Sign-up

VARIoT news about IoT security

Latest news

The news are found with our scripts for filtering search results.
Additional information about vulnerabilities, affected products and external identifiers are obtained with NLP and custom filters from found news.

Microsoft patches Notepad's severe Markdown security flaw | Windows Central

Trust: 3.75

Fetched: March 1, 2026, 9:40 a.m., Published: Feb. 11, 2026, 5:06 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-20841

IoT Devices Vulnerability Analysis and IoT Botnet Development by Dr Madhavi Thaker on Prezi

Trust: 4.5

Fetched: March 1, 2026, 9:40 a.m., Published: March 1, 2026, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: cisco model: access points
vendor: huawei model: huawei

Cisco FXOS and UCS Manager Software Stored Cross-Site Scripting Vulnerability

Trust: 4.0

Fetched: March 1, 2026, 9:39 a.m., Published: Feb. 25, 2026, 3:59 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: ucs manager
vendor: cisco model: series
vendor: cisco model: asa software
vendor: cisco model: firepower 2100
vendor: cisco model: firepower
vendor: cisco model: fxos

Security Advisory on Reflected XSS Vulnerability on Archer C60 (CVE-2026-1571) | TP-Link

Trust: 4.25

Fetched: March 1, 2026, 9:38 a.m., Published: March 7, 2026, midnight
 Vulnerabilities: session hijacking
Affected productsExternal IDs
db: NVD ids: CVE-2026-1571

Apple iOS Zero-day Vulnerability Exploited in Attacks (CVE-2026-20700) - Qualys ThreatPROTECT

Trust: 4.5

Fetched: March 1, 2026, 9:38 a.m., Published: -
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: watchos
vendor: apple model: tvos
vendor: apple model: macos
db: NVD ids: CVE-2025-43529, CVE-2025-14174, CVE-2026-20700

HPE Aruba Networking Vulnerability Allows Privilege Escalation and DoS Attacks

Trust: 5.5

Fetched: March 1, 2026, 9:37 a.m., Published: Feb. 12, 2026, 1:27 p.m.
 Vulnerabilities: authentication bypass, privilege escalation
Affected productsExternal IDs
vendor: hewlett packard enterprise model: integrity
vendor: hewlett packard model: integrity
vendor: aruba model: instant
db: NVD ids: CVE-2026-23596, CVE-2026-235958, CVE-2026-235966, CVE-2026-235986, CVE-2026-23598, CVE-2026-235976, CVE-2026-23597, CVE-2026-23595

CVE-2026-3273 : Buffer Overflow Vulnerability in Tenda F453 by Tenda

Trust: 4.5

Fetched: March 1, 2026, 9:37 a.m., Published: Feb. 27, 2026, 12:32 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2026-3273

Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability

Trust: 5.0

Fetched: March 1, 2026, 9:37 a.m., Published: Feb. 25, 2026, 3:59 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco application policy infrastructure controller
vendor: cisco model: application policy infrastructure controller

CVE-2026-21656 - Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution

Trust: 4.75

Fetched: March 1, 2026, 9:36 a.m., Published: Feb. 27, 2026, 9:16 a.m.
 Vulnerabilities: code injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2026-21656

‘Resurge’ malware can remain undetected on devices | Cybersecurity Dive

Trust: 4.0

Fetched: March 1, 2026, 9:36 a.m., Published: Feb. 27, 2026, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-0282

February 2026 Patch Tuesday includes six actively exploited zero-days | Malwarebytes

Trust: 4.5

Fetched: March 1, 2026, 9:35 a.m., Published: Feb. 11, 2026, 12:32 p.m.
 Vulnerabilities: security feature bypass, denial of service, feature bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2026-21513, CVE-2026-21525, CVE-2026-21510, CVE-2026-21514, CVE-2026-21519, CVE-2026-21533

CVE-2026-27755 Shenzhen Hongyavision Technology Co., Ltd. ... CVETodo

Trust: 4.5

Fetched: March 1, 2026, 9:34 a.m., Published: Feb. 27, 2026, 7:16 p.m.
 Vulnerabilities: session hijacking, default credentials
Affected productsExternal IDs
db: NVD ids: CVE-2026-27755, CVE-2026-277551

Cisco FXOS and UCS Manager Software Command Injection Vulnerability

Trust: 4.0

Fetched: March 1, 2026, 9:34 a.m., Published: Feb. 25, 2026, 3:59 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: ucs manager
vendor: cisco model: series
vendor: cisco model: asa software
vendor: cisco model: firepower 2100
vendor: cisco model: firepower
vendor: cisco model: fxos

Apple 0-Day Vulnerability Actively Exploited in Sophisticated Attack to Target Individuals

Trust: 5.5

Fetched: March 1, 2026, 9:34 a.m., Published: Feb. 12, 2026, 2:42 a.m.
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: apple model: watch
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: software update
vendor: apple model: macos
db: NVD ids: CVE-2026-20640, CVE-2026-20617, CVE-2026-20642, CVE-2026-20700, CVE-2025-43529, CVE-2025-14174

Apple discloses first actively exploited zero-day of 2026 | CyberScoop

Trust: 3.75

Fetched: March 1, 2026, 9:33 a.m., Published: Feb. 12, 2026, 11:48 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: webkit
db: NVD ids: CVE-2025-43529, CVE-2025-14174, CVE-2026-20700

Massive Spike in Attacks Exploiting Ivanti EPMM Systems 0-day Vulnerability

Trust: 4.0

Fetched: March 1, 2026, 9:32 a.m., Published: Feb. 11, 2026, 5:43 p.m.
 Vulnerabilities: code injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2026-1281, CVE-2026-1340

CISA Confirms Active Exploitation of FileZen Vulnerability

Trust: 5.5

Fetched: March 1, 2026, 9:32 a.m., Published: Feb. 25, 2026, 12:08 p.m.
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
vendor: soliton model: filezen
vendor: trend model: security
db: NVD ids: CVE-2026-251089

FortiOS Authentication Bypass Vulnerability Allows Attackers to Bypass LDAP Login

Trust: 6.0

Fetched: March 1, 2026, 9:31 a.m., Published: Feb. 11, 2026, 9:11 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2026-22153

Critical Cisco SD-WAN 0-Day Vulnerability Exploited Since 2023 to Gain Root Access

Related entries in the VARIoT vulnerabilities database: VAR-202209-1914

Trust: 3.75

Fetched: March 1, 2026, 9:30 a.m., Published: Feb. 26, 2026, 1:51 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: sd-wan
vendor: cisco model: wan manager
vendor: cisco model: catalyst
vendor: cisco model: cisco sd-wan
vendor: trend model: security
db: NVD ids: CVE-2026-20127, CVE-2022-20775

Hikvision Wireless Access Points Vulnerability Enables Malicious Command Execution

Trust: 5.0

Fetched: March 1, 2026, 9:30 a.m., Published: Feb. 3, 2026, 7:06 a.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: hikvision model: hikvision
db: NVD ids: CVE-2026-0709