mm: call ->free_folio() directly in folio_unmap_invalidate()

...

rxrpc: Only put the call ref if one was acquired

...

media: em28xx: fix use-after-free in em28xx_v4l2_open()

...

fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO

...

KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION

...

Input: uinput - fix circular locking dependency with ff-core

...

KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU

...

ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0

...

usbip: validate number_of_packets in usbip_pack_ret_submit()

...

net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool()

...

futex: Clear stale exiting pointer in futex_lock_pi() retry path

...

OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users

...

ALSA: fireworks: bound device-supplied status before string array lookup

...

Mako: Path traversal via double-slash URI prefix in TemplateLookup

...

Chromium: CVE-2026-6921 Race in GPU

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-6919 Use after free in DevTools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.

...

can: raw: fix ro->uniq use-after-free in raw_rcv()

...

Microsoft Power Apps Remote Code Execution Vulnerability

Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network...

Azure IoT Central Elevation of Privilege Vulnerability

Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network...

Microsoft Entra ID Entitlement Management Spoofing Vulnerability

Server-side request forgery ssrf in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network...

Microsoft Bing Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network...

Microsoft Purview eDiscovery Elevation of Privilege Vulnerability

Server-side request forgery ssrf in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network...

Microsoft Partner Center Elevation of Privilege Vulnerability

Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network...

Microsoft 365 Copilot Elevation of Privilege Vulnerability

Url redirection to untrusted site 'open redirect' in M365 Copilot allows an unauthorized attacker to elevate privileges over a network...

Microsoft Dynamics 365 (online) Spoofing Vulnerability

Server-side request forgery ssrf in Microsoft Dynamics 365 Online allows an unauthorized attacker to perform spoofing over a network...

Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input

...

module: Fix kernel panic when a symbol st_shndx is out of bounds

...

media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex

...

ext4: publish jinode after initialization

...

net: macb: use the current queue number for stats

...

Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()

...

RDMA/irdma: Initialize free_qp completion before using it

...

erofs: add GFP_NOIO in the bio completion if needed

...

bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN

...

xfs: avoid dereferencing log items after push callbacks

...

Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop

...

udp: Fix wildcard bind conflict check when using hash2

...

tracing: Fix potential deadlock in cpu hotplug with osnoise

...

perf: Make sure to use pmu_ctx->pmu for groups

...

ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio

...

nfc: nci: fix circular locking dependency in nci_close_device

...

ksmbd: fix memory leaks and NULL deref in smb2_lock()

...

ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()

...

HID: magicmouse: avoid memory leak in magicmouse_report_fixup()

...

ksmbd: fix use-after-free and NULL deref in smb_grant_oplock()

...

ext4: reject mount if bigalloc with s_first_data_block != 0

...

Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock

...

dmaengine: xilinx: xdma: Fix regmap init error handling

...

net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer

...