Sign-up

VARIoT news about IoT security

Critical RCE Flaws Found Across Major AI Inference Servers | Oligo Security

Trust: 3.75

Fetched: Nov. 18, 2025, 9:47 a.m., Published: Nov. 13, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-60455, CVE-2025-23254, CVE-2024-50050, CVE-2025-30165

Synology BeeStation 0-Day Vulnerability Let Remote Attackers Execute Arbitrary Code

Trust: 4.75

Fetched: Nov. 18, 2025, 9:46 a.m., Published: Nov. 11, 2025, 2:20 p.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-12686

"Patched" but still exposed: US federal agencies must remediate Cisco flaws (again) - Help Net Security

Trust: 4.5

Fetched: Nov. 18, 2025, 9:46 a.m., Published: Nov. 13, 2025, 2:08 p.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: watchguard model: firebox
db: NVD ids: CVE-2025-12480, CVE-2025-9242, CVE-2025-62215, CVE-2025-20362, CVE-2025-20333

Security Vulnerabilities on RG-EW Series Devices

Trust: 4.25

Fetched: Nov. 18, 2025, 9:45 a.m., Published: Nov. 2, 2025, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-11073

Landfall's Silent Assault: Unmasking the Middle East Spyware Threat to Smartphones

Trust: 3.75

Fetched: Nov. 18, 2025, 9:45 a.m., Published: Nov. 13, 2025, 12:40 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: antivirus
vendor: trend model: security
vendor: palo alto networks model: networks
vendor: samsung model: samsung galaxy
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: samsung model: galaxy
vendor: palo model: networks

Android Photo Frame App Infects Devices With Malware, Allows Full Remote Takeover

Trust: 3.5

Fetched: Nov. 18, 2025, 9:44 a.m., Published: Nov. 14, 2025, 8:01 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: home

CISA Warns of Samsung Mobile Devices 0-Day RCE Vulnerability Exploited in Attacks

Trust: 5.5

Fetched: Nov. 18, 2025, 9:44 a.m., Published: Nov. 11, 2025, 6:07 a.m.
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: samsung model: mobile devices
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: samsung model: samsung mobile
db: NVD ids: CVE-2025-21043, CVE-2025-21042

Top 20 VAPT Testing Tools For 2025 : A Complete Guide

Trust: 3.5

Fetched: Nov. 18, 2025, 9:43 a.m., Published: Oct. 17, 2024, 12:58 p.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: wireshark model: wireshark
vendor: google model: android

CVE-2025-43418 - Apple iOS Locked Device Information Disclosure Vulnerability

Trust: 6.0

Fetched: Nov. 18, 2025, 9:42 a.m., Published: Nov. 5, 2025, 7:15 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: apple model: iphone_os
db: NVD ids: CVE-2025-43418

Zyxel security advisory for uncontrolled resource consumption and command injection vulnerabilities in certain 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, Security Routers, and Wireless Extenders | Zyxel Networks

Trust: 3.0

Fetched: Nov. 18, 2025, 9:41 a.m., Published: Nov. 7, 2025, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs

RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet

Trust: 4.75

Fetched: Nov. 18, 2025, 9:41 a.m., Published: Nov. 15, 2025, 4:35 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-24893

FortiWeb Auth Bypass Vuln Exploited: Script to Detect Vuln Appliances - InfoSecBulletin

Trust: 3.25

Fetched: Nov. 18, 2025, 9:40 a.m., Published: Nov. 14, 2025, 4:29 a.m.
 Vulnerabilities: authentication bypass, path traversal
Affected productsExternal IDs
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo model: pan-os
vendor: palo model: firewall
vendor: palo model: networks

CVE-2025-52578 - Schneider Electric Command Centre Server Predictable Random Number Generation Vulnerability

Trust: 3.0

Fetched: Nov. 18, 2025, 9:40 a.m., Published: Nov. 18, 2025, 4:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-52578

Security Report: Fixing High-Severity DNS Amplification Vulnerability on MikroTik RouterOS - Tech Junction

Trust: 3.0

Fetched: Nov. 18, 2025, 9:38 a.m., Published: Nov. 17, 2025, 6:27 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mikrotik model: routeros
vendor: mikrotik model: mikrotik

Cisco Firewall, Unified CCX, and ISE Vulnerability Summary (Nov 2025) - Security Boulevard

Trust: 3.25

Fetched: Nov. 18, 2025, 9:35 a.m., Published: Nov. 17, 2025, 8:01 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: unified ccx

Cisco Catalyst Center Virtual Appliance Privilege Escalation Vulnerability - Cisco

Trust: 5.25

Fetched: Nov. 18, 2025, 9:34 a.m., Published: Nov. 13, 2025, 10:51 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: catalyst

Critical Vulnerability in v380 Cameras: How Plaintext Credentials Exposed Millions of Devices - DEV Community

Trust: 4.25

Fetched: Nov. 18, 2025, 9:33 a.m., Published: Nov. 17, 2025, 3:46 a.m.
 Vulnerabilities: account lockout, replay attack
Affected productsExternal IDs
vendor: wireshark model: wireshark
vendor: google model: android
vendor: google model: wifi
vendor: google model: home
vendor: nats model: server
vendor: zoom model: client
vendor: asus model: router
vendor: asus model: asus

New Spyware Targets Samsung Devices via Zero-Day Vulnerability - Sada News Agency

Trust: 3.75

Fetched: Nov. 18, 2025, 9:31 a.m., Published: Nov. 20, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: samsung model: samsung galaxy
vendor: samsung model: samsung
vendor: samsung model: galaxy
vendor: palo model: networks
db: NVD ids: CVE-2025-21042

Siemens SIMATIC S7-1200 CPU V1/V2 Devices - Cyber & Coffee

Related entries in the VARIoT vulnerabilities database: VAR-201105-0788, VAR-201402-0435

Trust: 5.5

Fetched: Nov. 18, 2025, 9:31 a.m., Published: Oct. 21, 2025, 4:09 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: siemens model: simatic s7-1200 cpu
vendor: siemens model: simatic s7-1200
vendor: siemens model: simatic
vendor: siemens model: s7-1200 cpu
db: NVD ids: CVE-2011-20002, CVE-2011-20001

CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities - Cyber Security Review

Trust: 4.75

Fetched: Nov. 18, 2025, 9:29 a.m., Published: Nov. 12, 2025, 8:46 a.m.
 Vulnerabilities: path traversal
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: palo model: firewall
db: NVD ids: CVE-2025-64446, CVE-2025-20362, CVE-2025-20333