VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

222269 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-56002 microsoft_vex libXfont2 PCF Font Parsing Heap Buffer Overflow known affected: 1 2026-07-09T01:02:13+00:00 Vulnerability · Source
CVE-2026-56003 microsoft_vex libXfont2 computeProps Property Buffer Heap Buffer Overflow known affected: 1 2026-07-09T01:02:07+00:00 Vulnerability · Source
CVE-2026-56001 microsoft_vex libXfont2 BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow known affected: 1 2026-07-09T01:02:00+00:00 Vulnerability · Source
CVE-2026-60002 microsoft_vex ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.) known affected: 1 2026-07-09T01:01:53+00:00 Vulnerability · Source
CVE-2026-59999 microsoft_vex In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not. known affected: 1 2026-07-09T01:01:47+00:00 Vulnerability · Source
CVE-2026-60000 microsoft_vex sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries was mishandled for GSSAPIAuthentication. known affected: 1 2026-07-09T01:01:41+00:00 Vulnerability · Source
CVE-2026-60001 microsoft_vex sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay. known affected: 1 2026-07-09T01:01:35+00:00 Vulnerability · Source
CVE-2026-59995 microsoft_vex sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server. known affected: 1 2026-07-09T01:01:28+00:00 Vulnerability · Source
CVE-2026-59996 microsoft_vex scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations. known affected: 1 2026-07-09T01:01:22+00:00 Vulnerability · Source
CVE-2026-59997 microsoft_vex internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection. known affected: 1 2026-07-09T01:01:15+00:00 Vulnerability · Source
CVE-2026-6587 redhat_vex vibrantlabsai RAGAS: vibrantlabsai RAGAS: Server-Side Request Forgery via retrieved_contexts argument manipulation known not affected: 1 2026-07-08T23:14:48+00:00 Vulnerability · Source
CVE-2026-55195 redhat_vex py7zr: py7zr: Denial of Service via decompression bomb in 7zip archive extraction known not affected: 1 2026-07-08T22:28:59+00:00 Vulnerability · Source
CVE-2026-55206 redhat_vex py7zr: py7zr: Denial of Service via crafted .7z archives due to inefficient algorithmic complexity known not affected: 1 2026-07-08T22:26:48+00:00 Vulnerability · Source
CVE-2026-21941 redhat_vex mysql: Optimizer unspecified vulnerability (CPU Jan 2026) fixed: 382 known not affected: 9 2026-07-08T22:22:12+00:00 Vulnerability · Source
CVE-2026-21937 redhat_vex mysql: DDL unspecified vulnerability (CPU Jan 2026) fixed: 382 known not affected: 9 2026-07-08T22:22:10+00:00 Vulnerability · Source
CVE-2026-21964 redhat_vex mysql: Thread Pooling unspecified vulnerability (CPU Jan 2026) fixed: 382 known not affected: 9 2026-07-08T22:22:08+00:00 Vulnerability · Source
CVE-2026-21968 redhat_vex mysql: Optimizer unspecified vulnerability (CPU Jan 2026) fixed: 824 known affected: 31 known not affected: 9 2026-07-08T22:22:03+00:00 Vulnerability · Source
CVE-2026-21936 redhat_vex mysql: InnoDB unspecified vulnerability (CPU Jan 2026) fixed: 382 known not affected: 9 2026-07-08T22:22:00+00:00 Vulnerability · Source
CVE-2026-21948 redhat_vex mysql: Optimizer unspecified vulnerability (CPU Jan 2026) fixed: 382 known not affected: 9 2026-07-08T22:21:55+00:00 Vulnerability · Source
CVE-2026-3099 redhat_vex libsoup: Libsoup: Authentication bypass via digest authentication replay attack known affected: 3 known not affected: 13 2026-07-08T22:16:55+00:00 Vulnerability · Source
CVE-2026-28421 redhat_vex vim: Vim: Denial of service and information disclosure via crafted swap file fixed: 648 known affected: 6 known not affected: 168 2026-07-08T22:16:54+00:00 Vulnerability · Source
CVE-2026-27951 redhat_vex freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity fixed: 586 known affected: 12 2026-07-08T22:16:51+00:00 Vulnerability · Source
CVE-2026-28417 redhat_vex vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin fixed: 628 known affected: 6 known not affected: 188 2026-07-08T22:16:37+00:00 Vulnerability · Source
CVE-2026-27837 redhat_vex dottie.js: dottie.js: Unauthorized object modification via prototype pollution bypass known affected: 1 known not affected: 17 2026-07-08T22:16:36+00:00 Vulnerability · Source
CVE-2026-3201 redhat_vex wireshark: Improperly Controlled Sequential Memory Allocation in Wireshark fixed: 74 known not affected: 16 2026-07-08T22:16:34+00:00 Vulnerability · Source
CVE-2026-3203 redhat_vex wireshark: Buffer Over-read in Wireshark fixed: 74 known not affected: 16 2026-07-08T22:16:32+00:00 Vulnerability · Source
CVE-2025-15270 redhat_vex fontforge: FontForge: Remote Code Execution via malicious SFD file parsing fixed: 90 known affected: 2 known not affected: 3 2026-07-08T22:16:07+00:00 Vulnerability · Source
CVE-2025-12495 redhat_vex OpenEXR: OpenEXR: Remote Code Execution via malicious EXR file parsing known affected: 3 known not affected: 9 2026-07-08T22:15:15+00:00 Vulnerability · Source
CVE-2025-15279 redhat_vex fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing fixed: 112 known affected: 2 2026-07-08T22:11:37+00:00 Vulnerability · Source
CVE-2026-0810 redhat_vex gix-date: gix-date: Undefined behavior due to invalid string generation known affected: 7 known not affected: 51 2026-07-08T22:07:36+00:00 Vulnerability · Source
CVE-2025-15538 redhat_vex assimp: Assimp: Use-after-free vulnerability in FindUVChannels allows local impact known not affected: 8 2026-07-08T22:07:35+00:00 Vulnerability · Source
CVE-2025-14946 redhat_vex libnbd: libnbd: Arbitrary code execution via SSH argument injection through a malicious URI known affected: 7 known not affected: 30 2026-07-08T22:07:24+00:00 Vulnerability · Source
CVE-2026-21933 redhat_vex openjdk: Improve HttpServer Request handling (Oracle CPU 2026-01) fixed: 3198 known affected: 45 2026-07-08T22:07:23+00:00 Vulnerability · Source
CVE-2025-68615 redhat_vex net-snmp: buffer overflow via a specially crafted packet can cause a crash in snmptrapd fixed: 589 known affected: 8 known not affected: 356 2026-07-08T22:07:14+00:00 Vulnerability · Source
CVE-2026-21925 redhat_vex openjdk: Improve JMX connections (Oracle CPU 2026-01) fixed: 3198 known affected: 45 2026-07-08T22:07:06+00:00 Vulnerability · Source
CVE-2025-12840 redhat_vex OpenEXR: OpenEXR: Remote Code Execution via EXR file parsing heap-based buffer overflow known affected: 3 known not affected: 9 2026-07-08T22:07:02+00:00 Vulnerability · Source
CVE-2025-12839 redhat_vex OpenEXR: OpenEXR: Remote Code Execution via Heap-based Buffer Overflow in EXR File Parsing known affected: 3 known not affected: 9 2026-07-08T22:06:37+00:00 Vulnerability · Source
CVE-2025-68973 redhat_vex GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write fixed: 394 known affected: 3 known not affected: 149 2026-07-08T22:06:22+00:00 Vulnerability · Source
CVE-2025-61686 redhat_vex react-router: React Router has Path Traversal in File Session Storage known not affected: 173 2026-07-08T22:05:25+00:00 Vulnerability · Source
CVE-2025-15269 redhat_vex fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing fixed: 112 known affected: 2 2026-07-08T22:05:18+00:00 Vulnerability · Source
CVE-2026-46292 redhat_vex kernel: pmdomain: core: Fix detach procedure for virtual devices in genpd known affected: 184 known not affected: 90 2026-07-08T22:04:12+00:00 Vulnerability · Source
CVE-2026-22610 redhat_vex angular: Angular: Cross-site scripting vulnerability in Template Compiler fixed: 4 known affected: 10 known not affected: 226 2026-07-08T22:02:45+00:00 Vulnerability · Source
CVE-2026-47210 redhat_vex vm2: vm2: Arbitrary code execution via sandbox escape when executing untrusted code with async support. fixed: 1 known not affected: 4 under investigation: 1 2026-07-08T21:53:54+00:00 Vulnerability · Source
CVE-2026-47208 redhat_vex vm2: vm2: Sandbox Breakout Using Promise Species fixed: 2 known affected: 1 known not affected: 6 2026-07-08T21:53:51+00:00 Vulnerability · Source
CVE-2026-47141 redhat_vex vm2: vm2: NodeVM observability builtins leak host process and HTTP request data fixed: 2 known affected: 1 known not affected: 6 2026-07-08T21:53:50+00:00 Vulnerability · Source
CVE-2026-47140 redhat_vex vm2: vm2: Arbitrary code execution due to incomplete sandbox restrictions fixed: 2 known affected: 1 known not affected: 6 2026-07-08T21:53:48+00:00 Vulnerability · Source
CVE-2026-43869 redhat_vex Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation fixed: 43 known affected: 15 known not affected: 855 2026-07-08T21:51:46+00:00 Vulnerability · Source
CVE-2026-41607 redhat_vex Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability fixed: 36 known affected: 14 known not affected: 438 2026-07-08T21:51:19+00:00 Vulnerability · Source
CVE-2026-41605 redhat_vex Apache Thrift: Apache Thrift: Integer Overflow or Wraparound Vulnerability fixed: 36 known affected: 14 known not affected: 438 2026-07-08T21:51:11+00:00 Vulnerability · Source
CVE-2026-41604 redhat_vex Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability fixed: 36 known affected: 14 known not affected: 438 2026-07-08T21:51:08+00:00 Vulnerability · Source