Xen

This hub aggregates every CVE we track for Xen, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Cloud & SaaSon-premother

519

CVEs tracked

Critical

164

High

In CISA KEV

Severity distribution

MEDIUM285HIGH164LOW55CRITICAL15

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Xen.

CVE-2026-42488x86: mismatched mapcache metadata8.1Jun 18, 2026
CVE-2026-42490domctl lock open to abuse6.5Jun 18, 2026
CVE-2026-42489domctl lock open to abuse5.3Jun 18, 2026
CVE-2026-42487x86 HVM I/O port list traversal7.9Jun 18, 2026
CVE-2026-23558grant table v2 race in status page mapping7.8May 19, 2026
CVE-2026-23557Xenstored DoS via XS_RESET_WATCHES command6.5May 19, 2026
CVE-2026-23555Xenstored DoS by unprivileged domain7.1Mar 23, 2026
CVE-2026-23554Use after free of paging structures in EPT7.8Mar 23, 2026
CVE-2026-23553x86: incomplete IBPB for vCPU isolation2.9Jan 28, 2026
CVE-2025-58150x86: buffer overrun with shadow paging + tracing8.8Jan 28, 2026
CVE-2025-58149Incorrect removal of permissions on PCI device unplug7.5Oct 31, 2025
CVE-2025-58148x86: Incorrect input sanitisation in Viridian hypercalls7.5Oct 31, 2025
CVE-2025-58147x86: Incorrect input sanitisation in Viridian hypercalls7.5Oct 31, 2025
CVE-2025-58145Arm issues with page refcounting7.5Sep 11, 2025
CVE-2025-58144Arm issues with page refcounting7.5Sep 11, 2025

Product normalization is registry-driven with AI assist and human review. How it works