VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

222246 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-32289 redhat_vex html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals fixed: 29 known affected: 354 2026-07-09T13:42:21+00:00 Vulnerability · Source
CVE-2026-44332 redhat_vex github.com/gofiber/fiber: GoFiber: Remote Username Enumeration via BasicAuth Middleware Short-Circuit Evaluation known not affected: 1 2026-07-09T13:35:03+00:00 Vulnerability · Source
CVE-2026-59927 redhat_vex mistune: Mistune: Denial of Service via unbounded recursion in Markdown include directive known affected: 1 under investigation: 24 2026-07-09T13:30:36+00:00 Vulnerability · Source
CVE-2026-31488 redhat_vex kernel: drm/amd/display: Do not skip unrelated mode changes in DSC validation fixed: 453 known affected: 98 known not affected: 42 2026-07-09T13:30:33+00:00 Vulnerability · Source
CVE-2026-46150 redhat_vex kernel: fanotify: fix false positive on permission events known affected: 274 2026-07-09T13:14:03+00:00 Vulnerability · Source
CVE-2026-41606 redhat_vex Apache Thrift: Apache Thrift: Denial of Service via uncontrolled recursion fixed: 36 known affected: 13 known not affected: 439 2026-07-09T13:07:23+00:00 Vulnerability · Source
CVE-2026-41603 redhat_vex Apache Thrift: apache.com/apache/thrift: Apache Thrift: Security Bypass via Improper Certificate Hostname Validation fixed: 36 known affected: 14 known not affected: 438 2026-07-09T13:07:08+00:00 Vulnerability · Source
CVE-2025-3110 redhat_vex OpenVPN Access Server: OpenVPN Access Server: HTTP request smuggling via bare line-feed sequences in HTTP headers known not affected: 1 2026-07-09T12:55:22+00:00 Vulnerability · Source
CVE-2026-54591 redhat_vex asyncssh: AsyncSSH: Arbitrary file write via path traversal in SCP client known not affected: 1 2026-07-09T12:45:11+00:00 Vulnerability · Source
CVE-2026-59892 redhat_vex @opentelemetry/propagator-jaeger: OpenTelemetry JavaScript: Denial of Service via malformed HTTP header decoding known affected: 11 2026-07-09T12:05:07+00:00 Vulnerability · Source
CVE-2026-59928 redhat_vex mistune: Mistune: Denial of Service via crafted Markdown document with reference-link definitions known affected: 25 2026-07-09T11:55:15+00:00 Vulnerability · Source
CVE-2026-54267 redhat_vex @angular/core: Angular Client Hydration DOM Clobbering & Response-Cache Poisoning known not affected: 81 2026-07-09T11:11:08+00:00 Vulnerability · Source
CVE-2026-59691 redhat_vex gstreamer: gstreamer: rfbsrc/librfb Hextile heap out-of-bounds write with 16bpp framebuffer known affected: 24 2026-07-09T11:06:10+00:00 Vulnerability · Source
CVE-2026-59692 redhat_vex gstreamer: gstreamer: DTLS certificate Subject DN stack buffer overflow in openssl_verify_callback known affected: 24 2026-07-09T11:05:32+00:00 Vulnerability · Source
CVE-2026-53262 redhat_vex kernel: l2tp: pppol2tp: hold reference to session in pppol2tp_ioctl() known affected: 274 2026-07-09T10:45:28+00:00 Vulnerability · Source
CVE-2026-13201 redhat_vex kubevirt: virt-handler-rhel9: kubevirt: safepath symlink following in virt-handler enables notify socket hijacking and node-level VM disruption known affected: 2 2026-07-09T10:20:24+00:00 Vulnerability · Source
CVE-2026-11827 redhat_vex gitlab-ee: GitLab EE: Information disclosure via improper authorization controls known affected: 4 2026-07-09T09:35:35+00:00 Vulnerability · Source
CVE-2026-54906 redhat_vex concurrent-ruby: rubygem-concurrent-ruby: concurrent-ruby: Synchronization flaw in ReadWriteLock allows unauthorized lock release and denial of service known not affected: 20 2026-07-09T09:22:36+00:00 Vulnerability · Source
CVE-2026-54753 redhat_vex Nx: Nx: `nx graph` dev server permissive CORS policy known affected: 7 2026-07-09T09:22:21+00:00 Vulnerability · Source
CVE-2026-45692 redhat_vex github.com/caddyserver/caddy/v2: Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization known not affected: 1 2026-07-09T09:22:01+00:00 Vulnerability · Source
CVE-2026-46056 redhat_vex kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers fixed: 762 known affected: 64 2026-07-09T09:21:00+00:00 Vulnerability · Source
CVE-2026-53705 redhat_vex gstreamer1-plugins-good: GStreamer: Heap buffer overflow in WavPack decoder via integer overflow fixed: 82 known affected: 2 2026-07-09T08:54:08+00:00 Vulnerability · Source
CVE-2026-50021 redhat_vex pnpm: pnpm: Integrity bypass allows installation of altered packages via modified lockfile known affected: 1 known not affected: 3 2026-07-09T08:44:40+00:00 Vulnerability · Source
CVE-2026-50016 redhat_vex pnpm: pnpm: Arbitrary code execution due to path traversal in dependency aliases known affected: 1 known not affected: 3 2026-07-09T08:40:10+00:00 Vulnerability · Source
CVE-2026-55698 redhat_vex pnpm: pnpm: Arbitrary code execution via malicious package-manager lockfile known affected: 1 known not affected: 3 2026-07-09T08:39:53+00:00 Vulnerability · Source
CVE-2026-55697 redhat_vex pnpm: pnpm: Arbitrary code execution via improper handling of config dependencies known affected: 1 known not affected: 3 2026-07-09T08:35:54+00:00 Vulnerability · Source
CVE-2026-43866 redhat_vex camel-jms: Apache Camel JMS components: Arbitrary Exchange state injection known affected: 1 known not affected: 1 2026-07-09T08:21:11+00:00 Vulnerability · Source
CVE-2026-48995 redhat_vex pnpm: pnpm: Supply chain compromise from unverified dependencies known affected: 1 known not affected: 3 2026-07-09T08:20:01+00:00 Vulnerability · Source
CVE-2026-55700 redhat_vex pnpm: pnpm: Unauthorized file modification via crafted package manifest known affected: 1 known not affected: 3 2026-07-09T08:10:40+00:00 Vulnerability · Source
CVE-2026-23415 redhat_vex kernel: futex: Fix UaF between futex_key_to_node_opt() and vma_replace_policy() known affected: 184 known not affected: 90 2026-07-09T07:59:12+00:00 Vulnerability · Source
CVE-2026-52722 redhat_vex gstreamer1-plugins-bad-free: GStreamer: Signed integer overflow in VMnc decoder cursor payload handling fixed: 114 known affected: 13 2026-07-09T07:58:45+00:00 Vulnerability · Source
CVE-2026-31554 redhat_vex kernel: futex: Require sys_futex_requeue() to have identical flags known affected: 184 known not affected: 90 2026-07-09T07:53:29+00:00 Vulnerability · Source
CVE-2026-59194 redhat_vex pnpm: pnpm: patch-remove could delete project-selected files outside the patches directory known affected: 1 known not affected: 3 2026-07-09T07:35:27+00:00 Vulnerability · Source
CVE-2026-27140 redhat_vex cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names fixed: 902 known affected: 11 known not affected: 1355 under investigation: 3 2026-07-09T07:31:13+00:00 Vulnerability · Source
CVE-2026-59195 redhat_vex pnpm: pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config known affected: 1 known not affected: 3 2026-07-09T07:30:52+00:00 Vulnerability · Source
CVE-2026-50015 redhat_vex pnpm: pnpm: Arbitrary file write/delete due to lack of path validation in patch files known affected: 1 known not affected: 3 2026-07-09T07:30:36+00:00 Vulnerability · Source
CVE-2026-55487 redhat_vex pnpm: pnpm: Supply chain compromise via manipulated package source strings known affected: 1 known not affected: 3 2026-07-09T07:30:15+00:00 Vulnerability · Source
CVE-2026-54590 redhat_vex AsyncSSH: AsyncSSH: Unauthorized file modification via authorized-keys directory escape known not affected: 1 2026-07-09T07:17:03+00:00 Vulnerability · Source
CVE-2025-9714 redhat_vex libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c fixed: 536 known affected: 5 known not affected: 62 2026-07-09T07:01:51+00:00 Vulnerability · Source
CVE-2026-15174 redhat_vex wireshark: Wireshark: Denial of Service via Catapult DCT2000 protocol dissector crash known affected: 20 2026-07-09T06:59:08+00:00 Vulnerability · Source
CVE-2026-15171 redhat_vex wireshark: Wireshark: Denial of service via SSH protocol dissector crash known affected: 20 2026-07-09T06:36:12+00:00 Vulnerability · Source
CVE-2026-15173 redhat_vex Wireshark: Wireshark: Denial of Service via pcapng file parser crash known affected: 20 2026-07-09T06:36:11+00:00 Vulnerability · Source
CVE-2026-43190 redhat_vex kernel: netfilter: xt_tcpmss: check remaining length before reading optlen fixed: 1766 known affected: 47 2026-07-09T06:20:27+00:00 Vulnerability · Source
CVE-2025-40909 redhat_vex perl: Perl threads have a working directory race condition where file operations may target unintended paths fixed: 2548 known affected: 67 known not affected: 2 2026-07-09T05:41:08+00:00 Vulnerability · Source
CVE-2026-46227 redhat_vex kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL fixed: 1980 known not affected: 31 2026-07-09T05:25:18+00:00 Vulnerability · Source
CVE-2026-15170 redhat_vex wireshark: Wireshark: Denial of service via Z39.50 protocol dissector crash known affected: 4 2026-07-09T03:59:33+00:00 Vulnerability · Source
CVE-2023-6200 redhat_vex kernel: ICMPv6 Router Advertisement packets, aka Linux TCP/IP Remote Code Execution Vulnerability known not affected: 222 2026-07-09T03:44:32+00:00 Vulnerability · Source
CVE-2026-44777 redhat_vex jq: stack overflow in module loading on mutual include fixed: 3 known affected: 14 2026-07-09T02:27:39+00:00 Vulnerability · Source
CVE-2026-54891 microsoft_vex Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl known not affected: 1 2026-07-09T01:50:30+00:00 Vulnerability · Source
CVE-2026-55952 microsoft_vex TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension known not affected: 1 2026-07-09T01:50:21+00:00 Vulnerability · Source