VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

222269 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-41604 redhat_vex Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability fixed: 36 known affected: 14 known not affected: 438 2026-07-08T21:51:08+00:00 Vulnerability · Source
CVE-2026-41602 redhat_vex github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation fixed: 48 known affected: 12 known not affected: 646 2026-07-08T21:50:57+00:00 Vulnerability · Source
CVE-2026-40293 redhat_vex OpenFGA: github.com/openfga/openfga: OpenFGA: Information disclosure of preshared API key via playground endpoint fixed: 12 known affected: 2 known not affected: 369 2026-07-08T21:50:44+00:00 Vulnerability · Source
CVE-2026-33487 redhat_vex github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue fixed: 32 known not affected: 523 2026-07-08T21:50:28+00:00 Vulnerability · Source
CVE-2026-32285 redhat_vex github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input fixed: 54 known affected: 7 known not affected: 510 2026-07-08T21:50:15+00:00 Vulnerability · Source
CVE-2025-48431 redhat_vex Apache Thrift: c_glib: Apache Thrift c_glib: Denial of Service via specially crafted requests fixed: 18 known affected: 20 known not affected: 595 2026-07-08T21:49:27+00:00 Vulnerability · Source
CVE-2026-47139 redhat_vex vm2: vm2: Sandbox escape via internal HTTP built-ins leading to network restriction bypass fixed: 2 known affected: 1 known not affected: 6 2026-07-08T21:49:02+00:00 Vulnerability · Source
CVE-2026-47137 redhat_vex vm2: vm2: Sandbox escape leading to arbitrary code execution via security bypass fixed: 2 known affected: 1 known not affected: 6 2026-07-08T21:48:58+00:00 Vulnerability · Source
CVE-2026-47135 redhat_vex vm2: vm2: Sandbox escape allows arbitrary code execution on the host system fixed: 2 known affected: 1 known not affected: 6 2026-07-08T21:48:57+00:00 Vulnerability · Source
CVE-2026-9673 redhat_vex json-2-csv: json-2-csv: CSV Injection vulnerability allows arbitrary code execution via `preventCsvInjection` bypass. fixed: 2 known not affected: 6 under investigation: 1 2026-07-08T21:48:54+00:00 Vulnerability · Source
CVE-2026-47131 redhat_vex vm2: vm2: Arbitrary code execution via sandbox escape vulnerability fixed: 2 known affected: 1 known not affected: 6 2026-07-08T21:48:54+00:00 Vulnerability · Source
CVE-2026-24781 redhat_vex vm2: vm2: Arbitrary code execution via sandbox breakout through inspect function fixed: 2 known affected: 1 known not affected: 6 2026-07-08T21:41:02+00:00 Vulnerability · Source
CVE-2026-46284 redhat_vex kernel: mm/hugetlb: fix early boot crash on parameters without '=' separator known affected: 14 known not affected: 260 2026-07-08T21:37:53+00:00 Vulnerability · Source
CVE-2026-3219 redhat_vex pip: pip: Incorrect file installation due to improper archive handling fixed: 2 known affected: 114 2026-07-08T21:37:04+00:00 Vulnerability · Source
CVE-2026-15154 redhat_vex guardrails-detectors: guardrails-detectors: Unauthenticated Regular-Expression Denial of Service (ReDoS) via detector_params.regex known affected: 1 2026-07-08T21:05:04+00:00 Vulnerability · Source
CVE-2025-59530 redhat_vex github.com/quic-go/quic-go: quic-go Crash Due to Premature HANDSHAKE_DONE Frame fixed: 418 known affected: 16 known not affected: 2496 2026-07-08T21:02:31+00:00 Vulnerability · Source
CVE-2025-68151 redhat_vex github.com/coredns/coredns/core/dnsserver: CoreDNS DoS via unbounded connections and oversized messages fixed: 16 known affected: 1 known not affected: 84 2026-07-08T20:58:27+00:00 Vulnerability · Source
CVE-2025-47950 redhat_vex coredns: CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification fixed: 20 known not affected: 65 2026-07-08T20:58:15+00:00 Vulnerability · Source
CVE-2026-26018 redhat_vex github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation fixed: 20 known affected: 1 known not affected: 80 2026-07-08T20:57:01+00:00 Vulnerability · Source
CVE-2026-26017 redhat_vex github.com/coredns/coredns: CoreDNS: DNS access control bypass due to plugin execution order flaw fixed: 20 known affected: 1 known not affected: 80 2026-07-08T20:56:57+00:00 Vulnerability · Source
CVE-2026-52936 redhat_vex kernel: crypto: jitterentropy - replace long-held spinlock with mutex known affected: 260 known not affected: 14 2026-07-08T20:44:45+00:00 Vulnerability · Source
CVE-2025-57847 redhat_vex ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions known affected: 15 known not affected: 1 2026-07-08T20:35:09+00:00 Vulnerability · Source
CVE-2026-8357 redhat_vex libreoffice: LibreOffice Calc: Arbitrary code execution via heap buffer overflow in formula compilation fixed: 712 known affected: 316 2026-07-08T19:41:30+00:00 Vulnerability · Source
CVE-2026-52937 redhat_vex kernel: tap: fix stack info leak in tap_ioctl() SIOCGIFHWADDR known affected: 232 known not affected: 42 2026-07-08T19:35:43+00:00 Vulnerability · Source
CVE-2026-34059 redhat_vex httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() fixed: 437 known affected: 15 known not affected: 38 2026-07-08T19:33:41+00:00 Vulnerability · Source
CVE-2026-34032 redhat_vex httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check fixed: 437 known affected: 15 known not affected: 38 2026-07-08T19:33:37+00:00 Vulnerability · Source
CVE-2026-33857 redhat_vex httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions fixed: 437 known affected: 15 known not affected: 38 2026-07-08T19:33:36+00:00 Vulnerability · Source
CVE-2026-33007 redhat_vex httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash fixed: 437 known affected: 15 known not affected: 38 2026-07-08T19:33:27+00:00 Vulnerability · Source
CVE-2026-28780 redhat_vex Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow fixed: 433 known affected: 15 known not affected: 38 2026-07-08T19:33:27+00:00 Vulnerability · Source
CVE-2025-53020 redhat_vex mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase fixed: 315 known not affected: 47 2026-07-08T19:33:27+00:00 Vulnerability · Source
CVE-2026-52941 redhat_vex kernel: net/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint known affected: 232 known not affected: 42 2026-07-08T19:29:06+00:00 Vulnerability · Source
CVE-2026-52921 redhat_vex kernel: netfilter: ipset: stop hash:* range iteration at end known affected: 274 2026-07-08T19:29:06+00:00 Vulnerability · Source
CVE-2024-27398 redhat_vex kernel: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout fixed: 538 known affected: 112 2026-07-08T19:29:02+00:00 Vulnerability · Source
CVE-2025-13151 redhat_vex libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string fixed: 136 known affected: 9 2026-07-08T19:28:58+00:00 Vulnerability · Source
CVE-2026-52940 redhat_vex kernel: tun: zero the whole vnet header in tun_put_user() known affected: 90 known not affected: 184 2026-07-08T19:28:53+00:00 Vulnerability · Source
CVE-2026-52939 redhat_vex kernel: net/rds: fix NULL deref in rds_ib_send_cqe_handler() on masked atomic completion known affected: 14 known not affected: 260 2026-07-08T19:28:52+00:00 Vulnerability · Source
CVE-2026-46295 redhat_vex kernel: KVM: x86: Do IRR scan in __kvm_apic_update_irr even if PIR is empty known affected: 90 known not affected: 184 2026-07-08T19:28:50+00:00 Vulnerability · Source
CVE-2026-46294 redhat_vex kernel: dm: fix a buffer overflow in ioctl processing known affected: 274 2026-07-08T19:28:49+00:00 Vulnerability · Source
CVE-2024-50125 redhat_vex kernel: Bluetooth: SCO: Fix UAF on sco_sock_timeout fixed: 513 known affected: 112 2026-07-08T19:26:52+00:00 Vulnerability · Source
CVE-2026-40253 redhat_vex openCryptoki: openCryptoki: Information disclosure and Denial of Service via malformed BER-encoded cryptographic objects fixed: 473 known affected: 12 known not affected: 16 2026-07-08T19:26:41+00:00 Vulnerability · Source
CVE-2026-35406 redhat_vex aardvark-dns: Aardvark-dns: Denial of Service via truncated TCP DNS query and connection reset fixed: 26 known affected: 2 known not affected: 4 2026-07-08T19:26:21+00:00 Vulnerability · Source
CVE-2026-40983 redhat_vex micrometer: micrometer-core: Micrometer: Denial of Service via specially crafted gRPC requests fixed: 1 known affected: 15 known not affected: 4 under investigation: 9 2026-07-08T18:52:09+00:00 Vulnerability · Source
CVE-2026-50559 redhat_vex io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters fixed: 9 known affected: 17 known not affected: 66 2026-07-08T17:16:31+00:00 Vulnerability · Source
CVE-2026-44774 redhat_vex traefik: Traefik: Privilege escalation via Kubernetes Gateway API provider configuration bypass fixed: 4 known not affected: 63 2026-07-08T17:16:06+00:00 Vulnerability · Source
CVE-2026-12856 redhat_vex vscode-java: vscode: Command Injection vulnerability in the JavaDoc hover provider of the vscode-java extension fixed: 4 known not affected: 61 2026-07-08T17:15:04+00:00 Vulnerability · Source
CVE-2026-53251 redhat_vex kernel: Bluetooth: ISO: Fix not releasing hdev reference on iso_conn_big_sync known affected: 184 known not affected: 90 2026-07-08T17:05:08+00:00 Vulnerability · Source
CVE-2026-53360 redhat_vex kernel: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use known affected: 184 known not affected: 90 2026-07-08T16:59:46+00:00 Vulnerability · Source
CVE-2026-53258 redhat_vex kernel: wifi: fix leak if split 6 GHz scanning fails known affected: 246 known not affected: 28 2026-07-08T16:55:13+00:00 Vulnerability · Source
CVE-2026-53252 redhat_vex kernel: Bluetooth: fix memory leak in error path of hci_alloc_dev() known affected: 198 known not affected: 76 2026-07-08T16:55:12+00:00 Vulnerability · Source
CVE-2026-53255 redhat_vex kernel: Bluetooth: MGMT: validate advertising TLV before type checks known affected: 260 known not affected: 14 2026-07-08T16:55:06+00:00 Vulnerability · Source