VARIoT latest news about IoT security

Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability Trust: 4.0 Fetched: June 14, 2026, 9:25 a.m., Published: June 3, 2026, 3:53 p.m.	Vulnerabilities: request forgery

Affected products

External IDs

vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	unified communications manager session management edition
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	cisco unified communications manager

Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability Exploited in Attack (CVE-2026-20245) - Qualys ThreatPROTECT Related entries in the VARIoT vulnerabilities database: VAR-202605-3704, VAR-202606-1108, VAR-202602-3258 Trust: 5.75 Fetched: June 14, 2026, 9:25 a.m., Published: -	Vulnerabilities: privilege escalation, command injection

Affected products

External IDs

vendor:	cisco	model:	catalyst
vendor:	cisco	model:	sd-wan
vendor:	cisco	model:	cisco sd-wan
vendor:	cisco	model:	wan manager

db:

NVD

ids:

CVE-2026-20182, CVE-2026-20245, CVE-2026-20127

Microsoft: Windows BitLocker 0-Day Vulnerability Allows Attackers to Bypass Security Feature Trust: 4.75 Fetched: June 14, 2026, 9:24 a.m., Published: June 9, 2026, midnight	Vulnerabilities: feature bypass, security feature bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2026-50507

CISA Adds Exploited Android Framework Vulnerability to KEV Catalog as Google Ships June Security Fix Trust: 5.25 Fetched: June 14, 2026, 9:24 a.m., Published: June 5, 2026, 5:11 p.m.	Vulnerabilities: privilege escalation, code execution, integer overflow

Affected products

External IDs

vendor:	samsung	model:	android phone
vendor:	samsung	model:	notes
vendor:	samsung	model:	android
vendor:	samsung	model:	samsung
vendor:	samsung	model:	mobile
vendor:	motorola	model:	motorola
vendor:	motorola	model:	android
vendor:	oneplus	model:	one
vendor:	oneplus	model:	3
vendor:	oneplus	model:	oneplus
vendor:	google	model:	android
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2025-48595

China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance Related entries in the VARIoT vulnerabilities database: VAR-202304-1067 Trust: 3.75 Fetched: June 14, 2026, 9:22 a.m., Published: June 10, 2026, 4:08 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	hikvision	model:	ip cameras
vendor:	hikvision	model:	hikvision
vendor:	cisco	model:	soho
vendor:	cisco	model:	rv042
vendor:	cisco	model:	rv325
vendor:	cisco	model:	rv320
vendor:	cisco	model:	linksys
vendor:	cisco	model:	nexus
vendor:	cisco	model:	routers
vendor:	cisco	model:	series
vendor:	draytek	model:	vigor3900
vendor:	draytek	model:	routers

db:

NVD

ids:

CVE-2023-24738, CVE-2026-35616, CVE-2023-20118, CVE-2021-36260, CVE-2022-32548

Cybersecurity vulnerabilities in IoT devices \| Nature Reviews Electrical Engineering Trust: 4.0 Fetched: June 14, 2026, 9:21 a.m., Published: May 25, 2026, midnight	Vulnerabilities: buffer overflow, replay attack, data injection

Affected products

External IDs

vendor:	dram	model:	dram
vendor:	google	model:	home

Android June 2026 update patches actively exploited zero-day Trust: 5.5 Fetched: June 14, 2026, 9:20 a.m., Published: June 2, 2026, 10:21 a.m.	Vulnerabilities: privilege escalation, code execution, information disclosure

Affected products

External IDs

vendor:	oneplus	model:	one
vendor:	oneplus	model:	oneplus
vendor:	motorola	model:	motorola
vendor:	motorola	model:	android
vendor:	samsung	model:	android
vendor:	samsung	model:	samsung
vendor:	samsung	model:	mobile
vendor:	google	model:	android
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2026-0097, CVE-2025-47392, CVE-2026-21353, CVE-2026-25276, CVE-2025-48595, CVE-2026-0043, CVE-2026-25277, CVE-2025-65018, CVE-2026-21352

CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild - Security Boulevard Trust: 3.0 Fetched: April 8, 2026, 9:46 a.m., Published: April 6, 2026, 2:21 p.m.	Vulnerabilities: access control vulnerability, improper access control

Affected products

External IDs

db:

NVD

ids:

CVE-2026-35616

Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation Vulnerability (CVE-2026-23092) - SystemTek - Technology news and information Trust: 3.75 Fetched: April 8, 2026, 9:45 a.m., Published: April 4, 2026, 6:45 p.m.	Vulnerabilities: privilege escalation, improper validation

Affected products

External IDs

db:

NVD

ids:

CVE-2026-23092

Apple iOS vulnerabilities (DarkSword exploit): Find impacted Trust: 5.75 Fetched: April 8, 2026, 9:45 a.m., Published: March 24, 2026, 7:53 p.m.	Vulnerabilities: memory corruption, code execution

Affected products

External IDs

vendor:	apple	model:	tvos
vendor:	apple	model:	macos
vendor:	apple	model:	watchos

db:

NVD

ids:

CVE-2025-43529, CVE-2025-43510, CVE-2025-43520, CVE-2026-20700, CVE-2025-14174, CVE-2025-31277

CVE-2026-20042 \| Tenable® Trust: 4.25 Fetched: April 8, 2026, 9:45 a.m., Published: April 1, 2026, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

cisco

model:

nexus

db:

NVD

ids:

CVE-2026-20042

2026 Cybersecurity Trends: Dominance of Vulnerability Exploits \| Quantum Safe News Center Trust: 3.0 Fetched: April 8, 2026, 9:36 a.m., Published: April 8, 2026, midnight	Vulnerabilities: path traversal

Affected products	External IDs

Mongoose: Preauth RCE and mTLS Bypass on Millions of Devices \| evilsocket Trust: 6.25 Fetched: April 8, 2026, 9:34 a.m., Published: April 2, 2026, midnight	Vulnerabilities: buffer overflow, authentication bypass, code execution

Affected products

External IDs

vendor:	broadcom	model:	linux
vendor:	cesanta	model:	mongoose
vendor:	cesanta	model:	mongoose server
vendor:	samsung	model:	printers
vendor:	samsung	model:	samsung
vendor:	bosch	model:	ip cameras
vendor:	google	model:	home

db:

NVD

ids:

CVE-2026-5246, CVE-2026-5245, CVE-2026-5244

CVE-2026-20041 - Cisco Nexus Dashboard Server Side Request Forgery Vulnerability Trust: 6.25 Fetched: April 8, 2026, 9:34 a.m., Published: April 1, 2026, 5:28 p.m.	Vulnerabilities: request forgery

Affected products

External IDs

vendor:

cisco

model:

nexus

db:

NVD

ids:

CVE-2026-20041

Android Security Flaw Allows Hackers to Unlock Phones in Under a Minute Trust: 3.5 Fetched: April 8, 2026, 9:33 a.m., Published: April 6, 2026, 12:31 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	essential	model:	phone
vendor:	samsung	model:	notes
vendor:	samsung	model:	android
vendor:	samsung	model:	samsung
vendor:	google	model:	android

db:

NVD

ids:

CVE-2026-20435

CVE-2025-55611: Buffer Overflow in D-Link DIR-619L 2.06B01 formLanguageChange Function - Ameeba Security Research Related entries in the VARIoT vulnerabilities database: VAR-202508-2311 Trust: 6.0 Fetched: April 8, 2026, 9:32 a.m., Published: Nov. 30, 0001, midnight	Vulnerabilities: buffer overflow

Affected products

External IDs

vendor:

d-link

model:

dir-619l

db:

NVD

ids:

CVE-2025-55611

CVE-2025-10681 - Vulnerability Details - OpenCVE Trust: 3.0 Fetched: April 8, 2026, 9:31 a.m., Published: May 8, 2026, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-10681

Apple Issues Urgent Security Update to Counter 'Darksword' iPhone Hack - British Brief Trust: 3.25 Fetched: April 8, 2026, 9:30 a.m., Published: April 2, 2026, 3:05 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

iphone

Medical Device Breach Statistics 2026 Report - ORDR Trust: 4.0 Fetched: April 8, 2026, 9:21 a.m., Published: April 3, 2026, 8:21 p.m.	Vulnerabilities: default credentials

Affected products	External IDs

Android flaw on MediaTek phones may bypass your PIN in under a minute \| Fox News Trust: 3.5 Fetched: April 8, 2026, 9:17 a.m., Published: May 8, 2026, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	notes
vendor:	samsung	model:	android
vendor:	samsung	model:	samsung
vendor:	samsung	model:	android phone
vendor:	samsung	model:	mobile
vendor:	google	model:	android

db:

NVD

ids:

CVE-2026-20435

VARIoT news about IoT security

Latest news