Sign-up

VARIoT news about IoT security

Latest news

The news are found with our scripts for filtering search results.
Additional information about vulnerabilities, affected products and external identifiers are obtained with NLP and custom filters from found news.

CVE-2025-48705: Critical Vulnerability in COROS PACE 3 Leads to Forced Device Reboot - Ameeba Exploit Tracker

Trust: 4.0

Fetched: March 17, 2026, 10:17 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone
db: NVD ids: CVE-2025-48705

Mar 2026: Microsoft Devices Pricing Program Remote Code Execution Vulnerability: CVE-2026-21536 March 2026

Trust: 4.0

Fetched: March 17, 2026, 10:16 a.m., Published: March 17, 2026, midnight
 Vulnerabilities: file upload vulnerability, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2026-21536

Netis Router Exploit Chain (CVE-2024-48455-48457): Unauthenticated RCE with Metasploit | Markaicode

Trust: 3.75

Fetched: March 17, 2026, 10:15 a.m., Published: May 6, 2025, midnight
 Vulnerabilities: code execution, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2024-48456, CVE-2024-48457, CVE-2024-48455

CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs

Trust: 5.25

Fetched: March 17, 2026, 10:15 a.m., Published: Feb. 19, 2026, 11:54 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2026-1670

XBOW on X: "“The vulnerability with the highest CVSS score in this month’s update is a critical remote code execution flaw in the Microsoft Devices Pricing Program. CVE-2026-21536 (CVSS score: 9.8), per Microsoft, has been fully mitigated [...] Artificial intelligence (AI)-powered autonomous" / X

Trust: 4.0

Fetched: March 17, 2026, 10:15 a.m., Published: March 17, 2026, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2026-21536

Product and Support News | WatchGuard Technologies

Trust: 3.0

Fetched: March 17, 2026, 10:14 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: watchguard model: firebox
vendor: watchguard model: fireware

‎m17 R2, BIOS installer blocked, vulnerable driver amifldrv64.sys | DELL Technologies

Trust: 3.25

Fetched: March 17, 2026, 10:13 a.m., Published: March 1, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

Hobby coder accidentally creates vacuum robot army | Malwarebytes

Trust: 3.75

Fetched: March 17, 2026, 10:05 a.m., Published: Feb. 17, 2026, 10:20 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: samsung model: samsung

Industrial Control System Vulnerabilities Hit Record Highs - Infosecurity Magazine

Trust: 3.0

Fetched: March 17, 2026, 10:04 a.m., Published: Feb. 19, 2026, 1 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rapid model: scada

AppArmor vulnerability fixes available | Ubuntu

Trust: 4.75

Fetched: March 17, 2026, 10:01 a.m., Published: March 12, 2026, midnight
 Vulnerabilities: privilege escalation, information leak, denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

Cisco Secure Firewall Management Center Software SQL Injection Vulnerability

Trust: 4.25

Fetched: March 17, 2026, 10:01 a.m., Published: March 4, 2026, 4:11 p.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: cisco model: asa software

Apache NiFi Vulnerability Enables Authorization Bypass

Trust: 3.0

Fetched: March 17, 2026, 9:59 a.m., Published: Feb. 17, 2026, 8:21 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2026-25903

Android's March 2026 security patch fixes over 100 flaws, one under targeted exploitation - Help Net Security

Trust: 5.75

Fetched: March 17, 2026, 9:51 a.m., Published: March 3, 2026, 9:38 a.m.
 Vulnerabilities: privilege escalation, code execution, information disclosure
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2026-0030, CVE-2026-21385, CVE-2026-0027, CVE-2026-0038, CVE-2024-43859, CVE-2026-0028, CVE-2026-0047, CVE-2025-48631, CVE-2026-0037, CVE-2026-0006, CVE-2026-0031

CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)

Trust: 5.25

Fetched: March 17, 2026, 9:48 a.m., Published: Feb. 18, 2026, midnight
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: canary model: canary
vendor: grandstream model: gxp1610
vendor: grandstream model: gxp1628
vendor: grandstream model: gxp1615
vendor: grandstream model: gxp1625
vendor: grandstream model: gxp1630
vendor: grandstream model: gxp1620
vendor: grandstream model: gxp1600
db: NVD ids: CVE-2026-2329

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

Trust: 5.25

Fetched: March 17, 2026, 9:46 a.m., Published: March 12, 2026, 9:58 a.m.
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: ipod touch
vendor: apple model: iphone
vendor: apple model: macos
db: NVD ids: CVE-2023-43000, CVE-2023-32434, CVE-2024-23222, CVE-2023-38606, CVE-2023-41974, CVE-2023-43010

CVE-2026-4196 - Command Injection Vulnerability in Multiple…

Trust: 6.0

Fetched: March 17, 2026, 9:46 a.m., Published: March 6, 2026, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: d-link model: dns-325
vendor: d-link model: dns-345
vendor: d-link model: dns-323
vendor: d-link model: dns-340l
vendor: d-link model: dnr-326
vendor: d-link model: dns-320l
vendor: d-link model: dnr-322l
vendor: d-link model: dns-320lw
vendor: d-link model: dns-320
vendor: d-link model: dns-327l
db: NVD ids: CVE-2026-4196

875 Million Android Phones At Risk From 60-Second Hack

Trust: 4.0

Fetched: March 17, 2026, 9:39 a.m., Published: March 16, 2026, 7:34 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone
db: NVD ids: CVE-2026-20435

Qualcomm GBL Exploit Unlocks Bootloaders on Android 16 Flagships

Trust: 3.25

Fetched: March 17, 2026, 9:37 a.m., Published: March 16, 2026, 9:25 a.m.
 Vulnerabilities: code execution, command injection
Affected productsExternal IDs
vendor: samsung model: galaxy
vendor: samsung model: android
vendor: samsung model: samsung
vendor: xiaomi model: redmi
vendor: xiaomi model: miui
vendor: oneplus model: oneplus

CVE-2026-29510 - Hereta ETH-IMC408M Stored XSS via Device Name

Trust: 4.0

Fetched: March 17, 2026, 9:35 a.m., Published: March 16, 2026, 6:16 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2026-29510

Protocol guided mutation fuzzing to automatically discover vulnerability in commercial IoT devices | Discover Internet of Things | Springer Nature Link

Trust: 5.5

Fetched: March 17, 2026, 9:34 a.m., Published: March 14, 2026, midnight
 Vulnerabilities: code injection