VARIoT latest news about IoT security

Microsoft October 2025 Patch Tuesday - 4 Zero-days and 172 Vulnerabilities Patched Trust: 3.5 Fetched: Nov. 2, 2025, 9:24 a.m., Published: Oct. 14, 2025, 5:33 p.m.	Vulnerabilities: memory corruption, buffer overflow, privilege escalation...

Affected products

External IDs

db:

NVD

ids:

CVE-2025-2884, CVE-2025-59260, CVE-2025-58718, CVE-2025-59198, CVE-2025-59238, CVE-2016-9535, CVE-2025-55696, CVE-2025-59190, CVE-2025-59223, CVE-2025-58734, CVE-2025-59214, CVE-2025-59292, CVE-2025-59278, CVE-2025-59205, CVE-2025-59224, CVE-2025-59222, CVE-2025-49708, CVE-2025-59253, CVE-2025-59502, CVE-2025-59289, CVE-2025-59234, CVE-2025-58731, CVE-2025-59232, CVE-2025-58726, CVE-2025-59209, CVE-2025-59187, CVE-2025-59193, CVE-2025-59194, CVE-2025-59226, CVE-2025-55680, CVE-2025-59213, CVE-2025-58727, CVE-2025-59203, CVE-2025-55690, CVE-2025-55695, CVE-2025-59230, CVE-2025-59261, CVE-2025-59192, CVE-2025-59248, CVE-2025-58737, CVE-2025-58725, CVE-2025-59244, CVE-2025-59221, CVE-2025-59287, CVE-2025-58739, CVE-2025-59191, CVE-2025-58736, CVE-2025-59497, CVE-2025-58729, CVE-2025-59208, CVE-2025-58733, CVE-2025-55683, CVE-2025-59225, CVE-2025-55692, CVE-2025-47827, CVE-2025-59285, CVE-2025-58730, CVE-2025-59291, CVE-2025-55688, CVE-2025-55699, CVE-2025-59197, CVE-2025-59184, CVE-2025-59189, CVE-2025-59241, CVE-2025-58738, CVE-2025-59236, CVE-2025-59210, CVE-2025-59227, CVE-2025-55694, CVE-2025-55693, CVE-2025-58724, CVE-2025-58720, CVE-2025-55697, CVE-2025-55684, CVE-2025-59288, CVE-2025-58714, CVE-2025-55682, CVE-2025-59275, CVE-2025-59229, CVE-2025-55698, CVE-2025-55691, CVE-2025-59188, CVE-2025-59239

Microsoft's October 2025 Patch Tuesday Updates Fix 175 Flaws Trust: 3.0 Fetched: Nov. 2, 2025, 9:22 a.m., Published: Oct. 15, 2025, 7:51 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-587377, CVE-2025-592777, CVE-2025-556765, CVE-2025-592596, CVE-2025-556826, CVE-2025-592087, CVE-2025-249907, CVE-2025-556887, CVE-2025-592757, CVE-2025-591975, CVE-2025-553376, CVE-2025-553386, CVE-2025-592843, CVE-2025-556897, CVE-2025-556917, CVE-2025-556955, CVE-2025-592827, CVE-2025-553206, CVE-2025-592718, CVE-2025-531507, CVE-2025-592095, CVE-2025-553267, CVE-2025-592942, CVE-2025-488136, CVE-2025-591917, CVE-2025-592027, CVE-2025-592478, CVE-2025-552484, CVE-2025-591897, CVE-2025-592138, CVE-2025-553306, CVE-2025-553407, CVE-2025-592446, CVE-2025-591845, CVE-2025-592586, CVE-2025-587168, CVE-2025-556977, CVE-2025-556877, CVE-2025-591967, CVE-2025-594977, CVE-2025-531397, CVE-2025-592217, CVE-2025-501747, CVE-2025-592897, CVE-2025-592787, CVE-2025-587287, CVE-2025-592227, CVE-2025-592045, CVE-2025-557017, CVE-2025-592498, CVE-2025-553317, CVE-2025-587194, CVE-2025-479795, CVE-2025-592067, CVE-2025-592535, CVE-2025-592907, CVE-2025-501527, CVE-2025-556995, CVE-2025-587257, CVE-2025-592378, CVE-2025-553255, CVE-2025-592617, CVE-2025-591927, CVE-2025-592107, CVE-2025-592437, CVE-2025-587207, CVE-2025-587227, CVE-2025-537177, CVE-2025-556795, CVE-2025-592387, CVE-2025-592547, CVE-2025-592817, CVE-2025-553159, CVE-2025-587337, CVE-2025-556907, CVE-2025-592295, CVE-2025-479897, CVE-2025-592803, CVE-2025-587357, CVE-2025-556817, CVE-2025-537828, CVE-2025-592035, CVE-2025-556947, CVE-2025-594947, CVE-2025-556937, CVE-2025-587367, CVE-2025-592357, CVE-2025-587347, CVE-2025-553365, CVE-2025-587158, CVE-2025-553346, CVE-2025-537687, CVE-2025-587327, CVE-2025-592007, CVE-2025-592146, CVE-2025-480047, CVE-2025-592857, CVE-2025-556867, CVE-2025-591885, CVE-2025-592337, CVE-2025-592879, CVE-2025-591856, CVE-2025-592958, CVE-2025-592317, CVE-2025-592885, CVE-2025-552407, CVE-2025-557006, CVE-2025-592189, CVE-2025-592307, CVE-2025-556847, CVE-2025-592557, CVE-2025-587147, CVE-2025-556787, CVE-2025-587396, CVE-2025-592368, CVE-2025-592288, CVE-2025-501757, CVE-2025-587247, CVE-2025-595027, CVE-2025-591937, CVE-2025-592237, CVE-2025-591905, CVE-2025-592247, CVE-2025-556927, CVE-2025-592427, CVE-2025-592057, CVE-2025-556857, CVE-2025-592257, CVE-2025-592508, CVE-2025-592469, CVE-2025-587188, CVE-2025-592576, CVE-2025-587317, CVE-2025-592417, CVE-2025-591877, CVE-2025-587296, CVE-2025-592115, CVE-2025-592526, CVE-2025-592277, CVE-2025-592928, CVE-2025-592077, CVE-2025-592017, CVE-2025-552477, CVE-2025-250047, CVE-2025-592487, CVE-2025-553326, CVE-2025-591985, CVE-2025-556967, CVE-2025-591865, CVE-2025-592866, CVE-2025-556835, CVE-2025-587267, CVE-2025-553397, CVE-2025-553218, CVE-2025-556987, CVE-2025-592726, CVE-2025-553287, CVE-2025-556777, CVE-2025-587176, CVE-2025-591947, CVE-2025-240527, CVE-2025-592918, CVE-2025-553336, CVE-2025-592267, CVE-2025-591997, CVE-2025-592327, CVE-2025-497089, CVE-2025-592605, CVE-2025-587277, CVE-2025-587387, CVE-2025-587307, CVE-2025-556807, CVE-2025-553357, CVE-2025-591957, CVE-2025-592347

CVE-2025-0038 : Memory Access Vulnerability in AMD Zynq UltraScale+ Devices Trust: 3.25 Fetched: Nov. 2, 2025, 9:20 a.m., Published: Oct. 6, 2025, 4:08 p.m.	Vulnerabilities: memory access vulnerability

Affected products

External IDs

db:

NVD

ids:

CVE-2025-0038

Buffer overflow vulnerability in the device management... · CVE-2025-58300 · GitHub Advisory Database · GitHub Trust: 4.0 Fetched: Nov. 2, 2025, 9:20 a.m., Published: Oct. 11, 2025, midnight	Vulnerabilities: buffer overflow

Affected products

External IDs

db:

NVD

ids:

CVE-2025-58300

Update Canonical Ubuntu Desktop: USN-7852-1: libxml2 vulnerability Trust: 4.25 Fetched: Nov. 2, 2025, 9:19 a.m., Published: Jan. 2, 7852, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

canonical

model:

ubuntu

Update Canonical Ubuntu Server: USN-7852-1: libxml2 vulnerability Trust: 4.25 Fetched: Nov. 2, 2025, 9:18 a.m., Published: Jan. 2, 7852, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

canonical

model:

ubuntu

Don't Leave Them to Their Own Devices Trust: 3.5 Fetched: Nov. 2, 2025, 9:18 a.m., Published: Nov. 1, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	palo alto networks	model:	networks
vendor:	paloaltonetworks	model:	networks
vendor:	palo	model:	networks

TP-Link Wi-Fi routers could be banned in US: What you need to know \| Tom's Guide Trust: 3.5 Fetched: Nov. 2, 2025, 9:17 a.m., Published: Oct. 31, 2025, 7:15 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	tp-link	model:	tl-wr841n
vendor:	tp-link	model:	wr841n
vendor:	tp-link	model:	archer c7
vendor:	tp-link	model:	tl-wr841nd
vendor:	tp-link	model:	routers
vendor:	netgear	model:	router
vendor:	google	model:	home
vendor:	cisco	model:	soho
vendor:	cisco	model:	router
vendor:	cisco	model:	routers
vendor:	mesh	model:	mesh
vendor:	huawei	model:	huawei

BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government Trust: 3.75 Fetched: Nov. 2, 2025, 9:17 a.m., Published: Nov. 1, 2025, 5:41 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xe software

db:

NVD

ids:

CVE-2023-20198

Cisco IOS XE Vulnerability Being Abused in the Wild to Plant BADCANDY Trust: 3.75 Fetched: Nov. 2, 2025, 9:16 a.m., Published: Nov. 1, 2025, 4:58 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios

db:

NVD

ids:

CVE-2023-20198

The Silent Vulnerability in Your Healthcare System - GUARDDOG AI Trust: 3.5 Fetched: Nov. 2, 2025, 9:15 a.m., Published: Oct. 31, 2025, 4:44 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	medtronic	model:	paradigm
vendor:	apple	model:	watch
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung
vendor:	essential	model:	phone

Hackers Exploiting Cisco IOS XE Vulnerability in the Wild to Deploy BADCANDY Web Shell Trust: 4.75 Fetched: Nov. 2, 2025, 9:14 a.m., Published: Nov. 1, 2025, 1:22 a.m.	Vulnerabilities: command execution

Affected products

External IDs

vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco ios

db:

NVD

ids:

CVE-2023-20198, CVE-2023-20273

ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability Trust: 3.5 Fetched: Nov. 2, 2025, 9:14 a.m., Published: Nov. 1, 2025, 1:43 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios

db:

NVD

ids:

CVE-2023-20198

Hundreds Of Australian Devices Compromised With BadCandy Implant - The Cyber Express Trust: 4.25 Fetched: Nov. 2, 2025, 9:13 a.m., Published: Oct. 31, 2025, 10:02 a.m.	Vulnerabilities: command execution, service disruption, command injection

Affected products

External IDs

vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco ios

db:

NVD

ids:

CVE-2023-20198, CVE-2023-20273

Best Practices for Securing Open Ports Identified by Nmap Trust: 3.75 Fetched: Oct. 31, 2025, 9:52 a.m., Published: Sept. 23, 2024, 1:14 p.m.	Vulnerabilities: denial of service

Affected products	External IDs

Report: Average Smart Home Faces 29 Cybersecurity Attacks Daily, Integrators on Front Line - CEPRO Trust: 3.75 Fetched: Oct. 31, 2025, 9:51 a.m., Published: Oct. 29, 2025, 4:04 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

CISA Warns of Hackers Actively Exploiting Windows Server Update Services RCE Vulnerability in the Wild Trust: 4.0 Fetched: Oct. 31, 2025, 9:49 a.m., Published: Oct. 25, 2025, 2:38 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2025-59287

Issue 283: AI Security Solutions, Formula 1’s API Flaw, Latest OWASP Authorization Incidents - API Security News Trust: 3.25 Fetched: Oct. 31, 2025, 9:49 a.m., Published: Oct. 30, 2025, 3:27 p.m.	Vulnerabilities: authorization vulnerability, request forgery, directory traversal...

Affected products

External IDs

vendor:	wso2	model:	wso2 api manager
vendor:	wso2	model:	api manager

Active Exploitation of Zyxel CPE Devices Linked to Unpatched CVE-2024-40891 Vulnerability - Breach Spot Trust: 5.75 Fetched: Oct. 31, 2025, 9:48 a.m., Published: Oct. 4, 2025, 12:30 a.m.	Vulnerabilities: default credentials, command injection, privilege escalation

Affected products

External IDs

vendor:

parallels

model:

desktop

db:

NVD

ids:

CVE-2024-40891, CVE-2024-40890, CVE-2024-57726

D-Link DIR-823G Multiple Vulnerabilities (2023 - 2025) (CVE-2023-26612, CVE-2023-26613, CVE-2023-26615...) - Vulnerability & Exploit Database Related entries in the VARIoT vulnerabilities database: VAR-202402-3032, VAR-202510-2696, VAR-202402-2700, VAR-202306-2237, VAR-202402-3258, VAR-202402-2811, VAR-202411-2593, VAR-202306-2246, VAR-202402-3367, VAR-202306-2157, VAR-202404-2497, VAR-202412-2435, VAR-202402-3144, VAR-202411-0467, VAR-202402-3257, VAR-202402-3031, VAR-202503-0519, VAR-202306-2233, VAR-202510-2360, VAR-202503-0596 Trust: 6.0 Fetched: Oct. 31, 2025, 9:48 a.m., Published: Oct. 7, 2025, midnight	Vulnerabilities: command injection, denial of service, buffer overflow...

Affected products

External IDs

vendor:

d-link

model:

dir-823g

db:

NVD

ids:

CVE-2024-27657, CVE-2025-60332, CVE-2024-27655, CVE-2023-26613, CVE-2024-27656, CVE-2024-27662, CVE-2024-51023, CVE-2023-26616, CVE-2024-27658, CVE-2023-26612, CVE-2024-33345, CVE-2024-13030, CVE-2024-27660, CVE-2024-51024, CVE-2024-27659, CVE-2024-27661, CVE-2025-2360, CVE-2023-26615, CVE-2025-60331, CVE-2025-2359

VARIoT news about IoT security