VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
222176 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-48619 | redhat_vex | nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames | fixed: 212 known affected: 14 | 2026-07-15T20:41:06+00:00 | Vulnerability · Source |
| CVE-2026-48615 | redhat_vex | nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling | fixed: 250 known affected: 14 | 2026-07-15T20:41:04+00:00 | Vulnerability · Source |
| CVE-2026-32282 | redhat_vex | golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root | fixed: 1170 known affected: 190 known not affected: 1824 | 2026-07-15T20:36:12+00:00 | Vulnerability · Source |
| CVE-2026-33810 | redhat_vex | crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application | fixed: 119 known affected: 149 known not affected: 939 | 2026-07-15T20:30:25+00:00 | Vulnerability · Source |
| CVE-2026-15685 | redhat_vex | Ollama: Ollama: Denial of Service via improper array index validation in downloadBlob function | known not affected: 4 | 2026-07-15T20:23:47+00:00 | Vulnerability · Source |
| CVE-2026-48933 | redhat_vex | nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt() | fixed: 250 known affected: 14 | 2026-07-15T20:18:01+00:00 | Vulnerability · Source |
| CVE-2026-48618 | redhat_vex | nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch | fixed: 250 known affected: 14 | 2026-07-15T20:17:55+00:00 | Vulnerability · Source |
| CVE-2026-42338 | redhat_vex | ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input | fixed: 284 known affected: 21 known not affected: 220 | 2026-07-15T20:17:48+00:00 | Vulnerability · Source |
| CVE-2026-27137 | redhat_vex | crypto/x509: Incorrect enforcement of email constraints in crypto/x509 | fixed: 329 known affected: 134 known not affected: 1117 | 2026-07-15T20:13:49+00:00 | Vulnerability · Source |
| CVE-2026-42044 | redhat_vex | axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget | fixed: 135 known affected: 49 known not affected: 1455 | 2026-07-15T20:01:39+00:00 | Vulnerability · Source |
| CVE-2026-42039 | redhat_vex | axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data | fixed: 141 known affected: 38 known not affected: 2478 | 2026-07-15T20:01:06+00:00 | Vulnerability · Source |
| CVE-2026-62294 | redhat_vex | flameshot: Flameshot: Local file overwrite via time-of-check to time-of-use race condition | known not affected: 1 | 2026-07-15T19:22:35+00:00 | Vulnerability · Source |
| CVE-2026-45822 | redhat_vex | decode-uri-component: decode-uri-component: Denial of Service via crafted input | fixed: 3 known affected: 12 known not affected: 49 | 2026-07-15T19:19:49+00:00 | Vulnerability · Source |
| CVE-2026-13676 | redhat_vex | fast-uri: fast-uri: Security policy bypass due to improper Unicode hostname canonicalization | fixed: 19 known affected: 89 known not affected: 1477 | 2026-07-15T19:18:49+00:00 | Vulnerability · Source |
| CVE-2026-12143 | redhat_vex | form-data: form-data: Form field override via CRLF injection | fixed: 100 known affected: 49 known not affected: 176 under investigation: 108 | 2026-07-15T19:18:49+00:00 | Vulnerability · Source |
| CVE-2026-32591 | redhat_vex | mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration | fixed: 7 known affected: 2 known not affected: 46 | 2026-07-15T19:18:49+00:00 | Vulnerability · Source |
| CVE-2026-47158 | redhat_vex | vaultwarden: Vaultwarden: Account takeover via SSO authorization flow vulnerability | known not affected: 1 | 2026-07-15T19:05:55+00:00 | Vulnerability · Source |
| CVE-2026-2100 | redhat_vex | p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters | fixed: 149 known not affected: 14 under investigation: 1 | 2026-07-15T18:40:48+00:00 | Vulnerability · Source |
| CVE-2026-42010 | redhat_vex | gnutls: gnutls: Authentication Bypass via NUL Character in Username | fixed: 717 known affected: 1 known not affected: 66 | 2026-07-15T18:36:05+00:00 | Vulnerability · Source |
| CVE-2026-4438 | redhat_vex | glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions | fixed: 2028 known affected: 237 known not affected: 2 under investigation: 1 | 2026-07-15T18:31:20+00:00 | Vulnerability · Source |
| CVE-2025-14512 | redhat_vex | glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow | fixed: 888 known affected: 28 under investigation: 1 | 2026-07-15T18:31:11+00:00 | Vulnerability · Source |
| CVE-2026-42012 | redhat_vex | gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs | fixed: 700 known affected: 12 known not affected: 55 under investigation: 1 | 2026-07-15T18:26:09+00:00 | Vulnerability · Source |
| CVE-2026-42009 | redhat_vex | gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability | fixed: 750 known affected: 1 known not affected: 67 | 2026-07-15T18:16:24+00:00 | Vulnerability · Source |
| CVE-2026-8643 | redhat_vex | python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite | fixed: 92 known affected: 94 known not affected: 660 | 2026-07-15T17:52:33+00:00 | Vulnerability · Source |
| CVE-2026-34478 | redhat_vex | org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames | fixed: 4 known affected: 34 known not affected: 21 | 2026-07-15T17:36:33+00:00 | Vulnerability · Source |
| CVE-2026-24400 | redhat_vex | assertj: AssertJ: Information disclosure and denial of service via XML External Entity (XXE) | fixed: 1 known affected: 31 known not affected: 33 | 2026-07-15T17:36:27+00:00 | Vulnerability · Source |
| CVE-2026-34480 | redhat_vex | org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging | fixed: 5 known affected: 35 known not affected: 19 | 2026-07-15T17:36:19+00:00 | Vulnerability · Source |
| CVE-2023-52428 | redhat_vex | nimbus-jose-jwt: large JWE p2c header value causes Denial of Service | fixed: 238 known affected: 9 known not affected: 6 | 2026-07-15T17:35:48+00:00 | Vulnerability · Source |
| CVE-2026-47164 | redhat_vex | vaultwarden: Vaultwarden: Account takeover via SSO email auto-linking vulnerability | known not affected: 1 | 2026-07-15T17:11:39+00:00 | Vulnerability · Source |
| CVE-2026-47159 | redhat_vex | Vaultwarden: Vaultwarden: Information disclosure and authentication workflow abuse in SSO discovery | known not affected: 1 | 2026-07-15T17:11:33+00:00 | Vulnerability · Source |
| CVE-2026-47160 | redhat_vex | Vaultwarden: Vaultwarden: Server-Side Request Forgery via IP validation bypass | known not affected: 1 | 2026-07-15T17:11:30+00:00 | Vulnerability · Source |
| CVE-2026-32141 | redhat_vex | flatted: flatted: Unbounded recursion DoS in parse() revive phase | fixed: 27 known affected: 21 known not affected: 259 | 2026-07-15T16:32:10+00:00 | Vulnerability · Source |
| CVE-2026-6322 | redhat_vex | fast-uri: fast-uri: URI authority bypass due to improper delimiter handling | fixed: 119 known affected: 56 known not affected: 4929 | 2026-07-15T16:31:30+00:00 | Vulnerability · Source |
| CVE-2026-4926 | redhat_vex | path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions | fixed: 40 known affected: 30 known not affected: 931 | 2026-07-15T16:31:20+00:00 | Vulnerability · Source |
| CVE-2026-53359 | redhat_vex | kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role | fixed: 1808 known affected: 51 known not affected: 15 | 2026-07-15T16:24:28+00:00 | Vulnerability · Source |
| CVE-2026-46113 | redhat_vex | kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN | fixed: 963 known affected: 22 known not affected: 42 | 2026-07-15T16:24:22+00:00 | Vulnerability · Source |
| CVE-2026-44172 | redhat_vex | mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string() | fixed: 4 known affected: 10 known not affected: 130 | 2026-07-15T16:21:09+00:00 | Vulnerability · Source |
| CVE-2026-48526 | redhat_vex | python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens | fixed: 815 known affected: 56 known not affected: 572 | 2026-07-15T16:11:09+00:00 | Vulnerability · Source |
| CVE-2026-46135 | redhat_vex | kernel: nvmet-tcp: fix race between ICReq handling and queue teardown | fixed: 1625 known affected: 22 known not affected: 42 | 2026-07-15T15:59:36+00:00 | Vulnerability · Source |
| CVE-2026-31684 | redhat_vex | kernel: net: sched: act_csum: validate nested VLAN headers | fixed: 812 known affected: 50 known not affected: 14 | 2026-07-15T15:59:31+00:00 | Vulnerability · Source |
| CVE-2026-29181 | redhat_vex | github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers | fixed: 4 known affected: 6 known not affected: 124 under investigation: 2 | 2026-07-15T15:46:05+00:00 | Vulnerability · Source |
| CVE-2026-52725 | redhat_vex | @angular/core: @angular/core: Cross-Site Scripting (XSS) via dynamic component creation bypass | known affected: 3 known not affected: 79 | 2026-07-15T15:41:29+00:00 | Vulnerability · Source |
| CVE-2026-54268 | redhat_vex | @angular/common: Angular @angular/common: Denial of Service via crafted date format string | known affected: 1 known not affected: 81 | 2026-07-15T15:41:21+00:00 | Vulnerability · Source |
| CVE-2026-0636 | redhat_vex | bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java | fixed: 29 known affected: 30 known not affected: 293 | 2026-07-15T15:21:24+00:00 | Vulnerability · Source |
| CVE-2025-14813 | redhat_vex | bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly | fixed: 31 known affected: 33 known not affected: 496 | 2026-07-15T15:21:22+00:00 | Vulnerability · Source |
| CVE-2026-5588 | redhat_vex | bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid | fixed: 131 known affected: 18 known not affected: 185 | 2026-07-15T15:21:19+00:00 | Vulnerability · Source |
| CVE-2026-50193 | redhat_vex | jackson-databind: Jackson-databind: Denial of Service via deeply nested JSON processing | known affected: 66 known not affected: 94 | 2026-07-15T15:12:30+00:00 | Vulnerability · Source |
| CVE-2026-9073 | redhat_vex | foreman-mcp-server: MCP Server: Insecure Sensitive HTTP Header Sanitization | fixed: 2 | 2026-07-15T15:08:51+00:00 | Vulnerability · Source |
| CVE-2026-47429 | redhat_vex | vitest: Vitest: Arbitrary code execution and information disclosure via path traversal | fixed: 3 known not affected: 9 | 2026-07-15T15:04:44+00:00 | Vulnerability · Source |
| CVE-2026-47428 | redhat_vex | vitest: Vitest: Arbitrary code execution via crafted browser-runner URL | fixed: 3 known not affected: 7 | 2026-07-15T15:04:43+00:00 | Vulnerability · Source |