EUVD-2026-4282

In the Linux kernel, the following vulnerability has been resolved: ublk: fix use-after-free in ublkpartitionscanwork A race condition exists between the async partition scan work and device teardown that can lead to a use-after-free of ub-ubdisk: 1. ublkctrlstartdev schedules partitionscanwork...

EUVD-2026-4293

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference count leak in bpfprogtestrunxdp syzbot is reporting unregisternetdevice: waiting for sit0 to become free. Usage count = 2 problem. A debug printk patch found that a refcount is obtained at xdpconvertmdtobuff fr...

EUVD-2026-4301

In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL ptr issue after soft reset During soft reset, the RSS LUT is freed and not restored unless the interface is up. If an ethtool command that accesses the rss lut is attempted immediately after reset, it will...

EUVD-2026-4291

In the Linux kernel, the following vulnerability has been resolved: libceph: make freechooseargmap resilient to partial allocation freechooseargmap may dereference a NULL pointer if its caller fails after a partial allocation. For example, in decodechooseargs, if allocation of argmap-args fails,...

EUVD-2026-4302

In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from monhandleauthdone Currently any error from cephauthhandlereplydone is propagated via finishauth but isn't returned from monhandleauthdone. This results in higher layers learning that despite...

EUVD-2026-4287

In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUGON in osdmapapplyincremental If the osdmap is maliciously corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the...

EUVD-2026-4303

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy syzbot reported a crash in tcactinhw during netns teardown where tcfidrinfodestroy passed an ERRPTR-EBUSY value as a tcaction pointer, leading to an invalid...

EUVD-2026-4315

In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix race condition for gdev-srcu If two drivers were calling gpiochipadddatawithkey, one may be traversing the srcu-protected list in gpionametodesc, meanwhile other has just added its gdev in gpiodevaddtolistunlocked...

EUVD-2026-4298

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handleauthdone Perform an explicit bounds check on payloadlen to avoid a possible out-of-bounds access in the callout. idryomov: changelog...

EUVD-2026-4281

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix crash when adding interface under a lag Commit 15faa1f67ab4 "lan966x: Fix crash when adding interface under a lag" fixed a similar issue in the lan966x driver caused by a NULL pointer dereference. The...

EUVD-2026-4306

In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: ensure worker is torn down When an IRQ worker is running, unplugging the device would cause a crash. The sealevel hardware this driver was written for was not hotpluggable, so I never realized it. This change uses a...

EUVD-2026-4316

Missing Authorization vulnerability in Syed Balkhi Sugar Calendar Lite sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar Lite: from n/a through = 3.10.1...

EUVD-2026-4331

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in DevsBlink EduBlink Core edublink-core allows PHP Local File Inclusion.This issue affects EduBlink Core: from n/a through = 2.0.7...

EUVD-2026-4332

Missing Authorization vulnerability in Passionate Brains Add Expires Headers & Optimized Minify add-expires-headers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Expires Headers & Optimized Minify: from n/a through = 3.1.0...

EUVD-2026-4339

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Rosebud rosebud allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rosebud: from n/a through = 1.4...

EUVD-2026-4345

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LogicHunt Logo Slider logo-slider-wp allows Stored XSS.This issue affects Logo Slider: from n/a through = 4.9.0...

EUVD-2026-4314

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in saeros1984 Neoforum neoforum allows Blind SQL Injection.This issue affects Neoforum: from n/a through = 1.0...

EUVD-2026-4334

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in saeros1984 Neoforum neoforum allows Reflected XSS.This issue affects Neoforum: from n/a through = 1.0...

EUVD-2026-4338

Missing Authorization vulnerability in Trusona Trusona for WordPress trusona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusona for WordPress: from n/a through = 2.0.0...

EUVD-2026-4313

Missing Authorization vulnerability in Sergiy Dzysyak Suggestion Toolkit suggestion-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Suggestion Toolkit: from n/a through = 5.0...