Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how qemu compares to other vendors in security performance

View Risk Score →

oss-secQEMU CXL Memory Corruption Vulnerability ("QEMUtiny")

First published (updated )
https://seclists.org/oss-sec/2026/q2/618

Qemu QemuQemu-kvm: heap buffer out-of-bounds read in vmdk compressed grain parsing

Risk 32
Severity
5.1
First published (updated )
CVE-2026-2243

Qemu QemuA heap buffer over-read was found in block/vmdk.c. A crafted VMDK file can make qemu-img (or qemu wi…

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2440934

Qemu QemuQemu-kvm: heap off-by-one in kvm xen physdevop_map_pirq

Risk 36
Severity
6.5
First published (updated )
CVE-2026-0665

Qemu QemuAn off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2428640
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Qemu QemuQemu-kvm: unbounded allocation in virtio-crypto

Risk 32
Severity
5.5
First published (updated )
CVE-2025-14876

Qemu QemuA flaw was found in the virtio-crypto device of QEMU. The symmetric path enforces a length limit usi…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2423549

Qemu QemuQemu-kvm: stack buffer overflow in e1000 device via short frames in loopback mode

Risk 36
Severity
6.2
First published (updated )
CVE-2025-12464

Qemu QemuBuffer Overflow

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2408845

Qemu QemuQemu-kvm: vnc websocket handshake use-after-free

Risk 43
Severity
7.5
First published (updated )
CVE-2025-11234
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Qemu QemuUse After Free

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2401209

BleepingComputerNew VMScape attack breaks guest-host isolation on AMD, Intel CPUs

First published (updated )
News
BleepingComputer

Qemu QemuQEMU uefi-vars Uninitialized Memory Information Disclosure Vulnerability

Risk 22
First published (updated )
Advisory
ZDI-25-884

Qemu QemuZDI-25-884: QEMU uefi-vars Uninitialized Memory Information Disclosure Vulnerability

Risk 22
First published (updated )
ZDI-CAN-27261

Qemu QemuQemu-kvm: uefi-vars: information disclosure vulnerability in uefi_vars_write callback

Risk 18
Severity
3.3
First published (updated )
CVE-2025-8860
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Qemu Qemuhw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue …

Risk 34
Severity
5.4
First published (updated )
CVE-2025-54567

Qemu Qemuhw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to C…

Risk 34
Severity
5.4
First published (updated )
CVE-2025-54566

Linux Linux kernelvhost-scsi: protect vq->log_used with vq->mutex

Risk 32
Severity
5.5
First published (updated )
CVE-2025-38074

Qemu QemuQEMU SCSI Use-After-Free Local Privilege Escalation Vulnerability

Risk 65
Severity
8.2
First published (updated )
Advisory
ZDI-24-1382

Qemu QemuZDI-24-1382: QEMU SCSI Use-After-Free Local Privilege Escalation Vulnerability

Risk 65
Severity
8.2
First published (updated )
ZDI-CAN-23962
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Qemu QemuQemu-kvm: information leak in virtio devices

Risk 15
Severity
3.8
EPSS
0.04%
First published (updated )
CVE-2024-8612

Qemu QemuA flaw was found in QEMU in the virtio-scsi, virtio-blk and virtio-crypto devices. The size for virt…

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2313760

redhat Enterprise LinuxQemu-kvm: usb: assertion failure in usb_ep_get()

Risk 24
Severity
5.5
EPSS
0.04%
First published (updated )
CVE-2024-8354

Qemu QemuAn assertion failure was found in QEMU in the usb_ep_get() function in hw/net/core.c. The TD PID nee…

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2313497

debian/qemuQemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb()

Risk 72
Severity
7.8
First published (updated )
CVE-2024-7730
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Qemu QemuWhen reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb(), we do not check w…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2304289

Qemu QemuQemu: denial of service via improper synchronization in qemu nbd server during socket closure

Risk 31
Severity
7.5
EPSS
0.04%
First published (updated )
CVE-2024-7409

redhat Enterprise LinuxQemu-kvm: virtio-net: queue index out-of-bounds access in software rss

Risk 28
Severity
6.8
EPSS
0.04%
First published (updated )
CVE-2024-6505

Qemu QemuA flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net n…

Risk 18
Severity
4
First published (updated )
REDHAT-BUG-2295760

Qemu QemuQEMU SCSI Use-After-Free Local Privilege Escalation Vulnerability

Risk 67
Severity
8.2
First published (updated )
CVE-2024-6519
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203