Sign-up

VARIoT news about IoT security

Microsoft just gave you another reason to update your PC - November's Patch Tuesday fixes 63 flaws | Tom's Guide

Trust: 4.0

Fetched: Nov. 21, 2025, 9:18 a.m., Published: Nov. 12, 2025, 8:58 p.m.
 Vulnerabilities: security feature bypass, code execution, denial of service...
Affected productsExternal IDs
db: NVD ids: CVE-2025-60724, CVE-2025-62215

WhatsApp Vulnerability Exposed: Urgent Update Required to Protect Your Device - Digital Warfare

Trust: 3.5

Fetched: Nov. 21, 2025, 9:16 a.m., Published: Nov. 19, 2025, 10:11 p.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-55177, CVE-2025-43300

PoC Exploit Tool Released for FortiWeb WAF Vulnerability Exploited in the Wild

Trust: 5.0

Fetched: Nov. 19, 2025, 9:25 a.m., Published: Nov. 15, 2025, 2:02 p.m.
 Vulnerabilities: code execution, directory traversal, path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2025-64446

Microsoft Users At High Risk: Indian Govt Recommends Updating Your Devices Now

Trust: 5.5

Fetched: Nov. 19, 2025, 9:24 a.m., Published: Nov. 13, 2025, 11:30 p.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2025-60724

Vulnerability Management In Smart Cities

Trust: 3.0

Fetched: Nov. 19, 2025, 9:23 a.m., Published: Oct. 27, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Advisory: Akira ransomware targeting SonicWall devices | CFC

Trust: 3.75

Fetched: Nov. 19, 2025, 9:23 a.m., Published: Nov. 3, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: remote access
db: NVD ids: CVE-2024-40766

CVE-2025-32455: Command Injection Vulnerability in Quantenna Wi-Fi Chipset - Ameeba Exploit Tracker

Trust: 4.0

Fetched: Nov. 19, 2025, 9:22 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-32455

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

Trust: 5.5

Fetched: Nov. 19, 2025, 9:20 a.m., Published: Nov. 12, 2025, 10:21 a.m.
 Vulnerabilities: security feature bypass, privilege escalation, information disclosure...
Affected productsExternal IDs
vendor: broadcom model: linux
vendor: mageia model: mageia
vendor: samsung model: samsung
vendor: samsung model: note
vendor: palo alto networks model: networks
vendor: asus model: asus
vendor: lenovo model: updates
vendor: lenovo model: edge
vendor: lenovo model: system
vendor: palo model: networks
vendor: google model: android
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2025-62215, CVE-2025-60704, CVE-2025-62220, CVE-2025-60724

Advisory: Akira ransomware targeting SonicWall devices | CFC

Trust: 3.75

Fetched: Nov. 19, 2025, 9:20 a.m., Published: Nov. 3, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: remote access
db: NVD ids: CVE-2024-40766

CISA Warns of Critical Lynx+ Gateway Vulnerability Exposes Data in Cleartext

Trust: 3.75

Fetched: Nov. 19, 2025, 9:18 a.m., Published: Nov. 18, 2025, 7:50 a.m.
 Vulnerabilities: traffic interception
Affected productsExternal IDs
db: NVD ids: CVE-2025-62765

Top Cyber & ICS Vulnerabilities Tracked By Cyble

Related entries in the VARIoT vulnerabilities database: VAR-202511-0275

Trust: 5.5

Fetched: Nov. 19, 2025, 9:17 a.m., Published: Nov. 10, 2025, 12:47 p.m.
 Vulnerabilities: improper validation, privilege escalation, code execution...
Affected productsExternal IDs
vendor: ubiquiti model: unifi
vendor: cisco model: cisco ios
vendor: cisco model: cisco ios xe
vendor: cisco model: information server
vendor: cisco model: ios xe
vendor: cisco model: guard
vendor: cisco model: ios xe software
db: NVD ids: CVE-2025-12108, CVE-2025-61945, CVE-2025-34294, CVE-2025-6440, CVE-2025-61956, CVE-2025-64095, CVE-2025-48703, CVE-2025-12531, CVE-2025-41244, CVE-2024-38077, CVE-2025-54863, CVE-2025-12599, CVE-2025-52665, CVE-2025-50168, CVE-2023-20198, CVE-2025-59287

CVE-2025-48593 : Remote Code Execution Vulnerability in Bluetooth of Android Devices

Trust: 4.25

Fetched: Nov. 19, 2025, 9:16 a.m., Published: Nov. 18, 2025, 4:51 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-48593

Siemens LOGO! 8 BM Devices | CISA

Trust: 3.75

Fetched: Nov. 19, 2025, 9:16 a.m., Published: Nov. 8, 2025, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-40815, CVE-2025-40816, CVE-2025-40817

CVE-2025-20729 | Armis Vulnerability Intelligence Database

Trust: 4.0

Fetched: Nov. 19, 2025, 9:15 a.m., Published: Nov. 4, 2025, 7:15 a.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-20729

CVE-2025-56008 | Armis Vulnerability Intelligence Database

Trust: 5.25

Fetched: Nov. 19, 2025, 9:15 a.m., Published: Oct. 23, 2025, 3:15 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2025-56008

CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities - Cyber Security Review

Trust: 4.75

Fetched: Nov. 19, 2025, 9:15 a.m., Published: Nov. 12, 2025, 8:46 a.m.
 Vulnerabilities: path traversal
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: palo model: firewall
db: NVD ids: CVE-2025-20333, CVE-2025-20362, CVE-2025-64446

Lights Out: How One Tiny Message Can Crash Your Shelly Pro 4PM and Lock You Out of Your Smart Home

Trust: 6.25

Fetched: Nov. 19, 2025, 9:13 a.m., Published: Nov. 19, 2025, 4 p.m.
 Vulnerabilities: code execution, authentication vulnerability
Affected productsExternal IDs
vendor: dram model: dram
db: NVD ids: CVE-2025-11243

CVE-2025-56009 | Armis Vulnerability Intelligence Database

Trust: 5.0

Fetched: Nov. 19, 2025, 9:12 a.m., Published: Oct. 23, 2025, 3:15 p.m.
 Vulnerabilities: request forgery, cross-site request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2025-56009

CVE-2025-64446 FortiWeb Zero-Day Exploited | TenableĀ®

Trust: 3.0

Fetched: Nov. 19, 2025, 9:12 a.m., Published: Nov. 14, 2025, 5:45 p.m.
 Vulnerabilities: path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2025-64446

Access Denied

Trust: 3.0

Fetched: Nov. 18, 2025, 9:47 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: galaxy