Sign-up

VARIoT news about IoT security

​Government warning to Apple device users: Update your iPhone, iPad, Mac and other Apple gadgets right away - The Times of India

Trust: 4.75

Fetched: Nov. 16, 2025, 9:33 a.m., Published: Nov. 15, 2025, 7:55 a.m.
 Vulnerabilities: buffer overflow, code injection, information disclosure...
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: ipad air
vendor: apple model: apple tv
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: tvos
db: NVD ids: CVE-2025-43460, CVE-2025-43365, CVE-2025-43361, CVE-2025-43442, CVE-2025-43436, CVE-2025-43450, CVE-2025-43379, CVE-2025-43445, CVE-2025-43435, CVE-2025-43377, CVE-2025-43496, CVE-2025-43471, CVE-2025-43441, CVE-2025-43384, CVE-2025-43294, CVE-2025-43507, CVE-2025-43418, CVE-2025-43468, CVE-2025-43458, CVE-2025-43399, CVE-2025-43422, CVE-2025-43425, CVE-2025-43469, CVE-2025-43350, CVE-2025-43449, CVE-2025-43398, CVE-2025-43447, CVE-2025-43446, CVE-2025-43433, CVE-2025-43432, CVE-2025-43337, CVE-2025-43378, CVE-2025-43443, CVE-2025-43455, CVE-2025-43438, CVE-2025-43431, CVE-2025-43322, CVE-2025-43389, CVE-2025-43383, CVE-2025-43462, CVE-2025-43440, CVE-2025-43493, CVE-2025-43498, CVE-2025-43452, CVE-2025-43448, CVE-2025-43495, CVE-2025-43426, CVE-2025-43439, CVE-2025-43499, CVE-2025-43388, CVE-2025-43392, CVE-2025-43454, CVE-2025-43386, CVE-2025-43429, CVE-2025-43413, CVE-2025-43407, CVE-2025-43385, CVE-2025-43434, CVE-2025-43503, CVE-2025-43390, CVE-2025-43478, CVE-2025-43424, CVE-2025-43457, CVE-2025-43423, CVE-2025-43444

Cisco Catalyst Center Cross-Site Scripting Vulnerability - Cisco

Trust: 5.25

Fetched: Nov. 16, 2025, 9:33 a.m., Published: Nov. 13, 2025, 10:51 a.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: catalyst

Access Denied

Trust: 3.0

Fetched: Nov. 16, 2025, 9:31 a.m., Published: Nov. 18, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: watch
vendor: apple model: safari

CVE-2025-64446: Fortinet FortiWeb Zero-Day Path Traversal Vulnerability Exploited in the Wild - Security Boulevard

Trust: 3.25

Fetched: Nov. 16, 2025, 9:30 a.m., Published: Nov. 14, 2025, 5:45 p.m.
 Vulnerabilities: path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2025-64446

CISA Identifies Ongoing Cyber Threats to Cisco ASA and Firepower Devices | CISA

Trust: 3.0

Fetched: Nov. 16, 2025, 9:29 a.m., Published: Nov. 12, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: firepower

Cloaked - Are Your Networks at Risk? What the Latest Cisco Firewall Vulnerabilities Mean for You

Trust: 4.5

Fetched: Nov. 14, 2025, 9:33 a.m., Published: Nov. 8, 2025, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: essential model: phone
vendor: cisco model: firepower threat defense
vendor: cisco model: adaptive security appliance
vendor: cisco model: firepower
vendor: cisco model: threat response
vendor: cisco model: routers
db: NVD ids: CVE-2025-20333, CVE-2025-20362

Holiday Tech Alert: Digital Picture Frame Security Issues | Quokka

Trust: 4.5

Fetched: Nov. 14, 2025, 9:31 a.m., Published: Nov. 13, 2025, 1 p.m.
 Vulnerabilities: sql injection, code execution, path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2025-58391, CVE-2025-58396, CVE-2025-58394, CVE-2025-58390, CVE-2025-58389, CVE-2025-58397, CVE-2025-58395, CVE-2025-58388, CVE-2025-58392, CVE-2025-58387, CVE-2025-58393

CISA Lists WatchGuard Firebox Vulnerabilities | BTI Group

Trust: 3.25

Fetched: Nov. 14, 2025, 9:30 a.m., Published: Nov. 14, 2025, 1:39 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: watchguard model: firebox

U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog

Trust: 4.5

Fetched: Nov. 14, 2025, 9:30 a.m., Published: Nov. 13, 2025, 11:29 a.m.
 Vulnerabilities: access control vulnerability, improper access control, code execution
Affected productsExternal IDs
vendor: watchguard model: firebox
vendor: watchguard model: fireware
vendor: watchguard model: watchguard fireware
db: NVD ids: CVE-2025-9242, CVE-2025-62215, CVE-2025-30406, CVE-2025-11371, CVE-2025-12480

Cisco Desk, IP, and Video Phones Vulnerable to Remote DoS and XSS Attacks

Related entries in the VARIoT vulnerabilities database: VAR-202510-4196, VAR-202510-3182

Trust: 5.5

Fetched: Nov. 14, 2025, 9:30 a.m., Published: Oct. 17, 2025, 8:57 a.m.
 Vulnerabilities: buffer overflow, cross-site scripting
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: cisco unified communications manager
vendor: cisco model: unified communications manager
vendor: cisco model: ip phone 7800
vendor: cisco model: ip phone
vendor: cisco model: unified communications
vendor: essential model: phone
db: NVD ids: CVE-2025-20351, CVE-2025-20350

CISA Warns: WatchGuard Firebox Out-of-Bounds Write Vulnerability Under Active Exploitation

Trust: 3.75

Fetched: Nov. 14, 2025, 9:29 a.m., Published: Nov. 13, 2025, 9:13 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: watchguard model: firebox
db: NVD ids: CVE-2025-9242

CVE-2025-40181 - x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP - SecAlerts

Trust: 3.75

Fetched: Nov. 14, 2025, 9:29 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dram model: dram
db: NVD ids: CVE-2025-40181

Siemens Security Slip-Up: CSRF Vulnerability Hits SICAM Devices! - The Nimble Nerd

Trust: 3.25

Fetched: Nov. 14, 2025, 9:28 a.m., Published: May 14, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: sicam

CVE-2025-20349 - Cisco DNA Center API Command Injection Vulnerability - SecAlerts

Trust: 5.0

Fetched: Nov. 14, 2025, 9:27 a.m., Published: -
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: dna center
db: NVD ids: CVE-2025-20349

INTEL-SA-01398

Trust: 5.0

Fetched: Nov. 14, 2025, 9:26 a.m., Published: Oct. 14, 2025, 12:53 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2025-24512, CVE-2025-35963, CVE-2025-35971, CVE-2025-30255, CVE-2025-35967, CVE-2025-33029

Palo Alto PAN-OS Firewall Vulnerability Let Attackers Reboot Firewall by

Trust: 4.5

Fetched: Nov. 14, 2025, 9:26 a.m., Published: Nov. 14, 2025, 10:49 a.m.
 Vulnerabilities: service disruption, security bypass
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: firewall
vendor: snort.org model: snort
vendor: snort model: snort
vendor: wireshark model: wireshark
db: NVD ids: CVE-2025-4619

A Practical Guide to PrintNightmare in 2024 | itm4n's blog

Related entries in the VARIoT vulnerabilities database: VAR-202107-1010

Trust: 6.25

Fetched: Nov. 14, 2025, 9:25 a.m., Published: Jan. 27, 2024, 11 p.m.
 Vulnerabilities: privilege escalation, code execution, path traversal...
Affected productsExternal IDs
vendor: lexmark model: lexmark
vendor: lexmark model: printer sharing
vendor: lexmark model: printer
db: NVD ids: CVE-2021-35449, CVE-2021-34527

Managing Third-Party Application Vulnerabilities: A Critical Component of Modern Device Management

Trust: 3.0

Fetched: Nov. 14, 2025, 9:24 a.m., Published: Nov. 3, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362

Trust: 3.75

Fetched: Nov. 14, 2025, 9:23 a.m., Published: Nov. 6, 2025, 2:58 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: unified contact center express
vendor: cisco model: adaptive security appliance
vendor: cisco model: identity services engine
vendor: cisco model: unified ccx
db: NVD ids: CVE-2025-20354, CVE-2025-20333, CVE-2025-20343, CVE-2025-20358, CVE-2025-20362

CVE-2025-20353 - Cisco Catalyst Center Cross-Site Scripting Vulnerability - SecAlerts

Trust: 5.0

Fetched: Nov. 14, 2025, 9:22 a.m., Published: -
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: catalyst
db: NVD ids: CVE-2025-20353