Sign-up

VARIoT news about IoT security

Latest news

The news are found with our scripts for filtering search results.
Additional information about vulnerabilities, affected products and external identifiers are obtained with NLP and custom filters from found news.

Gray Hats on X: "SICK PSIRT warns of critical vulnerabilities (CVE-2026-2330, CVE-2026-2331) in Lector85x and Lector83x scanners allowing full device takeover. Update now #SICKLector #CVE20262331 #ICSSecurity #CyberSecurity #IndustrialAutomation #Vulnerability #PatchAlert https://t.co/AcoU8ZAMxD https://t.co/WdJPqdaQYs" / X

Trust: 3.25

Fetched: March 18, 2026, 10:26 a.m., Published: March 18, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2026-2330, CVE-2026-2331

Mar 2026: Windows Connected Devices Platform Service Elevation of Privilege Vulnerability: CVE-2026-24292 March 2026

Trust: 3.25

Fetched: March 18, 2026, 10:20 a.m., Published: March 18, 2026, midnight
 Vulnerabilities: use after free
Affected productsExternal IDs
db: NVD ids: CVE-2026-24292

“Good enough” emulation: Fuzzing a single thread to uncover vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202512-0007, VAR-202512-0008, VAR-202512-0182, VAR-202512-0181

Trust: 5.5

Fetched: March 18, 2026, 10:19 a.m., Published: Feb. 18, 2026, 11 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: snort model: snort
vendor: snort.org model: snort
db: NVD ids: CVE-2025-54848, CVE-2025-54851, CVE-2025-55221, CVE-2025-55222

AppArmor vulnerability fixes available | Ubuntu

Trust: 4.75

Fetched: March 18, 2026, 10:18 a.m., Published: March 12, 2026, midnight
 Vulnerabilities: privilege escalation, denial of service, information leak
Affected productsExternal IDs
vendor: canonical model: ubuntu

GitHub - automate-it0/qualcomm-vulnerability-scanner: A tool to scan Android devices for the recently exploited Qualcomm flaw CVE-2026-21385, providing a simple and efficient way to identify vulnerable devices and apply necessary patches. · GitHub

Trust: 3.0

Fetched: March 18, 2026, 10:18 a.m., Published: March 1, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2026-21385

Fixing Log4j 2.25 Vulnerabilities: A 2025 Retrospective Guide | Markaicode

Trust: 3.75

Fetched: March 18, 2026, 10:17 a.m., Published: March 18, 2025, midnight
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2025-21385, CVE-2025-21384, CVE-2025-21386

CVE-2026-4187 Tiandy Easy7 Integrated Management Platform Device Identifier UpdateLocalDevInfo.jsp missing authentication

Trust: 3.5

Fetched: March 18, 2026, 10:17 a.m., Published: July 17, 2000, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2026-4187

Cisco Secure Firewall Management Center Software SQL Injection Vulnerability

Trust: 4.25

Fetched: March 18, 2026, 10:16 a.m., Published: March 4, 2026, 4:11 p.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: cisco model: asa software

Hackers Exploit Critical BeyondTrust Vulnerability to Deploy VShell and SparkRAT

Trust: 4.5

Fetched: March 18, 2026, 10:16 a.m., Published: Feb. 20, 2026, 6:56 a.m.
 Vulnerabilities: service disruption, command execution, parameter injection...
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks
db: NVD ids: CVE-2024-12356, CVE-2026-1731

If You Have One of These Older Apple Devices, Update It ASAP | Lifehacker

Trust: 5.75

Fetched: March 18, 2026, 10:09 a.m., Published: March 12, 2026, 10:30 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: ipod touch
vendor: apple model: iphone
db: NVD ids: CVE-2023-43000, CVE-2023-41974, CVE-2024-23222, CVE-2023-43010

Microsoft Releases Emergency Windows 11 Hotpatch to Fix Remote Code Execution Flaw - gHacks Tech News

Trust: 4.25

Fetched: March 18, 2026, 10:04 a.m., Published: March 15, 2026, 9:39 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2026-25172, CVE-2026-25173, CVE-2026-26111

Android's March 2026 security patch fixes over 100 flaws, one under targeted exploitation - Help Net Security

Trust: 5.75

Fetched: March 18, 2026, 10:03 a.m., Published: March 3, 2026, 9:38 a.m.
 Vulnerabilities: code execution, privilege escalation, information disclosure
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2026-0030, CVE-2026-0031, CVE-2026-0037, CVE-2025-48631, CVE-2026-0028, CVE-2026-0038, CVE-2026-0047, CVE-2024-43859, CVE-2026-21385, CVE-2026-0006, CVE-2026-0027

CVE-2020-0989 - Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability

Trust: 4.25

Fetched: March 18, 2026, 10:03 a.m., Published: Sept. 11, 2020, 5:15 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2020-0989

CVE-2026-4197 - D-Link Multiple NAS Devices Command…

Trust: 4.25

Fetched: March 18, 2026, 9:55 a.m., Published: March 6, 2026, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-4197

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

Trust: 5.25

Fetched: March 18, 2026, 9:50 a.m., Published: March 12, 2026, 9:58 a.m.
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad air
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: ipod touch
vendor: apple model: iphone
db: NVD ids: CVE-2023-41974, CVE-2023-38606, CVE-2024-23222, CVE-2023-43000, CVE-2023-32434, CVE-2023-43010

[updated] Google patches two Chrome zero-days under active attack | Malwarebytes

Trust: 4.5

Fetched: March 18, 2026, 9:46 a.m., Published: March 13, 2026, 12:58 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2026-3909

CVE-2025-44650: Denial of Service Vulnerability in Netgear R7000 and EAX80 - Ameeba Exploit Tracker

Related entries in the VARIoT vulnerabilities database: VAR-202507-3140

Trust: 6.0

Fetched: March 18, 2026, 9:45 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: netgear model: r7000
db: NVD ids: CVE-2025-44650

Grandstream VoIP Phones Vulnerability Allows Attackers to Gain Root Privileges

Trust: 5.0

Fetched: March 18, 2026, 9:45 a.m., Published: Feb. 20, 2026, 1:57 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: grandstream model: gxp1600
db: NVD ids: CVE-2026-2329

Is Your Android Device Secure? New Vulnerability Allows Hac

Trust: 3.25

Fetched: March 18, 2026, 9:42 a.m., Published: March 18, 2013, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

CVE-2026-22317 Phoenix Contact FL SWITCH 2005, FL SWITCH 2... CVETodo

Trust: 5.75

Fetched: March 18, 2026, 9:41 a.m., Published: March 18, 2005, midnight
 Vulnerabilities: denial of service, privilege escalation, command execution...
Affected productsExternal IDs
vendor: phoenix model: contact fl switch
db: NVD ids: CVE-2026-22317