libceph: return the handler error from mon_handle_auth_done()

libceph: make free_choose_arg_map() resilient to partial allocation

libceph: replace overzealous BUG_ON in osdmap_apply_incremental()

libceph: prevent potential out-of-bounds reads in handle_auth_done()

net: mscc: ocelot: Fix crash when adding interface under a lag

nfsd: provide locking for v4_end_grace

SourcelessFileLoader does not use io.open_code()

net: fix memory leak in skb_segment_list for GRO packets

wifi: avoid kernel-infoleak from struct iw_point

net: sock: fix hardened usercopy panic in sock_recv_errqueue

net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset

LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*

virtualenv Has TOCTOU Vulnerabilities in Directory Creation

filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock

LIBPNG has a heap buffer over-read in png_image_read_direct_scaled (regression from CVE-2025-65018 fix)

Null Pointer Dereference in SubtableUnicodesCache::create leading to DoS

Qemu-kvm: heap buffer out-of-bounds read in vmdk compressed grain parsing

OpenLDAP <= 2.6.10 LMDB mdb_load Heap Buffer Underflow in readline()

zlib <= 1.3.1.2 untgz Global Buffer Overflow in TGZfname()

rsa crate has potential panic on a prime being equal to 1