Sign-up

VARIoT news about IoT security

CISA Alerts on Critical Lynx+ Gateway Flaw Leaks Data in Cleartext

Trust: 4.0

Fetched: Nov. 18, 2025, 9:29 a.m., Published: Nov. 17, 2025, 12:46 p.m.
 Vulnerabilities: authentication vulnerability, weak password
Affected productsExternal IDs
db: NVD ids: CVE-2025-58083

Fortinet finally cops to critical bug under active exploit • The Register

Trust: 3.75

Fetched: Nov. 18, 2025, 9:28 a.m., Published: -
 Vulnerabilities: path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2025-64446

Hackers Exploited Samsung Galaxy S25 0-Day Vulnerability to Enable Camera and Track Location

Trust: 4.75

Fetched: Nov. 16, 2025, 9:47 a.m., Published: Oct. 23, 2025, 3:28 p.m.
 Vulnerabilities: input validation bug
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: note
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
vendor: google model: android

Roku OS security updates | Official Roku Support

Related entries in the VARIoT vulnerabilities database: VAR-201710-0209, VAR-202208-0404, VAR-201401-0579, VAR-201904-0981, VAR-201602-0030, VAR-201807-1343, VAR-201605-0145, VAR-201602-0031, VAR-201602-0004, VAR-201606-0135

Trust: 4.25

Fetched: Nov. 16, 2025, 9:47 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: roku model: roku
db: NVD ids: CVE-2016-3191, CVE-2017-7308, CVE-2017-13082, CVE-2018-20346, CVE-2022-37434, CVE-2020-35965, CVE-2016-10229, CVE-2016-10328, CVE-2021-38291, CVE-2012-1163, CVE-2020-11655, CVE-2020-13114, CVE-2021-38171, CVE-2022-0934, CVE-2013-0340, CVE-2017-12652, CVE-2012-1162, CVE-2022-27152, CVE-2016-9063, CVE-2018-20506, CVE-2017-7858, CVE-2020-0198, CVE-2016-0801, CVE-2018-20843, CVE-2020-13113, CVE-2020-13112, CVE-2018-11314, CVE-2022-3109, CVE-2016-0718, CVE-2017-7857, CVE-2023-50837, CVE-2016-0802, CVE-2021-33285, CVE-2016-10087, CVE-2023-28450, CVE-2023-4863, CVE-2015-7547, CVE-2020-12351, CVE-2019-15903, CVE-2016-5300, CVE-2017-9233, CVE-2015-9381, CVE-2020-17541

CVE-2025-21042 - Samsung Mobile Devices Out-of-Bounds Write Vulnerability - [Actively Exploited]

Trust: 3.75

Fetched: Nov. 16, 2025, 9:47 a.m., Published: Sept. 12, 2025, 8:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: mobile devices
vendor: samsung model: mobile
vendor: samsung model: samsung mobile
db: NVD ids: CVE-2025-21042

Cisco Catalyst Center Virtual Appliance HTTP Open Redirect Vulnerability

Trust: 5.25

Fetched: Nov. 16, 2025, 9:46 a.m., Published: Nov. 13, 2025, 3:55 p.m.
 Vulnerabilities: open redirect vulnerability
Affected productsExternal IDs
vendor: cisco model: catalyst

Critical Fortinet FortiWeb Vulnerability CVE-2025-64446 - TheCyberThrone

Related entries in the VARIoT vulnerabilities database: VAR-202302-1271, VAR-202101-0500, VAR-202101-0504, VAR-202101-0503, VAR-202101-0501

Trust: 3.75

Fetched: Nov. 16, 2025, 9:46 a.m., Published: Nov. 15, 2025, 1:37 a.m.
 Vulnerabilities: sql injection, authentication bypass, path traversal...
Affected productsExternal IDs
db: NVD ids: CVE-2022-39952, CVE-2025-25257, CVE-2020-29015, CVE-2020-29019, CVE-2020-29018, CVE-2020-29016, CVE-2025-64446

Understanding Firewalls: The First Line of Defense in Cybersecurity

Trust: 4.5

Fetched: Nov. 16, 2025, 9:45 a.m., Published: Nov. 15, 2025, 10:03 a.m.
 Vulnerabilities: sql injection, file inclusion, cross-site scripting...
Affected productsExternal IDs

Akira actively engaged in ransomware attacks against critical sectors | Cybersecurity Dive

Related entries in the VARIoT vulnerabilities database: VAR-202005-0696

Trust: 3.75

Fetched: Nov. 16, 2025, 9:45 a.m., Published: Nov. 13, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sophos model: firewall
vendor: sonicwall model: remote access
db: NVD ids: CVE-2020-3259, CVE-2024-40766, CVE-2023-20269

RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet - Tech-Wire

Trust: 3.75

Fetched: Nov. 16, 2025, 9:44 a.m., Published: Nov. 15, 2025, 4:35 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-24893

Top 20+ Network Security Audit Tools

Trust: 3.75

Fetched: Nov. 16, 2025, 9:44 a.m., Published: Oct. 31, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: zabbix model: zabbix
vendor: snort model: snort
vendor: cisco model: routers
vendor: manageengine model: firewall analyzer
vendor: wireshark model: wireshark

CERT-In Issues High-Severity Warning For Apple Devices: Users Urged To Update iPhones, Macs, And Watches Immediately

Trust: 5.75

Fetched: Nov. 16, 2025, 9:43 a.m., Published: Nov. 16, 2025, midnight
 Vulnerabilities: privilege escalation, system crash, memory corruption...
Affected productsExternal IDs
vendor: apple model: tvos
vendor: apple model: watchos
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: watch
vendor: apple model: ipad
vendor: apple model: software update
vendor: apple model: safari
vendor: apple model: apple tv
vendor: apple model: macos
db: NVD ids: CVE-2025-43455, CVE-2025-43454, CVE-2025-43442, CVE-2025-43436, CVE-2025-43379, CVE-2025-43407, CVE-2025-43462, CVE-2025-43447, CVE-2025-43448, CVE-2025-43423

Apple users at risk: CERT-In flags major iOS and macOS vulnerabilities, here’s how to stay safe | Mint

Trust: 4.5

Fetched: Nov. 16, 2025, 9:39 a.m., Published: Nov. 14, 2025, 12:18 p.m.
 Vulnerabilities: privilege escalation, memory corruption
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: webkit
vendor: apple model: macos
vendor: apple model: tvos
vendor: apple model: safari

CISA Warns WatchGuard Firebox Out-of-Bounds Write Vulnerability Exploited

Trust: 4.5

Fetched: Nov. 16, 2025, 9:39 a.m., Published: Nov. 13, 2025, 2:33 p.m.
 Vulnerabilities: system crash, denial of service, code execution
Affected productsExternal IDs
vendor: snort model: snort
vendor: watchguard model: firebox
db: NVD ids: CVE-2025-9242

Why Cybersecurity Standards Are Critical for IoT Devices

Trust: 3.25

Fetched: Nov. 16, 2025, 9:38 a.m., Published: Oct. 19, 2025, 9:44 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: lenovo model: updates
vendor: lenovo model: system

Microsoft Fixes Windows Kernel Zero Day in November Patch Tuesday - Infosecurity Magazine

Trust: 4.0

Fetched: Nov. 16, 2025, 9:38 a.m., Published: Nov. 12, 2025, 10:15 a.m.
 Vulnerabilities: security feature bypass, information disclosure, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2025-62215, CVE-2025-60724

CISA acknowledges known exploitation of Samsung Mobile vulnerability - Cyber Daily

Trust: 3.75

Fetched: Nov. 16, 2025, 9:37 a.m., Published: Nov. 11, 2025, 12:02 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: mobile devices
vendor: samsung model: mobile
vendor: samsung model: samsung mobile
vendor: palo model: networks
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-21042

Government Alert for Apple Users: Urgent Update Required for Your iPhone, iPad, Mac, and Other Devices - Tech Digital Minds

Trust: 4.25

Fetched: Nov. 16, 2025, 9:37 a.m., Published: Nov. 15, 2025, 6:30 p.m.
 Vulnerabilities: sql injection, information disclosure, memory corruption...
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: apple tv
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: tvos
db: NVD ids: CVE-2025-43455, CVE-2025-43442

Addressing CVE-2025-30024 Vulnerability in AXIS Device Manager

Trust: 3.75

Fetched: Nov. 16, 2025, 9:37 a.m., Published: Nov. 5, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: axis communications model: communications ab
vendor: axis communications model: axis
vendor: axis communications model: communications
vendor: axis model: communications ab
vendor: axis model: axis
vendor: axis model: communications
db: NVD ids: CVE-2025-30024

Critical Vulnerability in FortiWeb: Fortinet and CISA Recommend Urgent Updates

Trust: 3.0

Fetched: Nov. 16, 2025, 9:36 a.m., Published: Nov. 15, 2025, 9:54 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-64446