Sign-up

VARIoT news about IoT security

Latest news

The news are found with our scripts for filtering search results.
Additional information about vulnerabilities, affected products and external identifiers are obtained with NLP and custom filters from found news.

CVE-2026-20910 - Copeland XWEB and XWEB Pro OS Command Injection

Trust: 4.0

Fetched: Feb. 27, 2026, 10:09 a.m., Published: Feb. 27, 2026, 1:16 a.m.
 Vulnerabilities: os command injection, code execution, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-20910

Zyxel announces RCE patches for numerous network devices | Healthcare IT News

Related entries in the VARIoT vulnerabilities database: VAR-201704-1556

Trust: 3.75

Fetched: Feb. 27, 2026, 10:08 a.m., Published: Feb. 25, 2026, 11:16 a.m.
 Vulnerabilities: pointer dereference vulnerability, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-11848, CVE-2025-13942, CVE-2025-11846, CVE-2025-11847, CVE-2025-11845, CVE-2025-13943, CVE-2026-1459, CVE-2017-6884

Governments issue warning over Cisco zero-day attacks dating back to 2023 | CyberScoop

Related entries in the VARIoT vulnerabilities database: VAR-202209-1914

Trust: 3.75

Fetched: Feb. 27, 2026, 10:08 a.m., Published: Feb. 25, 2026, 11:51 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: sd-wan
vendor: cisco model: series
vendor: cisco model: cisco sd-wan
vendor: trend model: security
db: NVD ids: CVE-2026-20127, CVE-2022-20775

CVE-2026-25963: Fleet Cert Template Auth Bypass | Miggo

Trust: 4.0

Fetched: Feb. 27, 2026, 10:08 a.m., Published: Feb. 27, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2026-25963

Critical Zyxel Router Vulnerabilities Allow Remote Command Injection Attacks

Trust: 5.75

Fetched: Feb. 27, 2026, 10:07 a.m., Published: Feb. 26, 2026, 12:30 p.m.
 Vulnerabilities: command execution, remote command injection, command injection
Affected productsExternal IDs
vendor: google model: home
db: NVD ids: CVE-2025-13942, CVE-2025-13943, CVE-2026-1459, CVE-2025-11845

CVE-2026-27849 - Missing neutralization in Linksys MR9600, Linksys MX4200

Trust: 4.0

Fetched: Feb. 27, 2026, 10:07 a.m., Published: Feb. 25, 2026, 5:25 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mesh model: mesh
db: NVD ids: CVE-2026-27849

LUKS Encryption Compromised on Linux ICS Devices via TPM Bus Sniffing Exploit

Trust: 4.0

Fetched: Feb. 27, 2026, 10:06 a.m., Published: Feb. 3, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: infineon model: trusted platform
db: NVD ids: CVE-2026-0714

Critical CVE-2025-13942 Vulnerability in Zyxel Routers: Over 76,000 Devices at Risk

Trust: 3.25

Fetched: Feb. 27, 2026, 10:05 a.m., Published: Feb. 25, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-13942

Software engineer accidentally gains control of 7,000 robot vacuums in a security flaw | - The Times of India

Trust: 4.0

Fetched: Feb. 27, 2026, 10:05 a.m., Published: Feb. 17, 2026, midnight
 Vulnerabilities: authentication flaw
Affected productsExternal IDs

Siemens Simcenter Femap and Nastran | CISA

Trust: 4.75

Fetched: Feb. 27, 2026, 9:58 a.m., Published: March 7, 2026, midnight
 Vulnerabilities: code execution, application crash, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2026-23715, CVE-2026-23720, CVE-2026-23717, CVE-2026-23718, CVE-2026-23716, CVE-2026-23719

Cisco SD-WAN Software Privilege Escalation Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202209-1970, VAR-202209-1914

Trust: 5.0

Fetched: Feb. 27, 2026, 9:57 a.m., Published: Feb. 25, 2026, 8:29 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: sd-wan
vendor: cisco model: cisco sd-wan
db: NVD ids: CVE-2022-20818, CVE-2022-20775

Defending Against Broken Access Control Vulnerabilities: A Comprehensive Guide - Authgear

Trust: 3.5

Fetched: Feb. 27, 2026, 9:55 a.m., Published: Feb. 12, 2026, midnight
 Vulnerabilities: cross-site scripting, privilege escalation, session hijacking...
Affected productsExternal IDs

Blog | Arctic Wolf

Trust: 5.0

Fetched: Feb. 27, 2026, 9:55 a.m., Published: -
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: cisco model: sd-wan
vendor: cisco model: wan manager
vendor: cisco model: catalyst
db: NVD ids: CVE-2026-20127

Fixing Log4j 2.25 Vulnerabilities: A 2025 Retrospective Guide | Markaicode

Trust: 3.75

Fetched: Feb. 27, 2026, 9:54 a.m., Published: March 18, 2025, midnight
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2025-21384, CVE-2025-21386, CVE-2025-21385

OpenSSH Flaws Expose SSH Servers to Critical DoS Attacks and MiTM Vulnerabilities - Security Spotlight

Trust: 3.0

Fetched: Feb. 27, 2026, 9:53 a.m., Published: Feb. 19, 2025, 5:34 p.m.
 Vulnerabilities: service disruption
Affected productsExternal IDs
db: NVD ids: CVE-2025-26465, CVE-2025-26466

PoC Exploit Released for Grandstream GXP1600 VoIP Phones RCE Vulnerability

Trust: 5.5

Fetched: Feb. 27, 2026, 9:52 a.m., Published: Feb. 23, 2026, 12:46 p.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: grandstream model: gxp1615
vendor: grandstream model: gxp1600
vendor: grandstream model: gxp1610
vendor: grandstream model: gxp1630
vendor: grandstream model: gxp1628
vendor: grandstream model: gxp1625
vendor: grandstream model: gxp1620
db: NVD ids: CVE-2026-2329

Security Bulletin: There is a vulnerability in werkzeug-3.1.3-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-66221)

Trust: 3.25

Fetched: Feb. 27, 2026, 9:51 a.m., Published: Feb. 2, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-66221

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

Trust: 5.5

Fetched: Feb. 27, 2026, 9:50 a.m., Published: Feb. 18, 2026, 6:52 a.m.
 Vulnerabilities: request forgery, command execution, file upload vulnerability...
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2008-0015, CVE-2020-7796, CVE-2026-2441, CVE-2024-7694

Moxa Switches Vulnerability Allows Attackers to Bypass Authentication

Trust: 3.0

Fetched: Feb. 27, 2026, 9:50 a.m., Published: Feb. 5, 2026, 1 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-12297

Pixel Update Bulletin-February 2026 | Android Open Source Project

Trust: 4.5

Fetched: Feb. 27, 2026, 9:49 a.m., Published: Feb. 27, 2026, midnight
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2026-0106