Sign-up

VARIoT news about IoT security

Russian cyber group exploits seven-year-old network vulnerabilities for long-term espionage | CyberScoop

Related entries in the VARIoT vulnerabilities database: VAR-201803-1387

Trust: 3.5

Fetched: Sept. 10, 2025, 9:28 a.m., Published: Aug. 20, 2025, 3:33 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ios software
vendor: cisco model: cisco ios
db: NVD ids: CVE-2018-0171

CVE-2025-8008 - Rockwell Automation 1756-ENT2R, EN4TR, EN4TRXT Vulnerability - SecAlerts

Related entries in the VARIoT vulnerabilities database: VAR-202509-0459

Trust: 3.0

Fetched: Sept. 10, 2025, 9:28 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-8008

Critical Ivanti Endpoint Manager Vulnerabilities Let Attackers Execute

Trust: 5.75

Fetched: Sept. 10, 2025, 9:27 a.m., Published: Sept. 10, 2025, 10:22 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: snort model: snort
db: NVD ids: CVE-2025-9712, CVE-2025-9872

Cisco Secure Firewall Threat Defense Software Geolocation Remote Access VPN Bypass Vulnerability - Cisco

Trust: 3.0

Fetched: Sept. 10, 2025, 9:26 a.m., Published: Aug. 28, 2025, 7:45 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: asa software

Cisco ASA Devices Under Attack: Urgent Security Alert | Enigma Security posted on the topic | LinkedIn

Trust: 3.25

Fetched: Sept. 10, 2025, 9:25 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-20265

IoT Devices: Common Vulnerabilities and Solutions

Trust: 3.75

Fetched: Sept. 10, 2025, 9:23 a.m., Published: Sept. 8, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone

2025 September KB5065426 KB5065431 Windows 11 Patch | 2 Zero Day Vulnerabilities And 81 Flaws HTMD Blog

Trust: 3.5

Fetched: Sept. 10, 2025, 9:22 a.m., Published: Sept. 9, 2025, 5:59 p.m.
 Vulnerabilities: denial of service, feature bypass, information disclosure...
Affected productsExternal IDs
db: NVD ids: CVE-2025-55234, CVE-2024-21907

CVE-2025-20704: Remote Privilege Escalation Vulnerability in Modem - Cybersecurity Exploit Tracker by Ameeba

Trust: 4.25

Fetched: Sept. 10, 2025, 9:22 a.m., Published: Sept. 6, 2025, 12:58 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2025-20704

Apple Deploys Updates Fixing Security Flaws on iPhone, iPad & macOS - Modernizing Tech

Trust: 4.0

Fetched: Sept. 10, 2025, 9:21 a.m., Published: Aug. 22, 2025, midnight
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: macos
vendor: apple model: ipad

CVE-2025-7350 - Remote Code Execution in Cisco Stratix 5410,…

Trust: 4.25

Fetched: Sept. 10, 2025, 9:21 a.m., Published: Sept. 10, 8000, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-7350

A vulnerability in WhatsApp for iOS and Mac | Threat Intel

Trust: 3.5

Fetched: Sept. 10, 2025, 9:20 a.m., Published: Sept. 9, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2025-55177, CVE-2025-43300

CVE-2025-10171 : Buffer Overflow Vulnerability in UTT 1250GW Network Device

Trust: 3.5

Fetched: Sept. 10, 2025, 9:20 a.m., Published: Sept. 9, 2025, 9:32 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-10171

Hackers Scanning Cisco ASA Devices to Exploit Vulnerabilities from 25,000

Related entries in the VARIoT vulnerabilities database: VAR-202007-1057, VAR-202005-0685, VAR-201801-1052

Trust: 4.25

Fetched: Sept. 9, 2025, 9:39 a.m., Published: Sept. 5, 2025, 9:59 a.m.
 Vulnerabilities: path traversal, service disruption, code execution
Affected productsExternal IDs
vendor: cisco model: asa software
vendor: cisco model: anyconnect ssl vpn
db: NVD ids: CVE-2020-3452, CVE-2020-3187, CVE-2018-0101

CVE-2025-43983: Multiple Unauthenticated Access Control Vulnerabilities in KuWFi CPF908-CP5 Devices - Cybersecurity Exploit Tracker by Ameeba

Trust: 3.25

Fetched: Sept. 9, 2025, 9:38 a.m., Published: Aug. 21, 2025, 12:14 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-43983

Android 0-Day Use-After-Free Vulnerability Exploited, CISA Warns

Trust: 5.75

Fetched: Sept. 9, 2025, 9:38 a.m., Published: Sept. 5, 2025, 1:13 p.m.
 Vulnerabilities: privilege escalation, service disruption, memory corruption...
Affected productsExternal IDs
vendor: google model: android
vendor: google model: chrome
db: NVD ids: CVE-2025-48543

Siemens Engineering Platforms | CISA

Trust: 3.5

Fetched: Sept. 9, 2025, 9:37 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: simotion
vendor: siemens model: simatic s7-plcsim
vendor: siemens model: simatic step 7
vendor: siemens model: tia portal
vendor: siemens model: wincc
vendor: siemens model: siemens simatic pcs
vendor: siemens model: simatic pcs
vendor: siemens model: simatic step
vendor: siemens model: pcs neo
vendor: siemens model: sinamics
vendor: siemens model: simatic
vendor: siemens model: starter
vendor: siemens model: simotion scout
vendor: siemens model: simatic wincc
vendor: siemens model: siemens simatic step
vendor: siemens model: simatic pcs neo
vendor: siemens model: simocode
db: NVD ids: CVE-2024-54678

Update your Android! Google patches 111 vulnerabilities, 2 are critical | Malwarebytes

Trust: 6.0

Fetched: Sept. 9, 2025, 9:36 a.m., Published: Sept. 3, 2025, 9:24 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-38352, CVE-2025-48543, CVE-2025-48539

A vulnerability in the RADIUS subsystem implementation of... · CVE-2025-20265 · GitHub Advisory Database · GitHub

Trust: 3.25

Fetched: Sept. 9, 2025, 9:34 a.m., Published: Aug. 14, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-20265

CVE-2025-57766 - Fides's Admin UI User Password Change Does Not Invalidate Current Session - SecAlerts

Trust: 3.75

Fetched: Sept. 9, 2025, 9:34 a.m., Published: -
 Vulnerabilities: session hijacking, cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2025-57766

CVE-2025-58756 - MONAI's unsafe torch usage may lead to arbitrary code execution - SecAlerts

Trust: 4.75

Fetched: Sept. 9, 2025, 9:34 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-58756