SecAlerts
CVE ListPricingSign Up
xen logo

xen

Security Risk Profile

54
/100
medium

Security Risk Score

Comprehensive risk assessment based on 566 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from March 20, 2007 to present

566
Total CVEs
187
Critical+High
2
Exploited
39
Unpatched

Threat Assessment

Avg CVSS
6.2
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
39
Critical/High
Risk Level
54/100
medium
⚠️ 2 Active Exploits 1 Zero-Days📈 4 in Last 30 Days

Severity Distribution

Critical
17
High
170
Medium
273
Low
52

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
1

Age Distribution

Common Weaknesses (CWE)

1
Input Validation
50
2
Buffer Overflow
41
3
Race Condition
33
4
Infoleak
30
5
Null Pointer Dereference
22

Most Affected Products

1. XEN Xen2899
2. Fedoraproject Fedora320
3. Debian Debian Linux250
4. debian/xen165
5. Linux Linux kernel121

Recent Vulnerabilities

See more →
https://seclists.org/oss-sec/2026/q2/502
unknown

Xen Security Advisory 490 v1 (CVE-2025-54518) - x86: CPU Opcode Cache corruption

5/12/2026🔧 No Patch
CVE-2026-23558
CVSS 7.8high

grant table v2 race in status page mapping

4/28/2026
CVE-2026-23557
CVSS 6.5medium

Xenstored DoS via XS_RESET_WATCHES command

4/28/2026
https://seclists.org/oss-sec/2026/q2/245
unknown

Xen Security Advisory 483 v2 (CVE-2026-23556) - oxenstod keeps quota lated use counts across domain destruction

4/28/2026🔧 No Patch
CVE-2026-23555
CVSS 7.1high

Xenstored DoS by unprivileged domain

3/17/2026
CVE-2026-23554
CVSS 7.8high

Use after free of paging structures in EPT

3/17/2026
https://seclists.org/oss-sec/2026/q1/327
unknown

Xen Security Advisory 480 v3 (CVE-2026-23554) - Use after fe of paging structus in EPT

3/17/2026🔧 No Patch
CVE-2026-23553
CVSS 2.9EPSS 0%low

x86: incomplete IBPB for vCPU isolation

1/27/2026
CVE-2025-58150
CVSS 8.8high

x86: buffer overrun with shadow paging + tracing

1/27/2026
https://seclists.org/oss-sec/2025/q4/139
unknown

Xen Security Advisory 471 v3 (CVE-2024-36350,CVE-2024-36357) - x86: Transitive Scheduler Attacks

11/5/2025🔧 No Patch

Monitor xen in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

xen Security Vulnerabilities & Risk Score | 566 CVEs | SecAlerts - SecAlerts