EUVD-2026-2833

Not used...

EUVD-2026-2442

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Flag allows Cross-Site Scripting XSS.This issue affects Flag: from 7.X-3.0 through 7.X-3.9...

EUVD-2026-2459

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...

EUVD-2026-2480

In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws Commit f316cdff8d67 "clk: Annotate struct clkhwonecelldata with countedby" annotated the hws member of 'struct clkhwonecelldata' with countedby, which informs the...

EUVD-2026-2468

In the Linux kernel, the following vulnerability has been resolved: drm/tilcdc: Fix removal actions in case of failed probe The drmkmshelperpollfini and drmatomichelpershutdown helpers should only be called when the device has been successfully registered. Currently, these functions are called...

EUVD-2026-2473

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" This patch ensures that the RX ring size rxpending is not set below the permitted length. This avoids UBSAN shift-out-of-bounds errors when users passes small or zero ring size...

EUVD-2026-2485

In the Linux kernel, the following vulnerability has been resolved: media: adv7842: Avoid possible out-of-bounds array accesses in adv7842cplogstatus It's possible for cpread and hdmiread to return -EIO. Those values are further used as indexes for accessing arrays. Fix that by checking return...

EUVD-2026-2487

In the Linux kernel, the following vulnerability has been resolved: erspan: Initialize optionslen before referencing options. The struct iptunnelinfo has a flexible array member named options that is protected by a countedbyoptionslen attribute. The compiler will use this information to enforce...

EUVD-2026-2489

In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: Check for overflow in IOMMUTESTOPADDRESERVED syzkaller found it could overflow math in the test infrastructure and cause a WARNON by corrupting the reserved interval tree. This only effects test kernels with...

EUVD-2026-2495

In the Linux kernel, the following vulnerability has been resolved: parisc: Do not reprogram affinitiy on ASP chip The ASP chip is a very old variant of the GSP chip and is used e.g. in HP 730 workstations. When trying to reprogram the affinity it will crash with a HPMC as the relevant registers...

EUVD-2026-2497

In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queueifnopath option...

EUVD-2026-2506

In the Linux kernel, the following vulnerability has been resolved: net: hns3: add VLAN id validation before using Currently, the VLAN id may be used without validation when receive a VLAN configuration mailbox from VF. The length of vlandelfailbmap is BITSTOLONGSVLANNVID. It may cause...

EUVD-2026-2501

In the Linux kernel, the following vulnerability has been resolved: hwmon: w83791d Convert macros to functions to avoid TOCTOU The macro FANFROMREG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Check to Time-of-Use TOCTO...

EUVD-2026-2502

In the Linux kernel, the following vulnerability has been resolved: f2fs: ensure node page reads complete before f2fsputsuper finishes Xfstests generic/335, generic/336 sometimes crash with the following message: F2FS-fs dm-0: detect filesystem reference count leak during umount, type: 9, count: ...

EUVD-2026-2515

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer When advancing the target expiration for the guest's APIC timer in periodic mode, set the expiration to "now" if the target expiration is in the past...

EUVD-2026-2513

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...

EUVD-2026-2484

A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory...

EUVD-2026-2510

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 Android and 7.4.1 iOS...

EUVD-2026-2527

The Stopwords for comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the 'setstopwordsforcomments' and 'deletestopwordsforcomments' functions. This makes it possible for unauthenticated...

EUVD-2026-2543

The Gotham Block Extra Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...