CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

852 matches found

CVE-2026-42487

CVE-2026-42487 concerns the Xen hypervisor’s handling of x86 HVM I/O port list traversal. The root cause stated in the sources is that traversal of the linked list used for guest I/O port accesses requires synchronization with updates to the translation/mapping (XEN_DOMCTL_ioport_mapping), but th...

7.9CVSS5.2AI score0.00095EPSS

Exploits0References3

OSV•added 2026/06/10 7:39 a.m.•5 views

SUSE-SU-2026:2328-1 Security update for xen

This update for xen fixes the following issues: - CVE-2026-42487: x86 HVM I/O port list traversal bsc1266952. - CVE-2026-42488: x86: mismatched mapcache metadata bsc1266955. - CVE-2026-42489,CVE-2026-42490: domctl lock open to abuse bsc1266953...

8.1CVSS5.4AI score0.00353EPSS

Exploits0References8

OSV•added 2026/06/05 10:43 a.m.•3 views

MINI-4V25-HVM2-HP78

Bulletin has no description...

7.5CVSS5.1AI score0.00159EPSS

Exploits0

Positive Technologies•added 2026/01/01 12:0 a.m.•5 views

PT-2026-27499

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Xen privcmd driver allows user space processes to issue arbitrary hypercalls. Normally, access is limited to root and the hypervisor denies hypercalls affecting other domains. Howeve...

8.2CVSS6AI score0.00154EPSS

Exploits0References294

Xen Project•added 2025/10/24 12:14 p.m.•11 views

Incorrect removal of permissions on PCI device unplug

ISSUE DESCRIPTION When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the...

7.5CVSS6.8AI score0.00354EPSS

Exploits0Affected Software1