: Rekor denial of service | fixed: 108 known affected: 185 known not affected: 16 | 2026-07-09T15:14:20+00:00 | Vulnerability · Source |
| CVE-2026-22772 | redhat_vex | fulcio: Fulcio: Server-Side Request Forgery (SSRF) via unanchored regex in MetaIssuer URL validation | fixed: 114 known affected: 239 known not affected: 31 | 2026-07-09T15:14:16+00:00 | Vulnerability · Source |
| CVE-2025-64329 | redhat_vex | github.com/containerd/containerd: containerd: Memory exhaustion via CRI Attach implementation goroutine leaks | fixed: 112 known affected: 372 known not affected: 47 under investigation: 1 | 2026-07-09T15:14:09+00:00 | Vulnerability · Source |
| CVE-2025-58058 | redhat_vex | github.com/ulikunitz/xz: github.com/ulikunitz/xz leaks memory | fixed: 116 known affected: 262 known not affected: 32 | 2026-07-09T15:14:05+00:00 | Vulnerability · Source |
| CVE-2024-40635 | redhat_vex | containerd: containerd has an integer overflow in User ID handling | fixed: 108 known affected: 51 known not affected: 16 | 2026-07-09T15:13:50+00:00 | Vulnerability · Source |
| CVE-2026-39883 | redhat_vex | github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris | fixed: 116 known not affected: 32 | 2026-07-09T15:04:56+00:00 | Vulnerability · Source |
| CVE-2025-21613 | redhat_vex | go-git: argument injection via the URL field | fixed: 362 known affected: 15 known not affected: 1076 | 2026-07-09T15:03:32+00:00 | Vulnerability · Source |
| CVE-2025-21614 | redhat_vex | go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies | fixed: 336 known affected: 17 known not affected: 969 under investigation: 221 | 2026-07-09T15:03:31+00:00 | Vulnerability · Source |
| CVE-2025-8766 | redhat_vex | noobaa-core: Excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container | fixed: 108 known not affected: 16 | 2026-07-09T15:03:26+00:00 | Vulnerability · Source |
| CVE-2024-25621 | redhat_vex | github.com/containerd/containerd: containerd local privilege escalation | fixed: 194 known affected: 91 known not affected: 737 | 2026-07-09T15:03:25+00:00 | Vulnerability · Source |
| CVE-2026-43051 | redhat_vex | kernel: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq | fixed: 762 known affected: 50 known not affected: 14 | 2026-07-09T14:57:03+00:00 | Vulnerability · Source |