Sign-up

VARIoT news about IoT security

Latest news

The news are found with our scripts for filtering search results.
Additional information about vulnerabilities, affected products and external identifiers are obtained with NLP and custom filters from found news.

CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild - Security Boulevard

Trust: 3.0

Fetched: April 8, 2026, 9:46 a.m., Published: April 6, 2026, 2:21 p.m.
 Vulnerabilities: access control vulnerability, improper access control
Affected productsExternal IDs
db: NVD ids: CVE-2026-35616

Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation Vulnerability (CVE-2026-23092) - SystemTek - Technology news and information

Trust: 3.75

Fetched: April 8, 2026, 9:45 a.m., Published: April 4, 2026, 6:45 p.m.
 Vulnerabilities: privilege escalation, improper validation
Affected productsExternal IDs
db: NVD ids: CVE-2026-23092

Apple iOS vulnerabilities (DarkSword exploit): Find impacted

Trust: 5.75

Fetched: April 8, 2026, 9:45 a.m., Published: March 24, 2026, 7:53 p.m.
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: apple model: tvos
vendor: apple model: macos
vendor: apple model: watchos
db: NVD ids: CVE-2025-43529, CVE-2025-43510, CVE-2025-43520, CVE-2026-20700, CVE-2025-14174, CVE-2025-31277

CVE-2026-20042 | TenableĀ®

Trust: 4.25

Fetched: April 8, 2026, 9:45 a.m., Published: April 1, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: nexus
db: NVD ids: CVE-2026-20042

14,000+ F5 BIG-IP APM Instances Exposed as RCE Exploits Surge

Trust: 4.75

Fetched: April 8, 2026, 9:38 a.m., Published: April 3, 2026, 12:49 p.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-53521

Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access Vulnerability

Trust: 3.25

Fetched: April 8, 2026, 9:37 a.m., Published: April 1, 2026, 3:51 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: nexus

Ninja Forms: 50,000 WordPress Sites Exposed to Critical Ninja Forms File Upload RCE Vulnerability

Trust: 4.5

Fetched: April 8, 2026, 9:37 a.m., Published: March 19, 2026, midnight
 Vulnerabilities: file upload vulnerability, path traversal, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2026-0740

2026 Cybersecurity Trends: Dominance of Vulnerability Exploits | Quantum Safe News Center

Trust: 3.0

Fetched: April 8, 2026, 9:36 a.m., Published: April 8, 2026, midnight
 Vulnerabilities: path traversal
Affected productsExternal IDs

Mongoose: Preauth RCE and mTLS Bypass on Millions of Devices | evilsocket

Trust: 6.25

Fetched: April 8, 2026, 9:34 a.m., Published: April 2, 2026, midnight
 Vulnerabilities: buffer overflow, authentication bypass, code execution
Affected productsExternal IDs
vendor: broadcom model: linux
vendor: cesanta model: mongoose
vendor: cesanta model: mongoose server
vendor: samsung model: printers
vendor: samsung model: samsung
vendor: bosch model: ip cameras
vendor: google model: home
db: NVD ids: CVE-2026-5246, CVE-2026-5245, CVE-2026-5244

CVE-2026-20041 - Cisco Nexus Dashboard Server Side Request Forgery Vulnerability

Trust: 6.25

Fetched: April 8, 2026, 9:34 a.m., Published: April 1, 2026, 5:28 p.m.
 Vulnerabilities: request forgery
Affected productsExternal IDs
vendor: cisco model: nexus
db: NVD ids: CVE-2026-20041

Android Security Flaw Allows Hackers to Unlock Phones in Under a Minute

Trust: 3.5

Fetched: April 8, 2026, 9:33 a.m., Published: April 6, 2026, 12:31 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone
vendor: samsung model: notes
vendor: samsung model: android
vendor: samsung model: samsung
vendor: google model: android
db: NVD ids: CVE-2026-20435

CVE-2025-55611: Buffer Overflow in D-Link DIR-619L 2.06B01 formLanguageChange Function - Ameeba Security Research

Related entries in the VARIoT vulnerabilities database: VAR-202508-2311

Trust: 6.0

Fetched: April 8, 2026, 9:32 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: d-link model: dir-619l
db: NVD ids: CVE-2025-55611

CVE-2025-10681 - Vulnerability Details - OpenCVE

Trust: 3.0

Fetched: April 8, 2026, 9:31 a.m., Published: May 8, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-10681

Apple Issues Urgent Security Update to Counter 'Darksword' iPhone Hack - British Brief

Trust: 3.25

Fetched: April 8, 2026, 9:30 a.m., Published: April 2, 2026, 3:05 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

Medical Device Breach Statistics 2026 Report - ORDR

Trust: 4.0

Fetched: April 8, 2026, 9:21 a.m., Published: April 3, 2026, 8:21 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs

Android flaw on MediaTek phones may bypass your PIN in under a minute | Fox News

Trust: 3.5

Fetched: April 8, 2026, 9:17 a.m., Published: May 8, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: notes
vendor: samsung model: android
vendor: samsung model: samsung
vendor: samsung model: android phone
vendor: samsung model: mobile
vendor: google model: android
db: NVD ids: CVE-2026-20435

Android Security Bulletin-April 2026 | Android Open Source Project

Trust: 4.25

Fetched: April 8, 2026, 9:16 a.m., Published: April 8, 2026, midnight
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
vendor: samsung model: notes
vendor: samsung model: android
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: google model: android
vendor: google model: pixel
vendor: motorola model: android
vendor: motorola model: motorola
vendor: huawei model: huawei
db: NVD ids: CVE-2025-48651, CVE-2026-0049

This Android vulnerability can break your lock screen in under 60 seconds | Malwarebytes

Trust: 3.0

Fetched: April 8, 2026, 9:10 a.m., Published: March 12, 2026, 1:13 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2026-20435

Gray Hats on X: "SICK PSIRT warns of critical vulnerabilities (CVE-2026-2330, CVE-2026-2331) in Lector85x and Lector83x scanners allowing full device takeover. Update now #SICKLector #CVE20262331 #ICSSecurity #CyberSecurity #IndustrialAutomation #Vulnerability #PatchAlert https://t.co/AcoU8ZAMxD https://t.co/WdJPqdaQYs" / X

Trust: 3.25

Fetched: March 18, 2026, 10:26 a.m., Published: March 18, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2026-2330, CVE-2026-2331

Mar 2026: Windows Connected Devices Platform Service Elevation of Privilege Vulnerability: CVE-2026-24292 March 2026

Trust: 3.25

Fetched: March 18, 2026, 10:20 a.m., Published: March 18, 2026, midnight
 Vulnerabilities: use after free
Affected productsExternal IDs
db: NVD ids: CVE-2026-24292