VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
222279 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-40923 | redhat_vex | github.com/tektoncd/pipeline: Tekton Pipelines: Unauthorized access and information disclosure via path validation bypass | known affected: 57 known not affected: 17 | 2026-07-02T15:33:41+00:00 | Vulnerability · Source |
| CVE-2026-25542 | redhat_vex | github.com/tektoncd/pipeline: Tekton Pipelines: Security bypass due to regular expression matching flaw | known affected: 55 known not affected: 19 | 2026-07-02T15:33:37+00:00 | Vulnerability · Source |
| CVE-2026-7571 | redhat_vex | keycloak: Keycloak: Access token disclosure and implicit flow bypass via forged client data | fixed: 10 | 2026-07-02T15:33:35+00:00 | Vulnerability · Source |
| CVE-2026-4630 | redhat_vex | keycloak: Keycloak: Unauthorized resource access and data modification via Insecure Direct Object Reference | fixed: 10 | 2026-07-02T15:33:33+00:00 | Vulnerability · Source |
| CVE-2025-58713 | redhat_vex | rhpam: privilege escalation via excessive /etc/passwd permissions | under investigation: 6 | 2026-07-02T15:33:16+00:00 | Vulnerability · Source |
| CVE-2025-57849 | redhat_vex | fuse: privilege escalation via excessive /etc/passwd permissions | known affected: 6 | 2026-07-02T15:33:16+00:00 | Vulnerability · Source |
| CVE-2026-54370 | redhat_vex | acl: TOCTOU Symlink Traversal via getfacl/setfacl | fixed: 3 known affected: 16 | 2026-07-02T15:23:57+00:00 | Vulnerability · Source |
| CVE-2026-32952 | redhat_vex | go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge | known not affected: 15 under investigation: 122 | 2026-07-02T15:23:55+00:00 | Vulnerability · Source |
| CVE-2026-44604 | redhat_vex | rpm: Command injection in rpmuncompress doUntar() via unescaped archive top-level directory name in popen() shell command | fixed: 4 under investigation: 78 | 2026-07-02T15:23:55+00:00 | Vulnerability · Source |
| CVE-2026-6861 | redhat_vex | emacs: Emacs: Memory corruption vulnerability when processing SVG CSS | under investigation: 29 | 2026-07-02T15:23:50+00:00 | Vulnerability · Source |
| CVE-2026-6862 | redhat_vex | efivar: efivar: Denial of Service due to stack overflow in device path node parsing | under investigation: 13 | 2026-07-02T15:23:47+00:00 | Vulnerability · Source |
| CVE-2026-3172 | redhat_vex | pgvector: pgvector: Information disclosure or denial of service via buffer overflow in parallel HNSW index build | known affected: 2 under investigation: 6 | 2026-07-02T15:23:43+00:00 | Vulnerability · Source |
| CVE-2025-58187 | redhat_vex | crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 | fixed: 8 known affected: 2 under investigation: 353 | 2026-07-02T15:23:38+00:00 | Vulnerability · Source |
| CVE-2026-56371 | redhat_vex | ImageMagick: ImageMagick: Denial of Service due to memory leak in TXT file processing | known affected: 14 | 2026-07-02T15:17:24+00:00 | Vulnerability · Source |
| CVE-2026-40336 | redhat_vex | libgphoto2: libgphoto2: Memory leak in ptp_unpack_Sony_DPD() can lead to denial of service | under investigation: 10 | 2026-07-02T15:17:16+00:00 | Vulnerability · Source |
| CVE-2026-6324 | redhat_vex | libsoup: libsoup: HTTP Request Smuggling via Unsigned to Signed Conversion Error | under investigation: 16 | 2026-07-02T15:16:55+00:00 | Vulnerability · Source |
| CVE-2026-52996 | microsoft_vex | ksmbd: fix durable fd leak on ClientGUID mismatch in durable v2 open | known not affected: 1 | 2026-07-02T14:47:37+00:00 | Vulnerability · Source |
| CVE-2026-53192 | microsoft_vex | ALSA: timer: Fix UAF at snd_timer_user_params() | fixed: 1 known affected: 2 | 2026-07-02T14:47:32+00:00 | Vulnerability · Source |
| CVE-2026-53139 | microsoft_vex | drm/v3d: Skip CSD when it has zeroed workgroups | known affected: 1 known not affected: 1 | 2026-07-02T14:47:26+00:00 | Vulnerability · Source |
| CVE-2026-53131 | microsoft_vex | netfilter: require Ethernet MAC header before using eth_hdr() | fixed: 1 known affected: 2 | 2026-07-02T14:47:20+00:00 | Vulnerability · Source |
| CVE-2026-53158 | microsoft_vex | misc: fastrpc: Fix NULL pointer dereference in rpmsg callback | known not affected: 1 | 2026-07-02T14:47:14+00:00 | Vulnerability · Source |
| CVE-2026-53194 | microsoft_vex | USB: serial: kl5kusb105: fix bulk-out buffer overflow | known not affected: 1 | 2026-07-02T14:47:07+00:00 | Vulnerability · Source |
| CVE-2026-53065 | microsoft_vex | ASoC: sti: use managed regmap_field allocations | known not affected: 1 | 2026-07-02T14:47:01+00:00 | Vulnerability · Source |
| CVE-2026-53159 | microsoft_vex | misc: fastrpc: fix DMA address corruption due to find_vma misuse | known not affected: 1 | 2026-07-02T14:46:55+00:00 | Vulnerability · Source |
| CVE-2026-53024 | microsoft_vex | greybus: raw: fix use-after-free if write is called after disconnect | known affected: 1 known not affected: 1 | 2026-07-02T14:46:49+00:00 | Vulnerability · Source |
| CVE-2026-53136 | microsoft_vex | drm/amd/display: Clamp VBIOS HDMI retimer register count to array size | fixed: 1 known affected: 2 | 2026-07-02T14:46:43+00:00 | Vulnerability · Source |
| CVE-2026-52948 | microsoft_vex | i2c: dev: prevent integer overflow in I2C_TIMEOUT ioctl | fixed: 1 known affected: 2 | 2026-07-02T14:46:31+00:00 | Vulnerability · Source |
| CVE-2026-52955 | microsoft_vex | libceph: Fix potential out-of-bounds access in crush_decode() | fixed: 1 known affected: 2 | 2026-07-02T14:46:25+00:00 | Vulnerability · Source |
| CVE-2026-53215 | microsoft_vex | net: mvpp2: refill RX buffers before XDP or skb use | known not affected: 1 | 2026-07-02T14:46:19+00:00 | Vulnerability · Source |
| CVE-2026-53025 | microsoft_vex | greybus: raw: fix use-after-free on cdev close | known affected: 1 known not affected: 1 | 2026-07-02T14:46:13+00:00 | Vulnerability · Source |
| CVE-2026-53247 | microsoft_vex | net: ethernet: mtk_eth_soc: Fix use-after-free in metadata dst teardown | known not affected: 1 | 2026-07-02T14:46:07+00:00 | Vulnerability · Source |
| CVE-2026-53217 | microsoft_vex | net: mvpp2: sync RX data at the hardware packet offset | known not affected: 1 | 2026-07-02T14:46:01+00:00 | Vulnerability · Source |
| CVE-2026-52964 | microsoft_vex | ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans | known not affected: 1 | 2026-07-02T14:45:54+00:00 | Vulnerability · Source |
| CVE-2026-53208 | microsoft_vex | Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig | fixed: 1 known affected: 2 | 2026-07-02T14:45:49+00:00 | Vulnerability · Source |
| CVE-2026-53041 | microsoft_vex | ocfs2: fix listxattr handling when the buffer is full | known not affected: 1 | 2026-07-02T14:45:43+00:00 | Vulnerability · Source |
| CVE-2026-53113 | microsoft_vex | wifi: ath11k: fix memory leaks in beacon template setup | known affected: 1 known not affected: 1 | 2026-07-02T14:45:37+00:00 | Vulnerability · Source |
| CVE-2026-53198 | microsoft_vex | ksmbd: fix use-after-free of a deferred file_lock on double SMB2_CANCEL | fixed: 1 known affected: 2 | 2026-07-02T14:45:32+00:00 | Vulnerability · Source |
| CVE-2026-52957 | microsoft_vex | libceph: Fix potential null-ptr-deref in decode_choose_args() | fixed: 1 known affected: 2 | 2026-07-02T14:45:26+00:00 | Vulnerability · Source |
| CVE-2026-53017 | microsoft_vex | f2fs: fix data loss caused by incorrect use of nat_entry flag | known affected: 1 known not affected: 1 | 2026-07-02T14:45:19+00:00 | Vulnerability · Source |
| CVE-2026-53018 | microsoft_vex | f2fs: avoid reading already updated pages during GC | known affected: 1 known not affected: 1 | 2026-07-02T14:45:13+00:00 | Vulnerability · Source |
| CVE-2026-53161 | microsoft_vex | misc: fastrpc: fix use-after-free of fastrpc_user in workqueue context | known not affected: 1 | 2026-07-02T14:45:07+00:00 | Vulnerability · Source |
| CVE-2026-47770 | microsoft_vex | jq: stack overflow in deep structural equality | fixed: 2 known affected: 2 | 2026-07-02T14:44:59+00:00 | Vulnerability · Source |
| CVE-2026-54679 | microsoft_vex | jq: potential integer overflow in jvp_string_append | known affected: 1 known not affected: 1 | 2026-07-02T14:44:52+00:00 | Vulnerability · Source |
| CVE-2026-49839 | microsoft_vex | jq --rawfile invalid-state reuse after String too long causes heap-buffer-overflow | fixed: 2 known affected: 2 | 2026-07-02T14:44:46+00:00 | Vulnerability · Source |
| CVE-2026-42504 | microsoft_vex | Quadratic complexity in WordDecoder.DecodeHeader in mime | fixed: 3 known affected: 4 known not affected: 3 | 2026-07-02T14:44:19+00:00 | Vulnerability · Source |
| CVE-2026-43311 | microsoft_vex | soc/tegra: pmc: Fix unsafe generic_handle_irq() call | fixed: 1 known affected: 5 | 2026-07-02T14:44:01+00:00 | Vulnerability · Source |
| CVE-2026-43303 | microsoft_vex | mm/page_alloc: clear page->private in free_pages_prepare() | fixed: 1 known affected: 5 | 2026-07-02T14:43:55+00:00 | Vulnerability · Source |
| CVE-2026-43319 | microsoft_vex | spi: spidev: fix lock inversion between spi_lock and buf_lock | fixed: 1 known affected: 1 under investigation: 4 | 2026-07-02T14:43:48+00:00 | Vulnerability · Source |
| CVE-2026-43331 | microsoft_vex | x86/kexec: Disable KCOV instrumentation after load_segments() | fixed: 1 known affected: 1 under investigation: 4 | 2026-07-02T14:43:42+00:00 | Vulnerability · Source |
| CVE-2026-43088 | microsoft_vex | net: af_key: zero aligned sockaddr tail in PF_KEY exports | fixed: 1 known affected: 5 | 2026-07-02T14:43:35+00:00 | Vulnerability · Source |