Sign-up

VARIoT news about IoT security

Critical vulnerabilities in Fortinet CVE-2025-59718, CVE-2025-59719 exploited in the wild - Cyber Security Review

Trust: 3.0

Fetched: Jan. 14, 2026, 9:29 a.m., Published: Dec. 18, 2025, 7:14 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-59718, CVE-2025-59719

CVE-2026-22755 Security Vulnerability & Exploit Details

Trust: 3.75

Fetched: Jan. 14, 2026, 9:29 a.m., Published: -
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-22755

CVE-2025-68823 - ublk: fix deadlock when reading partition table - SecAlerts

Trust: 3.25

Fetched: Jan. 14, 2026, 9:29 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-68823

Multiple Hikvision Vulnerabilities Allow Attackers to Disrupt Devices Using Crafted Packets

Trust: 5.75

Fetched: Jan. 14, 2026, 9:28 a.m., Published: Jan. 13, 2026, 10:40 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: hikvision model: ip cameras
vendor: hikvision model: hikvision
vendor: cisco model: series
db: NVD ids: CVE-2025-66176, CVE-2025-66177

Critical vulnerabilities in Fortinet CVE-2025-59718, CVE-2025-59719 exploited in the wild - Cyber Security Review

Related entries in the VARIoT vulnerabilities database: VAR-202203-0043

Trust: 4.0

Fetched: Jan. 14, 2026, 9:28 a.m., Published: Dec. 18, 2025, 7:14 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2025-59718, CVE-2022-0847, CVE-2025-59719

CVE-2025-37166 - Unexpected shutdown in HPE Instant On Access Points after processing specific packets

Trust: 3.25

Fetched: Jan. 14, 2026, 9:27 a.m., Published: Jan. 13, 2026, 6:16 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-37166

CVE-2026-22755 - Remote code injection via upload_map.cgi in Legacy Vivotek Devices

Trust: 4.0

Fetched: Jan. 14, 2026, 9:27 a.m., Published: Jan. 13, 2026, 3:16 p.m.
 Vulnerabilities: code injection, os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-22755

CVE-2026-0405 - Authentication Bypass in NETGEAR Orbi Devices - SecAlerts

Trust: 5.0

Fetched: Jan. 14, 2026, 9:27 a.m., Published: -
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: netgear model: orbi
db: NVD ids: CVE-2026-0405

Multiple Vulnerabilities in Fortinet Products Could Allow for Arbitrary Code Execution

Trust: 3.0

Fetched: Jan. 14, 2026, 9:26 a.m., Published: Jan. 13, 2026, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Cisco identifies vulnerability in ISE network access control

Trust: 4.5

Fetched: Jan. 14, 2026, 9:26 a.m., Published: Jan. 9, 2026, 2:11 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: cisco systems model: identity services engine
vendor: cisco systems model: network access control
vendor: cisco model: identity services engine
vendor: cisco model: network access control
db: NVD ids: CVE-2026-20029

One Request to Rule Them All: Critical Trendnet Flaw (CVE-2025-15471) Allows Total Takeover

Trust: 4.5

Fetched: Jan. 14, 2026, 9:25 a.m., Published: Jan. 8, 2026, 12:17 a.m.
 Vulnerabilities: command injection, command execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-15471

Today is the monthly 'Windows Update' day, with patches for Windows 11 and Windows 10, and automatic updates for expired Secure Boot certificates. - GIGAZINE

Trust: 3.0

Fetched: Jan. 14, 2026, 9:24 a.m., Published: Jan. 11, 2026, midnight
 Vulnerabilities: feature bypass, information disclosure, privilege escalation...
Affected productsExternal IDs
db: NVD ids: CVE-2026-20805, CVE-2026-21265, CVE-2023-31096

There is a Stack overflow Vulnerability in the device... · CVE-2025-66176 · GitHub Advisory Database · GitHub

Trust: 4.25

Fetched: Jan. 14, 2026, 9:23 a.m., Published: Jan. 13, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hikvision model: hikvision
db: NVD ids: CVE-2025-66176

CVE-2025-71075 - scsi: aic94xx: fix use-after-free in device removal path

Trust: 3.0

Fetched: Jan. 14, 2026, 9:23 a.m., Published: Jan. 13, 2026, 4:16 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-71075

CVE-2025-37166 Hewlett Packard Enterprise (HPE) Instant On CVETodo

Trust: 4.5

Fetched: Jan. 14, 2026, 9:22 a.m., Published: Jan. 13, 2026, 6:16 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: hewlett packard model: integrity
vendor: hewlett packard enterprise model: integrity
db: NVD ids: CVE-2025-37166

CVE-2025-68657 - espressif/usb_host_hid Double-Free Race Condition in USB Host HID Device Close Path

Trust: 3.0

Fetched: Jan. 14, 2026, 9:22 a.m., Published: Jan. 12, 2026, 6:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-68657

CVE-2026-22755 - Remote code injection via upload_map.cgi in Legacy Vivotek Devices

Trust: 4.0

Fetched: Jan. 14, 2026, 9:21 a.m., Published: Jan. 13, 2026, 3:16 p.m.
 Vulnerabilities: code injection, os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-22755

CVE-2026-22755 - Use of default login credentials in Legacy Vivotek Devices - SecAlerts

Trust: 3.75

Fetched: Jan. 14, 2026, 9:20 a.m., Published: -
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-22755

iPhone users urged to check setting for 'product's security' | UK | News | Express.co.uk

Trust: 3.75

Fetched: Jan. 14, 2026, 9:14 a.m., Published: Jan. 13, 2026, 12:55 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: icloud

Buffer Overflow Vulnerabilities in Some Hikvision Products - Security Advisory - Hikvision Global

Trust: 6.0

Fetched: Jan. 14, 2026, 9:14 a.m., Published: Jan. 3, 2026, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: hikvision model: hikvision
db: NVD ids: CVE-2025-66176, CVE-2025-66177