VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
222278 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2025-71117 | redhat_vex | kernel: Linux kernel: Denial of Service via deadlock in block layer sysfs store callbacks | fixed: 309 known affected: 108 known not affected: 90 | 2026-07-02T19:43:11+00:00 | Vulnerability · Source |
| CVE-2026-1703 | redhat_vex | pip: pip: Information disclosure via path traversal when installing crafted wheel archives | fixed: 2 known affected: 113 | 2026-07-02T19:43:11+00:00 | Vulnerability · Source |
| CVE-2026-42268 | redhat_vex | mod_security: ModSecurity: Denial of Service via unsigned integer underflow in rule verification functions | known affected: 6 | 2026-07-02T19:42:58+00:00 | Vulnerability · Source |
| CVE-2026-43459 | redhat_vex | kernel: ASoC: soc-core: flush delayed work before removing DAIs and widgets | known affected: 232 known not affected: 42 | 2026-07-02T19:42:39+00:00 | Vulnerability · Source |
| CVE-2026-43452 | redhat_vex | kernel: netfilter: x_tables: guard option walkers against 1-byte tail reads | known affected: 274 | 2026-07-02T19:42:36+00:00 | Vulnerability · Source |
| CVE-2026-43407 | redhat_vex | kernel: libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() | known affected: 260 known not affected: 14 | 2026-07-02T19:42:34+00:00 | Vulnerability · Source |
| CVE-2026-42946 | redhat_vex | nginx: ngx_http_scgi_module: ngx_http_uwsgi_module: information disclosure and denial of service | known affected: 55 known not affected: 1 | 2026-07-02T19:42:32+00:00 | Vulnerability · Source |
| CVE-2026-28386 | redhat_vex | openssl: openssl: Denial of Service due to out-of-bounds read in AES-CFB128 | fixed: 3 known affected: 36 known not affected: 32 | 2026-07-02T19:42:30+00:00 | Vulnerability · Source |
| CVE-2026-40016 | redhat_vex | dovecot: Dovecot: Denial of Service due to Sieve script CPU limit bypass | known affected: 24 | 2026-07-02T19:38:04+00:00 | Vulnerability · Source |
| CVE-2026-33227 | redhat_vex | org.apache.activemq/activemq-client: org.apache.activemq/activemq-broker: org.apache.activemq/activemq-all: org.apache.activemq/activemq-web: improper limitation of a pathname to a restricted classpath directory | known affected: 22 | 2026-07-02T19:37:55+00:00 | Vulnerability · Source |
| CVE-2026-31523 | redhat_vex | kernel: nvme-pci: ensure we're polling a polled queue | known affected: 260 known not affected: 14 | 2026-07-02T19:37:54+00:00 | Vulnerability · Source |
| CVE-2026-31435 | redhat_vex | kernel: netfs: Fix read abandonment during retry | known affected: 260 known not affected: 14 | 2026-07-02T19:37:52+00:00 | Vulnerability · Source |
| CVE-2025-64118 | redhat_vex | node-tar: tar: node-tar: Information disclosure via reading a truncated tar file | known affected: 172 | 2026-07-02T19:37:49+00:00 | Vulnerability · Source |
| CVE-2026-43894 | redhat_vex | jq: jq: Arbitrary Code Execution or Denial of Service via Signed Integer Overflow | fixed: 3 known affected: 14 | 2026-07-02T19:37:45+00:00 | Vulnerability · Source |
| CVE-2026-43472 | redhat_vex | kernel: unshare: fix unshare_fs() handling | known affected: 274 | 2026-07-02T19:37:43+00:00 | Vulnerability · Source |
| CVE-2026-43468 | redhat_vex | kernel: net/mlx5: Fix deadlock between devlink lock and esw->wq | known affected: 246 known not affected: 28 | 2026-07-02T19:37:41+00:00 | Vulnerability · Source |
| CVE-2026-43429 | redhat_vex | kernel: USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts | known affected: 274 | 2026-07-02T19:37:38+00:00 | Vulnerability · Source |
| CVE-2026-43351 | redhat_vex | kernel: KVM: arm64: Eagerly init vgic dist/redist on vgic creation | known affected: 184 known not affected: 90 | 2026-07-02T19:37:33+00:00 | Vulnerability · Source |
| CVE-2026-43346 | redhat_vex | kernel: ice: ptp: don't WARN when controlling PF is unavailable | known affected: 184 known not affected: 90 | 2026-07-02T19:37:31+00:00 | Vulnerability · Source |
| CVE-2026-43292 | redhat_vex | kernel: mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node | known affected: 274 | 2026-07-02T19:37:29+00:00 | Vulnerability · Source |
| CVE-2026-43325 | redhat_vex | kernel: wifi: iwlwifi: mvm: don't send a 6E related command when not supported | known affected: 184 known not affected: 90 | 2026-07-02T19:37:28+00:00 | Vulnerability · Source |
| CVE-2026-43296 | redhat_vex | kernel: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky | known affected: 184 known not affected: 90 | 2026-07-02T19:37:26+00:00 | Vulnerability · Source |
| CVE-2026-43278 | redhat_vex | kernel: dm: clear cloned request bio pointer when last clone bio completes | known affected: 260 known not affected: 14 | 2026-07-02T19:37:21+00:00 | Vulnerability · Source |
| CVE-2026-43261 | redhat_vex | kernel: arm64: Add support for TSV110 Spectre-BHB mitigation | known affected: 184 known not affected: 90 | 2026-07-02T19:37:20+00:00 | Vulnerability · Source |
| CVE-2026-43171 | redhat_vex | kernel: EFI/CPER: don't dump the entire memory region | known affected: 260 known not affected: 14 | 2026-07-02T19:37:18+00:00 | Vulnerability · Source |
| CVE-2026-43170 | redhat_vex | kernel: usb: dwc3: gadget: Move vbus draw to workqueue context | known affected: 184 known not affected: 90 | 2026-07-02T19:37:16+00:00 | Vulnerability · Source |
| CVE-2026-43169 | redhat_vex | kernel: drm/buddy: Prevent BUG_ON by validating rounded allocation | known affected: 184 known not affected: 90 | 2026-07-02T19:37:14+00:00 | Vulnerability · Source |
| CVE-2026-43059 | redhat_vex | kernel: Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers | known affected: 184 known not affected: 90 | 2026-07-02T19:37:14+00:00 | Vulnerability · Source |
| CVE-2026-43089 | redhat_vex | kernel: xfrm_user: fix info leak in build_mapping() | known affected: 274 | 2026-07-02T19:37:11+00:00 | Vulnerability · Source |
| CVE-2026-40701 | redhat_vex | nginx: ngx_http_ssl_module: data corruption and denial of service | known affected: 55 known not affected: 1 | 2026-07-02T19:34:36+00:00 | Vulnerability · Source |
| CVE-2026-7168 | redhat_vex | curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse | fixed: 3 known affected: 25 | 2026-07-02T19:34:33+00:00 | Vulnerability · Source |
| CVE-2026-40460 | redhat_vex | nginx: NGINX: Authorization bypass via IP spoofing in HTTP/3 QUIC module | fixed: 4 known affected: 54 | 2026-07-02T19:34:33+00:00 | Vulnerability · Source |
| CVE-2026-5766 | redhat_vex | django: Django: Service degradation via understated Content-Length header in ASGI requests | known affected: 39 | 2026-07-02T19:34:30+00:00 | Vulnerability · Source |
| CVE-2026-54411 | redhat_vex | linux-pam: Plaintext password recovery via timing discrepancy in pam_userdb module | fixed: 4 known affected: 18 | 2026-07-02T19:33:10+00:00 | Vulnerability · Source |
| CVE-2026-2340 | redhat_vex | samba: vfs_worm does not block directory modification | fixed: 3903 known affected: 59 | 2026-07-02T19:30:32+00:00 | Vulnerability · Source |
| CVE-2025-47910 | redhat_vex | net/http: CrossOriginProtection bypass in net/http | fixed: 8 known affected: 341 | 2026-07-02T19:22:37+00:00 | Vulnerability · Source |
| CVE-2025-22873 | redhat_vex | os: os: Information disclosure via path traversal using specially crafted filenames | fixed: 8 known affected: 245 | 2026-07-02T19:22:36+00:00 | Vulnerability · Source |
| CVE-2025-14505 | redhat_vex | elliptic: Key handling flaws in Elliptic | known affected: 62 | 2026-07-02T19:22:34+00:00 | Vulnerability · Source |
| CVE-2026-43084 | redhat_vex | kernel: netfilter: nfnetlink_queue: make hash table per queue | known affected: 246 known not affected: 28 | 2026-07-02T19:17:42+00:00 | Vulnerability · Source |
| CVE-2026-40974 | redhat_vex | Spring Boot: Cassandra: Spring Boot: Security bypass in Cassandra SSL connections | known affected: 21 | 2026-07-02T19:17:36+00:00 | Vulnerability · Source |
| CVE-2026-40970 | redhat_vex | Spring Boot: Spring Boot: Missing hostname verification in Elasticsearch auto-configuration allows information disclosure | known affected: 21 | 2026-07-02T19:17:34+00:00 | Vulnerability · Source |
| CVE-2026-40971 | redhat_vex | Spring Boot: Spring Boot: Information disclosure and data tampering via missing hostname verification | known affected: 21 | 2026-07-02T19:17:34+00:00 | Vulnerability · Source |
| CVE-2026-40186 | redhat_vex | sanitize-html: ApostropheCMS: sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements | known affected: 14 | 2026-07-02T19:17:29+00:00 | Vulnerability · Source |
| CVE-2026-34230 | redhat_vex | rack: Rack: Denial of Service via crafted Accept-Encoding header | known affected: 50 | 2026-07-02T19:17:24+00:00 | Vulnerability · Source |
| CVE-2026-32288 | redhat_vex | archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive | fixed: 8 known affected: 259 | 2026-07-02T19:17:19+00:00 | Vulnerability · Source |
| CVE-2026-31682 | redhat_vex | kernel: bridge: br_nd_send: linearize skb before parsing ND options | known affected: 260 known not affected: 14 | 2026-07-02T19:17:18+00:00 | Vulnerability · Source |
| CVE-2026-31676 | redhat_vex | kernel: rxrpc: only handle RESPONSE during service challenge | known affected: 260 known not affected: 14 | 2026-07-02T19:17:14+00:00 | Vulnerability · Source |
| CVE-2026-48090 | redhat_vex | envoy: Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk) | known not affected: 2 | 2026-07-02T19:16:58+00:00 | Vulnerability · Source |
| CVE-2026-47692 | redhat_vex | envoy: Envoy: PROXY Protocol v2 header generator emits "skipped" TLVs, causing 65 KB attacker-controlled spillover into the upstream application stream | known affected: 2 | 2026-07-02T19:16:53+00:00 | Vulnerability · Source |
| CVE-2026-47205 | redhat_vex | envoy: Envoy: ext_authz Use-After-Free during Stream Teardown with Per-Route Overrides | known not affected: 2 | 2026-07-02T19:16:49+00:00 | Vulnerability · Source |