qemu
Security Risk Profile
34
/100
lowSecurity Risk Score
Comprehensive risk assessment based on 635 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from April 20, 2007 to present
635
Total CVEs
176
Critical+High
0
Exploited
60
Unpatched
Threat Assessment
Avg CVSS
5.2
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
60
Critical/High
Risk Level
34/100
low
🆕 6Fresh (<7d)📈 6 in Last 30 Days
Severity Distribution
Critical
19High
157Medium
310Low
143Exploit Likelihood
>50% chance
020-50%
05-20%
0<5%
11Age Distribution
Common Weaknesses (CWE)
1
Buffer Overflow
125
2
Null Pointer Dereference
49
3
Integer Overflow
39
4
Use After Free
34
5
Input Validation
20
Most Affected Products
1. Qemu Qemu3134
2. Linux Linux kernel505
3. Canonical Ubuntu Linux320
4. Debian Debian Linux299
5. debian/qemu182
Recent Vulnerabilities
See more →https://seclists.org/oss-sec/2026/q2/618
unknown
QEMU CXL Memory Corruption Vulnerability ("QEMUtiny")
5/20/2026🔧 No Patch
CVE-2026-2243
CVSS 5.1medium
Qemu-kvm: heap buffer out-of-bounds read in vmdk compressed grain parsing
2/19/2026🔧 No Patch
REDHAT-BUG-2440934
CVSS 1.0low
2/19/2026🔧 No Patch
CVE-2026-0665
CVSS 6.5medium
Qemu-kvm: heap off-by-one in kvm xen physdevop_map_pirq
1/12/2026🔧 No Patch
REDHAT-BUG-2428640
CVSS 4.0medium
1/12/2026🔧 No Patch
CVE-2025-14876
CVSS 5.5medium
Qemu-kvm: unbounded allocation in virtio-crypto
12/18/2025🔧 No Patch
REDHAT-BUG-2423549
CVSS 4.0medium
12/18/2025🔧 No Patch
CVE-2025-12464
CVSS 6.2medium
Qemu-kvm: stack buffer overflow in e1000 device via short frames in loopback mode
10/31/2025
REDHAT-BUG-2408845
CVSS 4.0medium
10/31/2025🔧 No Patch
CVE-2025-11234
CVSS 7.5high
Qemu-kvm: vnc websocket handshake use-after-free
10/3/2025🔧 No Patch
Monitor qemu in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.