Sign-up

VARIoT news about IoT security

Latest news

The news are found with our scripts for filtering search results.
Additional information about vulnerabilities, affected products and external identifiers are obtained with NLP and custom filters from found news.

CVE-2025-64155 PoC released Command Injection Vulnerability | TenableĀ®

Trust: 3.25

Fetched: Feb. 3, 2026, 10 a.m., Published: Jan. 14, 2026, 8:15 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-64155

Threat Signature Categories

Trust: 4.5

Fetched: Feb. 3, 2026, 9:59 a.m., Published: Jan. 29, 2026, 10:13 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: apple model: installer
vendor: palo model: networks

WhisperPair Vulnerability: Millions of Bluetooth Devices at Risk | Quantum Safe News Center

Trust: 3.75

Fetched: Feb. 3, 2026, 9:59 a.m., Published: May 3, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
vendor: oneplus model: oneplus
db: NVD ids: CVE-2025-36911

Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858) - Help Net Security

Trust: 5.25

Fetched: Feb. 3, 2026, 9:58 a.m., Published: Jan. 28, 2026, 12:10 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2026-24858, CVE-2025-59718

CISA: Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858 - Cyber Security Review

Related entries in the VARIoT vulnerabilities database: VAR-202505-1884, VAR-202505-1034, VAR-202505-1415, VAR-202505-1414

Trust: 5.5

Fetched: Feb. 3, 2026, 9:58 a.m., Published: Jan. 28, 2026, 8:42 a.m.
 Vulnerabilities: command injection, authentication bypass, buffer overflow
Affected productsExternal IDs
vendor: sonicwall model: secure mobile access
vendor: sonicwall model: sma 100
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios
vendor: cisco model: series
vendor: cisco model: ios software
vendor: cisco model: ios xe
db: NVD ids: CVE-2026-24858, CVE-2025-47188, CVE-2025-4427, CVE-2025-4428, CVE-2025-59719, CVE-2025-32756, CVE-2025-32821, CVE-2025-59718, CVE-2025-32819, CVE-2025-32820, CVE-2025-27920

CISA: Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858 - Cyber Security Review

Trust: 5.5

Fetched: Feb. 3, 2026, 9:58 a.m., Published: Jan. 28, 2026, 8:42 a.m.
 Vulnerabilities: authentication bypass, code execution
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: apple model: iphone
vendor: apple model: macos
db: NVD ids: CVE-2020-25179, CVE-2026-24858, CVE-2020-4006, CVE-2025-59719, CVE-2025-59718

678 Vulnerabilities Tracked As Critical CVEs And PoCs Rise

Related entries in the VARIoT vulnerabilities database: VAR-201905-0853

Trust: 5.5

Fetched: Feb. 3, 2026, 9:57 a.m., Published: Jan. 9, 2026, 10:56 a.m.
 Vulnerabilities: file upload vulnerability, file inclusion, code injection...
Affected productsExternal IDs
vendor: sony model: bravia
vendor: sierra wireless model: wireless airlink es450 fw
vendor: sierra wireless model: es450
vendor: sierra wireless model: airlink es450
vendor: sierra wireless model: wireless airlink es450
vendor: node.js model: node.js
vendor: schneider model: concept
vendor: schneider electric model: concept
vendor: sierra model: wireless airlink es450 fw
vendor: sierra model: es450
vendor: sierra model: airlink es450
vendor: sierra model: wireless airlink es450
db: NVD ids: CVE-2025-52691, CVE-2020-36923, CVE-2025-68428, CVE-2025-13915, CVE-2025-68668, CVE-2025-59287, CVE-2009-0556, CVE-2025-3699, CVE-2025-37164, CVE-2018-4063, CVE-2025-60534

CISA: Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858 - Cyber Security Review

Related entries in the VARIoT vulnerabilities database: VAR-202304-2073

Trust: 5.5

Fetched: Feb. 3, 2026, 9:56 a.m., Published: Jan. 28, 2026, 8:42 a.m.
 Vulnerabilities: command injection, authentication bypass, code execution
Affected productsExternal IDs
vendor: citrix model: netscaler gateway
vendor: citrix model: gateway
vendor: citrix model: netscaler
vendor: citrix model: application delivery controller
vendor: google model: chrome
db: NVD ids: CVE-2023-3519, CVE-2026-24858, CVE-2025-59719, CVE-2023-28771, CVE-2025-59718, CVE-2023-23397

Fortinet Confirms Critical FortiCloud SSO Vulnerability(CVE-2026-24858) Actively Exploited in the Wild

Trust: 4.75

Fetched: Feb. 3, 2026, 9:56 a.m., Published: Jan. 28, 2026, 10:18 a.m.
 Vulnerabilities: improper access control, authentication bypass, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2026-24858

TP-Link Archer MR600 Router Vulnerability Enables Full Device Control - Advisories

Trust: 5.0

Fetched: Feb. 3, 2026, 9:56 a.m., Published: Feb. 2, 2026, 9:27 a.m.
 Vulnerabilities: command injection, service disruption
Affected productsExternal IDs
db: NVD ids: CVE-2025-14756

CISA: Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858 - Cyber Security Review

Related entries in the VARIoT vulnerabilities database: VAR-201902-0454, VAR-201902-0427

Trust: 5.5

Fetched: Feb. 3, 2026, 9:55 a.m., Published: Jan. 28, 2026, 8:42 a.m.
 Vulnerabilities: path traversal, authentication bypass, code execution...
Affected productsExternal IDs
vendor: check point model: check point
vendor: check point software technologies model: check point
vendor: cisco model: rv215w wireless-n vpn router
vendor: cisco model: rv130w wireless-n multifunction vpn router
vendor: cisco model: rv110w wireless-n vpn firewall
vendor: cisco model: rv110w wireless-n vpn
vendor: cisco model: router
vendor: cisco model: routers
vendor: cisco model: rv110w
vendor: cisco model: cisco rv215w wireless-n vpn router
vendor: cisco model: cisco rv110w wireless-n vpn firewall
vendor: cisco model: cisco rv110w
vendor: cisco model: rv215w
vendor: cisco model: rv215w wireless-n vpn
vendor: cisco model: rv130w
db: NVD ids: CVE-2026-24858, CVE-2019-1688, CVE-2025-59719, CVE-2025-59718, CVE-2019-1663

CVE-2026-22224 - Command Injection Vulnerability on TP-Link Archer BE230 v1.2

Trust: 5.0

Fetched: Feb. 3, 2026, 9:54 a.m., Published: Feb. 2, 2026, 6:16 p.m.
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-22224

Update Canonical Ubuntu Server: USN-7992-1: Inetutils vulnerability

Trust: 3.25

Fetched: Feb. 3, 2026, 9:54 a.m., Published: Jan. 3, 7992, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Apple's Unprecedented Security Update for Decade-Old iPhones Signals Shift in Legacy Device Support Strategy

Trust: 3.5

Fetched: Feb. 3, 2026, 9:53 a.m., Published: Feb. 1, 2026, 1:10 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: apple model: iphone
vendor: apple model: webkit
db: NVD ids: CVE-2025-24200, CVE-2025-24201

Critical Flaws in KiloView Devices Enable Complete Admin Takeover

Trust: 4.0

Fetched: Feb. 3, 2026, 9:53 a.m., Published: Feb. 3, 2026, 5:09 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2026-1453, CVE-2026-14539

Hikvision Wireless Access Points Vulnerability Enables Malicious Command

Trust: 5.5

Fetched: Feb. 3, 2026, 9:52 a.m., Published: Feb. 3, 2026, 1:43 p.m.
 Vulnerabilities: default credentials, command execution, denial of service...
Affected productsExternal IDs
vendor: hikvision model: hikvision
db: NVD ids: CVE-2026-0709

Cyber security alert issued by Indian Govt for Apple, mac and chrome users - Full details inside

Trust: 4.5

Fetched: Feb. 3, 2026, 9:52 a.m., Published: Feb. 1, 2026, 10:14 a.m.
 Vulnerabilities: privilege escalation, information disclosure, denial of service...
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: google model: home
vendor: apple model: ipad
vendor: apple model: tvos
vendor: apple model: watch
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: watchos
vendor: apple model: webkit
vendor: apple model: macos

CISA: Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858 - Cyber Security Review

Trust: 5.5

Fetched: Feb. 3, 2026, 9:52 a.m., Published: Jan. 28, 2026, 8:42 a.m.
 Vulnerabilities: path traversal, authentication bypass, certificate validation vulnerability
Affected productsExternal IDs
vendor: sonicwall model: sma100
vendor: sonicwall model: netextender
vendor: apple model: safari
db: NVD ids: CVE-2026-24858, CVE-2024-29014, CVE-2025-59719, CVE-2025-59718, CVE-2024-48865, CVE-2024-11667

CISA: Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858 - Cyber Security Review

Trust: 5.5

Fetched: Feb. 3, 2026, 9:51 a.m., Published: Jan. 28, 2026, 8:42 a.m.
 Vulnerabilities: authentication bypass, command execution
Affected productsExternal IDs
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: palo model: networks
db: NVD ids: CVE-2024-0012, CVE-2026-24858, CVE-2025-59719, CVE-2024-43451, CVE-2025-59718, CVE-2024-9474

CISA: Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858 - Cyber Security Review

Trust: 5.75

Fetched: Feb. 3, 2026, 9:51 a.m., Published: Jan. 28, 2026, 8:42 a.m.
 Vulnerabilities: authentication flaw, authentication bypass, feature bypass...
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-37079, CVE-2026-24858, CVE-2025-59719, CVE-2026-21509, CVE-2025-59718