VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
222176 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-58494 | redhat_vex | wasmtime: Wasmtime: Overwrite host files via insufficient permission checks in wasmtime-wasi | known affected: 3 | 2026-07-15T15:00:20+00:00 | Vulnerability · Source |
| CVE-2026-44216 | redhat_vex | wasmtime: Wasmtime: Denial of Service via large WebAssembly table allocation | known affected: 1 known not affected: 1 | 2026-07-15T14:59:30+00:00 | Vulnerability · Source |
| CVE-2026-59869 | redhat_vex | js-yaml: js-yaml: Denial of Service via crafted YAML documents | fixed: 23 known affected: 67 known not affected: 4 under investigation: 122 | 2026-07-15T14:59:18+00:00 | Vulnerability · Source |
| CVE-2026-5260 | redhat_vex | gnutls: gnutls: Information disclosure via heap overread in RSA key exchange | fixed: 700 known affected: 6 known not affected: 61 under investigation: 1 | 2026-07-15T14:56:52+00:00 | Vulnerability · Source |
| CVE-2026-53035 | redhat_vex | kernel: bpf, sockmap: Fix af_unix iter deadlock | known affected: 198 known not affected: 76 | 2026-07-15T14:48:58+00:00 | Vulnerability · Source |
| CVE-2026-53034 | redhat_vex | kernel: bpf, sockmap: Fix af_unix null-ptr-deref in proto update | known affected: 184 known not affected: 90 | 2026-07-15T14:48:58+00:00 | Vulnerability · Source |
| CVE-2026-42503 | redhat_vex | golang.org/x/tools/gopls: golang: gopls: Arbitrary code execution due to insecure network binding | fixed: 8 known not affected: 1 | 2026-07-15T14:42:53+00:00 | Vulnerability · Source |
| CVE-2026-53028 | redhat_vex | kernel: usb: typec: Fix error pointer dereference | known affected: 184 known not affected: 90 | 2026-07-15T14:40:58+00:00 | Vulnerability · Source |
| CVE-2026-15028 | microsoft_vex | Libarchive: heap overflow oob read while parsing a tar archive contains a pax extended header | known affected: 2 | 2026-07-15T14:39:54+00:00 | Vulnerability · Source |
| CVE-2026-14686 | redhat_vex | HdrHistogram: HdrHistogram: Data integrity impact due to incorrect comparison | fixed: 7 known affected: 5 known not affected: 9 | 2026-07-15T14:37:44+00:00 | Vulnerability · Source |
| CVE-2026-14685 | redhat_vex | HdrHistogram: HdrHistogram: Local state issue via 'Count' argument manipulation | fixed: 7 known affected: 5 known not affected: 9 | 2026-07-15T14:37:35+00:00 | Vulnerability · Source |
| CVE-2026-14683 | redhat_vex | HdrHistogram: HdrHistogram: Denial of Service via uncontrolled memory allocation | fixed: 7 known affected: 5 known not affected: 9 | 2026-07-15T14:37:33+00:00 | Vulnerability · Source |
| CVE-2026-29167 | redhat_vex | httpd: Apache HTTP Server: Arbitrary code execution or denial of service via use-after-free in mod_ldap per-directory configuration | fixed: 4 known affected: 23 known not affected: 6 under investigation: 24 | 2026-07-15T14:37:31+00:00 | Vulnerability · Source |
| CVE-2026-59890 | redhat_vex | setuptools: setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) | fixed: 2 known not affected: 270 | 2026-07-15T14:36:27+00:00 | Vulnerability · Source |
| CVE-2026-53021 | redhat_vex | kernel: scsi: target: core: Fix integer overflow in UNMAP bounds check | known affected: 274 | 2026-07-15T14:36:26+00:00 | Vulnerability · Source |
| CVE-2026-59996 | redhat_vex | openssh: OpenSSH: `scp` file misplacement vulnerability during remote copy | fixed: 3 known affected: 41 | 2026-07-15T14:36:25+00:00 | Vulnerability · Source |
| CVE-2026-15747 | redhat_vex | Mojolicious: Mojolicious: Information disclosure via BREACH compression oracle | known not affected: 1 | 2026-07-15T14:36:24+00:00 | Vulnerability · Source |
| CVE-2026-53022 | redhat_vex | kernel: platform/x86: dell-wmi-sysman: bound enumeration string aggregation | known affected: 184 known not affected: 90 | 2026-07-15T14:36:22+00:00 | Vulnerability · Source |
| CVE-2026-42505 | redhat_vex | crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello | fixed: 8 known affected: 148 known not affected: 1 under investigation: 243 | 2026-07-15T14:36:16+00:00 | Vulnerability · Source |
| CVE-2026-15187 | redhat_vex | enquirer: Enquirer: Prototype pollution vulnerability allows remote attackers to modify object attributes | fixed: 4 known affected: 14 under investigation: 45 | 2026-07-15T14:36:14+00:00 | Vulnerability · Source |
| CVE-2026-55956 | redhat_vex | tomcat: Apache Tomcat: Improper Authorization Allows Security Constraint Bypass | fixed: 4 known affected: 80 | 2026-07-15T14:35:21+00:00 | Vulnerability · Source |
| CVE-2026-55693 | redhat_vex | vim: Vim: Out-of-bounds Write in Spell File Word Count | fixed: 4 known affected: 33 | 2026-07-15T14:35:20+00:00 | Vulnerability · Source |
| CVE-2026-47262 | redhat_vex | github.com/containerd/containerd: containerd: Denial of Service via maliciously crafted image leading to unbounded group parsing | fixed: 18 known not affected: 270 under investigation: 31 | 2026-07-15T14:35:10+00:00 | Vulnerability · Source |
| CVE-2026-11856 | redhat_vex | curl: curl: Information disclosure via incorrect Digest authentication header reuse | fixed: 7 known affected: 25 known not affected: 2 | 2026-07-15T14:35:10+00:00 | Vulnerability · Source |
| CVE-2026-11564 | redhat_vex | libcurl: libcurl: Certificate validation bypass due to incorrect connection reuse | fixed: 7 known affected: 2 known not affected: 16 | 2026-07-15T14:35:02+00:00 | Vulnerability · Source |
| CVE-2026-8926 | redhat_vex | curl: curl: Information disclosure via incorrect .netrc password lookup | fixed: 7 known affected: 27 | 2026-07-15T14:35:00+00:00 | Vulnerability · Source |
| CVE-2026-8924 | redhat_vex | curl: curl: Cookie injection via malicious HTTP server using super cookies | fixed: 7 known affected: 27 | 2026-07-15T14:34:57+00:00 | Vulnerability · Source |
| CVE-2026-48913 | redhat_vex | httpd: mod_http2: Apache HTTP Server mod_http2: Use After Free vulnerability allows arbitrary code execution or denial of service. | fixed: 17 known affected: 58 | 2026-07-15T14:34:44+00:00 | Vulnerability · Source |
| CVE-2026-44631 | redhat_vex | httpd: Apache HTTP Server: Denial of Service via crafted regular expressions | fixed: 79 known affected: 41 | 2026-07-15T14:34:39+00:00 | Vulnerability · Source |
| CVE-2026-44119 | redhat_vex | httpd: Apache HTTP Server: Local .htaccess authors can read files with httpd user privileges | fixed: 79 known affected: 41 | 2026-07-15T14:34:37+00:00 | Vulnerability · Source |
| CVE-2026-43951 | redhat_vex | httpd: Apache HTTP Server: Out-of-bounds Read in mod_headers and mod_mime | fixed: 92 known affected: 46 | 2026-07-15T14:34:35+00:00 | Vulnerability · Source |
| CVE-2026-42535 | redhat_vex | httpd: Apache httpd mod_dav_fs: Denial of Service due to path handling issue | fixed: 79 known affected: 41 | 2026-07-15T14:34:34+00:00 | Vulnerability · Source |
| CVE-2026-34356 | redhat_vex | httpd: Apache HTTP Server: Heap-based Buffer Overflow via malicious backend servers | fixed: 79 known affected: 41 | 2026-07-15T14:34:31+00:00 | Vulnerability · Source |
| CVE-2026-29170 | redhat_vex | httpd: Apache HTTP Server: Cross-site scripting in mod_proxy_ftp via HTML directory list generation | fixed: 4 known affected: 53 | 2026-07-15T14:34:31+00:00 | Vulnerability · Source |
| CVE-2026-9675 | redhat_vex | undici: undici WebSocket client vulnerable to denial of service via cumulative fragment bypass | fixed: 16 known not affected: 69 under investigation: 1 | 2026-07-15T14:34:06+00:00 | Vulnerability · Source |
| CVE-2026-47104 | redhat_vex | libusb: libusb: Denial of Service via malformed USB descriptor | fixed: 4 known affected: 15 | 2026-07-15T14:34:02+00:00 | Vulnerability · Source |
| CVE-2026-23679 | redhat_vex | libusb: libusb: Denial of Service via malformed USB configuration descriptor | fixed: 4 known affected: 15 | 2026-07-15T14:34:01+00:00 | Vulnerability · Source |
| CVE-2026-43515 | redhat_vex | tomcat-coyote: tomcat: Improper Authorization allows security bypass | fixed: 4 known affected: 29 | 2026-07-15T14:33:55+00:00 | Vulnerability · Source |
| CVE-2026-7009 | redhat_vex | curl: Curl: Certificate validation bypass due to OCSP stapling flaw | fixed: 3 known not affected: 27 | 2026-07-15T14:33:52+00:00 | Vulnerability · Source |
| CVE-2026-42308 | redhat_vex | Pillow: python: Pillow: Denial of Service via integer overflow in font processing | fixed: 5 known affected: 275 | 2026-07-15T14:33:47+00:00 | Vulnerability · Source |
| CVE-2026-45149 | redhat_vex | brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges | fixed: 36 known affected: 30 known not affected: 177 under investigation: 103 | 2026-07-15T14:31:31+00:00 | Vulnerability · Source |
| CVE-2026-44029 | redhat_vex | nix: absolute path traversal when unpacking archives to disk | fixed: 14 | 2026-07-15T14:29:51+00:00 | Vulnerability · Source |
| CVE-2026-44028 | redhat_vex | nix: coroutine stack-to-heap overflow via unbounded recursion in NAR directory parser | fixed: 14 | 2026-07-15T14:29:47+00:00 | Vulnerability · Source |
| CVE-2026-23479 | redhat_vex | redis: use-after-free in unblock client flow may allow remote code execution | fixed: 95 known not affected: 8 | 2026-07-15T14:29:40+00:00 | Vulnerability · Source |
| CVE-2026-59870 | redhat_vex | js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document | fixed: 30 known affected: 1 known not affected: 189 | 2026-07-15T14:29:06+00:00 | Vulnerability · Source |
| CVE-2026-59868 | redhat_vex | js-yaml: js-yaml: Denial of Service via quadratic CPU time parsing with merge keys | fixed: 30 known affected: 1 known not affected: 189 | 2026-07-15T14:29:02+00:00 | Vulnerability · Source |
| CVE-2026-39822 | redhat_vex | os: golang: Go os.Root: Symlink following vulnerability allows directory traversal | fixed: 161 known affected: 23 known not affected: 177 | 2026-07-15T14:21:17+00:00 | Vulnerability · Source |
| CVE-2026-12064 | redhat_vex | curl: curl: SSH host verification bypass when using schemeless URLs with SFTP/SCP | fixed: 7 known affected: 27 | 2026-07-15T14:20:14+00:00 | Vulnerability · Source |
| CVE-2026-11586 | redhat_vex | curl: curl: Denial of Service via WebSocket PING flood | fixed: 7 known affected: 27 | 2026-07-15T14:20:12+00:00 | Vulnerability · Source |
| CVE-2026-11352 | redhat_vex | curl: libcurl: curl/libcurl: Remote denial of service via QUIC UDP receive function vulnerability | fixed: 7 known affected: 29 known not affected: 16 | 2026-07-15T14:20:09+00:00 | Vulnerability · Source |