EUVD-2026-2291

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix a job-pasid access race in gpu recovery Avoid a possible UAF in GPU recovery due to a race between the sched timeout callback and the tdr work queue. The gpu recovery function calls drmschedstop and later...

EUVD-2026-2321

In the Linux kernel, the following vulnerability has been resolved: hwmon: ibmpex fix use-after-free in high/low store The ibmpexhighlowstore function retrieves driver data using devgetdrvdata and uses it without validation. This creates a race condition where the sysfs callback can be invoked...

EUVD-2026-2289

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix double unregister of HCAPORTS component Clear hcadevcomcomp in device's private data after unregistering it in LAG teardown. Otherwise a slightly lagging second pass through mlx5unloadone might try to unregister it...

EUVD-2026-2301

In the Linux kernel, the following vulnerability has been resolved: ksmbd: skip lock-range check on equal size to avoid size==0 underflow When size equals the current isize including 0, the code used to call checklockrangefilp, isize, size - 1, WRITE, which computes size - 1 and can underflow for...

EUVD-2026-2336

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: only set freecpus for online runqueues Commit 16b269436b72 "sched/deadline: Modify cpudl::freecpus to reflect rd-online" introduced the cpudlset/clearfreecpu functions to allow the cpudl::freecpus mask to be...

EUVD-2026-2322

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current...

EUVD-2026-2314

In the Linux kernel, the following vulnerability has been resolved: Input: tiam335xtsc - fix off-by-one error in wireorder validation The current validation 'wireorderi ARRAYSIZEconfigpins' allows wireorderi to equal ARRAYSIZEconfigpins, which causes out-of-bounds access when used as index in...

EUVD-2026-2334

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2findvictimchain syzbot reported a kernel BUG in ocfs2findvictimchain because the clnextfreerec field of the allocation chain list next free slot in the chain list is 0, triggring the...

EUVD-2026-2319

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix XDPTX path For XDPTX action in bnxtrxxdp, clearing of the event flags is not correct. bnxtpollwork - bnxtrxpkt - bnxtrxxdp may be looping within NAPI and some event flags may be set in earlier iterations. In particula...

EUVD-2026-2347

A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges...

EUVD-2026-2357

Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality...

EUVD-2026-2351

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data including user names,...

EUVD-2026-2352

The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpisadmininit' function's permission check. This makes it possible for authenticated attackers, with Contributor-level access and...

EUVD-2026-2354

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Lemonsoft WordPress add on allows Cross-Site Scripting XSS.This issue affects WordPress add on: 2025.7.1...

EUVD-2026-2082

Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox 147 and Firefox ESR 140.7...

EUVD-2026-2341

Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox 147 and Firefox ESR 140.7...

EUVD-2026-2077

Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox 147 and Firefox ESR 140.7...

EUVD-2026-2085

Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox 147, Firefox ESR 115.32, and Firefox ESR 140.7...

EUVD-2026-2355

Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module...

EUVD-2026-2362

Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a...