xen
511 tracked vulnerabilities.
CVE-2026-42486
CRITICAL
Multiple RBAC issues in XAPI
Jul 09, 2026
EPSS 0.00
CVE-2026-23562
CRITICAL
Multiple RBAC issues in XAPI
Jul 09, 2026
EPSS 0.00
CVE-2026-23561
CRITICAL
Multiple RBAC issues in XAPI
Jul 09, 2026
EPSS 0.00
CVE-2026-23560
CRITICAL
Multiple RBAC issues in XAPI
Jul 09, 2026
EPSS 0.00
CVE-2026-23559
CRITICAL
Multiple RBAC issues in XAPI
Jul 09, 2026
EPSS 0.00
CVE-2026-23556
CRITICAL
oxenstored keeps quota related use counts across domain destruction
Jul 09, 2026
EPSS 0.00
CVE-2026-42490
MEDIUM
domctl lock open to abuse
Jun 18, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42489
MEDIUM
domctl lock open to abuse
Jun 18, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-42488
HIGH
x86: mismatched mapcache metadata
Jun 18, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-42487
HIGH
x86 HVM I/O port list traversal
Jun 18, 2026
CVSS 7.9
EPSS 0.00
CVE-2026-23558
HIGH
grant table v2 race in status page mapping
May 19, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-23557
MEDIUM
Xenstored DoS via XS_RESET_WATCHES command
May 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23555
HIGH
Xenstored DoS by unprivileged domain
Mar 23, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-23554
HIGH
Use after free of paging structures in EPT
Mar 23, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-23553
LOW
Xen >=4.6.0 - Improper Branch Target Buffer Isolation via IBPB Skip
Jan 28, 2026
CVSS 2.9
EPSS 0.00
CVE-2025-58151
CRITICAL
varstored: TOCTOU issues with mapped guest memory
Jul 09, 2026
EPSS 0.00
CVE-2025-58146
CRITICAL
XAPI UTF-8 string handling
Jul 09, 2026
EPSS 0.00
CVE-2025-27464
CRITICAL
WinPVDrivers: Excessive permissions on user-exposed devices
Jul 09, 2026
EPSS 0.00
CVE-2025-27463
CRITICAL
WinPVDrivers: Excessive permissions on user-exposed devices
Jul 09, 2026
EPSS 0.00
CVE-2025-27462
CRITICAL
WinPVDrivers: Excessive permissions on user-exposed devices
Jul 09, 2026
EPSS 0.00
CVE-2025-58150
HIGH
Xen - Out-of-bounds Write in Shadow Mode Tracing Code
Jan 28, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-58149
HIGH
Xen >=4.0.0 - Use-After-Free in PCI Device Detach Logic
Oct 31, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-58148
HIGH
Xen >=4.15.0 - Out-of-bounds Read and Write via Viridian Hypercall vCPU Mask Processing
Oct 31, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-58147
HIGH
Xen >=4.15.0 - Out-of-bounds Read and Write via Viridian Hypercall vCPU Mask Handling
Oct 31, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-58145
HIGH
Xen 4.12.0-4.16.x - Race Condition in Page Mapping
Sep 11, 2025
CVSS 7.5
EPSS 0.00