Sign-up

VARIoT news about IoT security

Latest news

The news are found with our scripts for filtering search results.
Additional information about vulnerabilities, affected products and external identifiers are obtained with NLP and custom filters from found news.

Cisco Identity Services Engine Reflected Cross-Site Scripting and Information Disclosure Vulnerabilities

Trust: 5.75

Fetched: Dec. 21, 2025, 9:39 a.m., Published: Dec. 4, 2025, 2:23 p.m.
 Vulnerabilities: cross-site scripting, information disclosure
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine
db: NVD ids: CVE-2025-20303, CVE-2025-20289, CVE-2025-20304, CVE-2025-20305

Pixel Update Bulletin-December 2025 | Android Open Source Project

Trust: 4.25

Fetched: Dec. 21, 2025, 9:38 a.m., Published: Dec. 21, 2025, midnight
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2025-26781, CVE-2025-36921, CVE-2025-36912, CVE-2025-36938, CVE-2025-36918, CVE-2025-36930, CVE-2025-54957, CVE-2025-36923, CVE-2025-36932, CVE-2025-36925, CVE-2025-36934, CVE-2025-36936, CVE-2024-8257, CVE-2025-36922, CVE-2025-36931, CVE-2025-32335, CVE-2025-36928, CVE-2025-36935, CVE-2025-26782, CVE-2025-36919, CVE-2025-36916, CVE-2025-36924, CVE-2025-36929, CVE-2025-36917, CVE-2025-36937, CVE-2025-36889, CVE-2025-36927

Hackers Can Seize Control of Car Dashboards Through Modem Vulnerabilities

Trust: 4.5

Fetched: Dec. 21, 2025, 9:38 a.m., Published: Dec. 17, 2025, 10:53 a.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: google model: android
vendor: canary model: canary
db: NVD ids: CVE-2024-39432

SonicWall Devices Under Attack via New Zero-Day Vulnerability

Trust: 6.0

Fetched: Dec. 21, 2025, 9:37 a.m., Published: Dec. 2, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: sonicwall model: sma1000
db: NVD ids: CVE-2025-40602

CVE-2025-68238 - mtd: rawnand: cadence: fix DMA device NULL pointer dereference - SecAlerts

Trust: 3.25

Fetched: Dec. 21, 2025, 9:35 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-68238

VU#382314 - Vulnerability in UEFI firmware modules prevents IOMMU initialization on some UEFI-based motherboards

Trust: 3.75

Fetched: Dec. 21, 2025, 9:35 a.m., Published: Dec. 19, 2025, midnight
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: riot model: riot

Understanding CVE-2025-66647: RIOT OS IPv6 Fragmentation Vulnerability

Trust: 5.75

Fetched: Dec. 21, 2025, 9:33 a.m., Published: Dec. 21, 2025, midnight
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: riot model: riot
db: NVD ids: CVE-2025-66647

CVE-2025-8065 - Buffer Overflow in ONVIF XML Parser on Tapo C200

Trust: 5.25

Fetched: Dec. 21, 2025, 9:33 a.m., Published: Dec. 20, 2025, 1:16 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-8065

CVE-2025-68236 - scsi: ufs: ufs-qcom: Fix UFS OCP issue during UFS power down (PC=3) - SecAlerts

Trust: 3.0

Fetched: Dec. 21, 2025, 9:32 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-68236

How To Check If Your Smart Home Devices Are Vulnerable To Hacking

Trust: 4.5

Fetched: Dec. 21, 2025, 9:32 a.m., Published: Dec. 10, 2025, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: google model: google home
vendor: google model: home
vendor: wireshark model: wireshark

Access Denied

Trust: 3.0

Fetched: Dec. 21, 2025, 9:31 a.m., Published: Dec. 18, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: ipad

Russia's Sandworm Pivots: Why Misconfigured Edge Devices Are Now the Primary Target for Critical Infrastructure Attacks

Trust: 3.5

Fetched: Dec. 21, 2025, 9:30 a.m., Published: Dec. 19, 2025, 5:09 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: routers
vendor: sonicwall model: remote access
vendor: check point model: check point
db: NVD ids: CVE-2022-26318, CVE-2023-27532, CVE-2024-24919, CVE-2021-26084, CVE-2023-22518

Is Your Smart Home a Cyber Playground? North Korean Hackers Target IoT Devices

Trust: 3.75

Fetched: Dec. 21, 2025, 9:30 a.m., Published: Dec. 19, 2025, 5:48 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home

CVE-2025-9315 - Unauthenticated Device Registration Vulnerability in MXsecurity Series - SecAlerts

Trust: 3.0

Fetched: Dec. 21, 2025, 9:29 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-9315

CVE-2025-9315: Unauthenticated Device Registration Vulnerability in MXsecurity Series | IT4Automation

Trust: 3.25

Fetched: Dec. 21, 2025, 9:28 a.m., Published: Dec. 10, 2025, 4:26 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-9315

Understanding and Mitigating CVE-2025-65855 in Netun Solutions HelpFlash IoT Devices

Trust: 4.0

Fetched: Dec. 21, 2025, 9:27 a.m., Published: Dec. 21, 2025, midnight
 Vulnerabilities: code execution, default credentials
Affected productsExternal IDs
db: NVD ids: CVE-2025-65855

Microsoft rolled out December 2025 firmware updates for Surface Laptop Studio 2

Trust: 4.5

Fetched: Dec. 21, 2025, 9:27 a.m., Published: Dec. 17, 2025, 5 a.m.
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2025-23345, CVE-2025-23276, CVE-2024-0150, CVE-2024-0146, CVE-2024-21864, CVE-2025-23309, CVE-2025-23347, CVE-2024-44074, CVE-2025-23288, CVE-2025-23281, CVE-2025-23286

Amazon Patches Kindle Vulnerabilities Enabling Account Hijacks via Malicious Ebooks

Trust: 3.75

Fetched: Dec. 21, 2025, 9:26 a.m., Published: Dec. 16, 2025, 1:41 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: check point model: check point

CVE-2023-7209: Critical Vulnerability in Uniway Router Leading to Denial of Service - Ameeba Exploit Tracker

Trust: 5.25

Fetched: Dec. 21, 2025, 9:25 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2023-7209

Serial Port Privilege Escalation Vulnerabilities in Some Hikvision DVR Devices - Security Advisory - Hikvision Global

Trust: 5.0

Fetched: Dec. 21, 2025, 9:23 a.m., Published: Dec. 3, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: hikvision model: hikvision