VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
222274 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-40938 | redhat_vex | github.com/tektoncd/pipeline: Tekton Pipelines: Arbitrary code execution and secret exfiltration via malicious git commands | fixed: 65 known affected: 27 known not affected: 205 | 2026-07-08T09:46:25+00:00 | Vulnerability · Source |
| CVE-2026-53434 | redhat_vex | tomcat: Apache Tomcat: Error condition not handled when configuring CRLs | fixed: 4 known affected: 80 | 2026-07-08T09:42:21+00:00 | Vulnerability · Source |
| CVE-2026-53404 | redhat_vex | Apache Tomcat: Apache Tomcat: Incorrect control flow in rewrite valve allows unexpected rule processing | fixed: 4 known affected: 80 | 2026-07-08T09:42:12+00:00 | Vulnerability · Source |
| CVE-2026-55276 | redhat_vex | tomcat: Apache Tomcat: Misleading security logs due to incorrect control flow | fixed: 4 known affected: 80 | 2026-07-08T09:37:14+00:00 | Vulnerability · Source |
| CVE-2024-27316 | redhat_vex | httpd: CONTINUATION frames DoS | fixed: 693 known affected: 47 known not affected: 82 | 2026-07-08T08:58:12+00:00 | Vulnerability · Source |
| CVE-2026-11837 | redhat_vex | ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown | known affected: 3 known not affected: 3 | 2026-07-08T08:36:18+00:00 | Vulnerability · Source |
| CVE-2026-56139 | redhat_vex | org.apache.camel/camel-undertow: Apache Camel Undertow: Information disclosure via error messages containing sensitive data | known affected: 2 | 2026-07-08T08:26:45+00:00 | Vulnerability · Source |
| CVE-2026-55688 | redhat_vex | async-http-client: AsyncHttpClient: Cookie injection allows planting cookies for unrelated domains | under investigation: 2 | 2026-07-08T08:21:38+00:00 | Vulnerability · Source |
| CVE-2026-54264 | redhat_vex | @angular/service-worker: @angular/service-worker: Information Disclosure via unstripped sensitive headers on cross-origin redirects | known not affected: 1 | 2026-07-08T08:16:47+00:00 | Vulnerability · Source |
| CVE-2026-50184 | redhat_vex | @angular/service-worker: @angular/service-worker: Security flaw leads to session leaks and cached private data | known not affected: 1 | 2026-07-08T08:16:40+00:00 | Vulnerability · Source |
| CVE-2026-34085 | redhat_vex | fontconfig: Fontconfig: Security flaw allows arbitrary code execution or system crash | fixed: 4 known affected: 5 known not affected: 13 | 2026-07-08T08:16:33+00:00 | Vulnerability · Source |
| CVE-2026-46625 | redhat_vex | js-cookie: JavaScript Cookie: Cookie attribute manipulation via prototype pollution | fixed: 12 known affected: 14 known not affected: 54 under investigation: 33 | 2026-07-08T08:12:26+00:00 | Vulnerability · Source |
| CVE-2026-9165 | redhat_vex | stackrox: stackrox: Unbounded GraphQL query depth allows authenticated denial of service | fixed: 12 known not affected: 127 | 2026-07-08T08:11:51+00:00 | Vulnerability · Source |
| CVE-2026-49232 | redhat_vex | rust-routinator: Routinator: Denial of Service via malicious HTTP or RTR connections | known not affected: 1 | 2026-07-08T08:10:57+00:00 | Vulnerability · Source |
| CVE-2026-49234 | redhat_vex | rust-routinator: Routinator: Denial of Service via crafted non-UTF-8 string | known not affected: 1 | 2026-07-08T08:10:53+00:00 | Vulnerability · Source |
| CVE-2026-49235 | redhat_vex | rust-routinator: Routinator: Denial of Service via crafted Document Type Definition in RRDP | known not affected: 1 | 2026-07-08T08:10:21+00:00 | Vulnerability · Source |
| CVE-2026-49233 | redhat_vex | rust-routinator: Routinator: Information disclosure via rsync URI path traversal | known not affected: 1 | 2026-07-08T08:10:19+00:00 | Vulnerability · Source |
| CVE-2026-49342 | redhat_vex | yard: YARD: Information disclosure via path traversal in static cache lookup | known not affected: 10 | 2026-07-08T07:57:39+00:00 | Vulnerability · Source |
| CVE-2026-42266 | redhat_vex | jupyterlab: JupyterLab: Arbitrary code execution due to improper enforcement of extension allow-list | known affected: 14 known not affected: 2 | 2026-07-08T07:55:45+00:00 | Vulnerability · Source |
| CVE-2026-12993 | redhat_vex | Apicurio/apicurio-registry: apicurio-registry: XML entity-expansion denial of service via internal DTD subset | known affected: 2 | 2026-07-08T07:51:31+00:00 | Vulnerability · Source |
| CVE-2026-42557 | redhat_vex | jupyterlab: JupyterLab: Arbitrary code execution via deceptive button in HTML output | known affected: 14 known not affected: 2 | 2026-07-08T07:51:00+00:00 | Vulnerability · Source |
| CVE-2026-33079 | redhat_vex | mistune: Mistune: Regular Expression Denial of Service (ReDoS) via crafted Markdown input | known affected: 21 known not affected: 3 | 2026-07-08T07:50:57+00:00 | Vulnerability · Source |
| CVE-2026-59711 | redhat_vex | showdown: Showdown: Cross-site scripting via unescaped metadata title allows arbitrary code execution | known affected: 26 under investigation: 4 | 2026-07-08T07:40:51+00:00 | Vulnerability · Source |
| CVE-2026-55699 | redhat_vex | pnpm: pnpm: Denial of Service due to improper handling of malicious package manifest bin keys | known affected: 4 | 2026-07-08T07:36:35+00:00 | Vulnerability · Source |
| CVE-2026-44513 | redhat_vex | Diffusers: Diffusers: Arbitrary remote code execution via `trust_remote_code` bypass | known affected: 13 known not affected: 3 | 2026-07-08T07:35:42+00:00 | Vulnerability · Source |
| CVE-2026-54786 | redhat_vex | Wasmtime: Wasmtime: Leak in WASIp1 `fd_renumber` implementation | known affected: 3 | 2026-07-08T07:30:20+00:00 | Vulnerability · Source |
| CVE-2026-43825 | redhat_vex | org.apache.opennlp/opennlp-tools: Apache OpenNLP SvmDoccatModel: Remote code execution via untrusted Java deserialization | known not affected: 2 under investigation: 2 | 2026-07-08T07:25:49+00:00 | Vulnerability · Source |
| CVE-2026-2393 | redhat_vex | mlflow: MLflow: Server-Side Request Forgery (SSRF) allows internal network access and data exfiltration. | known not affected: 19 | 2026-07-08T07:20:17+00:00 | Vulnerability · Source |
| CVE-2026-31229 | redhat_vex | adversarial-robustness-toolbox: kubeflow: python: Adversarial Robustness Toolbox (ART): Remote code execution via insecure deserialization in Kubeflow component | known not affected: 4 | 2026-07-08T07:15:59+00:00 | Vulnerability · Source |
| CVE-2026-4137 | redhat_vex | mlflow/mlflow: mlflow/mlflow: Arbitrary code execution via insecure temporary directory permissions | known affected: 1 known not affected: 16 | 2026-07-08T07:15:32+00:00 | Vulnerability · Source |
| CVE-2026-2652 | redhat_vex | mlflow: mlflow: Authentication bypass allows unauthorized job management and data injection | known not affected: 19 | 2026-07-08T07:15:26+00:00 | Vulnerability · Source |
| CVE-2026-49365 | redhat_vex | org.apache.camel/camel-netty-http: Apache Camel Netty HTTP: Information disclosure via error messages containing sensitive data | known affected: 3 | 2026-07-08T07:10:35+00:00 | Vulnerability · Source |
| CVE-2026-12479 | redhat_vex | keras: Path Traversal in keras-team/keras | known affected: 5 known not affected: 4 | 2026-07-08T07:05:31+00:00 | Vulnerability · Source |
| CVE-2026-40171 | redhat_vex | Jupyter Notebook: JupyterLab: @jupyter-notebook/help-extension: @jupyterlab/help-extension: Jupyter Notebook and JupyterLab: Session takeover via stored cross-site scripting | known affected: 14 known not affected: 2 | 2026-07-08T07:00:21+00:00 | Vulnerability · Source |
| CVE-2026-46726 | redhat_vex | camel-vertx-websocket: Apache Camel Vertx Websocket: Server-Side Request Forgery and sensitive data exposure | known affected: 2 | 2026-07-08T06:55:16+00:00 | Vulnerability · Source |
| CVE-2026-49098 | redhat_vex | camel-kafka: Apache Camel Kafka Component: Message redirection and injection via header manipulation | known affected: 2 | 2026-07-08T06:40:49+00:00 | Vulnerability · Source |
| CVE-2026-14647 | redhat_vex | onnx: onnxruntime: ONNX: Information disclosure via out-of-bounds read | known affected: 16 known not affected: 2 | 2026-07-08T06:15:51+00:00 | Vulnerability · Source |
| CVE-2026-41283 | redhat_vex | openstack-mistral: OpenStack Mistral: Arbitrary Remote Code Execution via exposed API endpoints | known not affected: 8 | 2026-07-08T05:55:48+00:00 | Vulnerability · Source |
| CVE-2026-8147 | redhat_vex | mlflow: MLflow: Unauthorized access to trace data due to missing authorization validation | known affected: 1 known not affected: 18 | 2026-07-08T05:55:25+00:00 | Vulnerability · Source |
| CVE-2024-24788 | redhat_vex | golang: net: malformed DNS message can cause infinite loop | fixed: 877 known affected: 86 known not affected: 406 | 2026-07-08T05:41:12+00:00 | Vulnerability · Source |
| CVE-2026-55646 | redhat_vex | vllm: vLLM: Denial of Service due to excessive memory allocation via oversized audio file uploads | known not affected: 26 | 2026-07-08T05:33:45+00:00 | Vulnerability · Source |
| CVE-2026-4944 | redhat_vex | vllm: vllm-project/vllm: Remote Code Execution via malicious HuggingFace model repositories | known affected: 11 known not affected: 15 | 2026-07-08T05:30:59+00:00 | Vulnerability · Source |
| CVE-2026-31419 | redhat_vex | kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service | fixed: 2416 known affected: 22 known not affected: 42 | 2026-07-08T05:25:54+00:00 | Vulnerability · Source |
| CVE-2026-31402 | redhat_vex | kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache | fixed: 3227 known affected: 22 | 2026-07-08T05:25:47+00:00 | Vulnerability · Source |
| CVE-2026-23401 | redhat_vex | kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling | fixed: 2404 known affected: 22 known not affected: 42 | 2026-07-08T05:25:36+00:00 | Vulnerability · Source |
| CVE-2026-55514 | redhat_vex | vllm: vLLM: Denial of Service via crafted prompt in /v1/completions request | known affected: 20 known not affected: 6 | 2026-07-08T05:00:52+00:00 | Vulnerability · Source |
| CVE-2026-53263 | redhat_vex | kernel: 6lowpan: fix off-by-one in multicast context address compression | known affected: 156 known not affected: 118 | 2026-07-08T04:15:14+00:00 | Vulnerability · Source |
| CVE-2026-53280 | redhat_vex | kernel: iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done() | known affected: 76 known not affected: 198 | 2026-07-08T04:06:18+00:00 | Vulnerability · Source |
| CVE-2026-53291 | redhat_vex | kernel: ALSA: hda/conexant: Fix missing error check for jack detection | known affected: 184 known not affected: 90 | 2026-07-08T04:06:17+00:00 | Vulnerability · Source |
| CVE-2026-53297 | redhat_vex | kernel: net: mana: Guard mana_remove against double invocation | known affected: 232 known not affected: 42 | 2026-07-08T04:06:14+00:00 | Vulnerability · Source |