CVE-2026-23185

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: cancel mloscanstartwk mloscanstartwk is not canceled on disconnection. In fact, it is not canceled anywhere except in the restart cleanup, where we don't really have to. This can cause an init-after-queue issu...

A Scan-Based Analysis of Internet-Exposed IoT Devices Using Shodan Data

An open measurement problem in IoT security is whether scan-observable network configurations encode population-level exposure risk beyond individual devices. An analysis of internet-exposed IoT endpoints using a controlled multi-country sample from Shodan Search and Shodan InternetDB, selecting...

modelscan-bypass-poc

⚠️ ModelScan Bypass PoC — Security Research WARNING: This...

CVE-2026-23185

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: cancel mloscanstartwk mloscanstartwk is not canceled on disconnection. In fact, it is not canceled anywhere except in the restart cleanup, where we don't really have to. This can cause an init-after-queue issu...

CVE-2026-23185

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: cancel mloscanstartwk mloscanstartwk is not canceled on disconnection. In fact, it is not canceled anywhere except in the restart cleanup, where we don't really have to. This can cause an init-after-queue issu...

PT-2026-8193

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: cancel mlo scan start wk mlo scan start wk is not canceled on disconnection. In fact, it is not canceled anywhere except in the restart cleanup, where we don't really have to. This can cause an init-after-queu...

CVE-2026-26005

CVE-2026-26005 affects ClipBucket v5 prior to 5.5.3; the Remote Play feature allows creating video entries that reference external video URLs without uploading files. If an attacker specifies an internal network host in the video URL, an SSRF is triggered, causing GET requests to internal servers...

SUSE SLES12 Security Update : avahi (SUSE-SU-2026:0422-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0422-1 advisory. - CVE-2025-68276: avahi: reachable assertion in avahiwideareascancache can lead to crash of avahi- daemon bsc1256498. - CVE-2025-68468: avahi:...

Exploit for CVE-2025-69600

CVE-2025-69600 - author: Rafael José Núñez Gulías - com...

Security update for avahi

This update for avahi fixes the following issues: CVE-2025-68276: avahi: reachable assertion in avahiwideareascancache can lead to crash of avahi-daemon bsc1256498. CVE-2025-68468: avahi: reachable assertion in lookupmulticastcallback can lead to crash of avahi-daemon bsc1256499. CVE-2025-68471:...

IBM Db2 Denial of Service Vulnerability (CNVD-2026-14678)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which arises from improper neutralization of speci...

DoraCMS 代码问题漏洞

DoraCMS is an open-source application developed by DoraCMS. It is a content management system built using Node.js, eggjs, and MongoDB. Versions of DoraCMS 3.1 and earlier have code vulnerabilities. These vulnerabilities stem from the UEditor’s remote image retrieval feature, which involves...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the uvcscanstreaming function in the UVC Descriptor Handler component. An attacker can cause a denial of service by triggering a null pointer dereference through local access. Remediation There is no fixed...

UBUNTU-CVE-2026-1991

A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvcscanstreaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be use...

CVE-2026-1991

A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvcscanstreaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be use...

CVE-2026-1991 libuvc UVC Descriptor device.c uvc_scan_streaming null pointer dereference

A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvcscanstreaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be use...

CVE-2026-1991

CVE-2026-1991 affects libuvc up to 0.0.7. The vulnerability is a null pointer dereference in uvc_scan_streaming (src/device.c) of the UVC Descriptor Handler. Local access is required, and public exploit activity is noted. Multiple sources (NVD, Ubuntu, Red Hat, OSV, Debian tracker, CVE listing) d...

Linux Distros Unpatched Vulnerability : CVE-2026-1991

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvcscanstreaming of the file src/device.c of the component UVC Descriptor Handler...

PT-2026-6675

Name of the Vulnerable Software and Affected Versions libuvc versions prior to 0.0.8 Description A flaw exists in libuvc up to version 0.0.7 related to the uvc scan streaming function within the UVC Descriptor Handler component, specifically in the src/device.c file. This issue can lead to a null...

IBM DB2 Multiple Vulnerabilities (7257697, 7257698) (Unix)

According to its self-reported version number, IBM Db2 on Unix may be affected by a multiple vulnerabilities: - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper...