Windows update

1. CVE-2026-23229 crypto: virtio - Add spinlock protection with virtqueue notification

   Information published.

2. CVE-2026-23221 bus: fsl-mc: fix use-after-free in driver_override_show()

   Information published.

3. CVE-2025-71232 scsi: qla2xxx: Free sp in error path to fix system crash

   Information published.

4. CVE-2026-23222 crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly

   Information published.

5. CVE-2026-23228 smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()

   Information published.

6. CVE-2025-71235 scsi: qla2xxx: Delay module unload while fabric scan in progress

   Information published.

7. CVE-2025-71233 PCI: endpoint: Avoid creating sub-groups asynchronously

   Information published.

8. CVE-2025-71236 scsi: qla2xxx: Validate sp before freeing associated memory

   Information published.

9. CVE-2025-71237 nilfs2: Fix potential block overflow that cause system hang

   Information published.

10. CVE-2026-23169 mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()

    Information published.

11. CVE-2025-68358 btrfs: fix racy bitfield write in btrfs_clear_space_info_full()

    Information published.

12. CVE-2026-23237 platform/x86: classmate-laptop: Add missing NULL pointer checks

    Information published.

13. CVE-2026-23238 romfs: check sb_set_blocksize() return value

    Information published.

14. CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64

    Information published.

15. CVE-2025-67030

    Information published.

16. CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling

    Information published.

17. CVE-2026-21712

    Information published.

18. CVE-2026-34353

    Information published.

19. CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion

    Information published.

20. CVE-2026-33938 Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block

    Information published.

21. CVE-2026-33939 Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation

    Information published.

22. CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion

    Information published.

23. CVE-2026-23236 fbdev: smscufx: properly copy ioctl memory to kernelspace

    Information published.

24. CVE-2025-71238 scsi: qla2xxx: Fix bsg_done() causing double free

    Information published.

25. CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys

    Information published.

26. CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`

    Information published.

27. CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

    Information published.

28. CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing

    Information published.

29. CVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid input

    Information published.

30. CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers

    Information published.

31. CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check

    Information published.

32. CVE-2026-33896 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)

    Information published.

33. CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

    Information published.

34. CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers

    Information published.

35. CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

    Information published.

36. CVE-2026-33916 Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection

    Information published.

37. CVE-2026-33940 Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial

    Information published.

38. Chromium: CVE-2026-4676 Use after free in Dawn

    This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.

39. CVE-2026-3104 Memory leak in code preparing DNSSEC proofs of non-existence

    Information published.

40. CVE-2026-3591 A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass

    Information published.

41. CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64

    Information published.

42. CVE-2026-23399 nf_tables: nft_dynset: fix possible stateful expression memleak in error path

    Information published.

43. CVE-2025-67030

    Information published.

44. CVE-2025-70888

    Information published.

45. CVE-2026-34085

    Information published.

46. CVE-2026-1519 Excessive NSEC3 iterations cause high CPU load during insecure delegation validation

    Information published.

47. CVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection

    Information published.

48. CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys

    Information published.

49. CVE-2026-3119 Authenticated query containing a TKEY record may cause named to terminate unexpectedly

    Information published.

50. CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`

    Information published.