Sign-up

VARIoT news about IoT security

Cisco Evolved Programmable Network Manager Arbitrary File Upload Vulnerability - Cisco

Trust: 5.0

Fetched: Sept. 5, 2025, 9:32 a.m., Published: Sept. 3, 2025, 12:29 p.m.
 Vulnerabilities: file upload vulnerability
Affected productsExternal IDs
vendor: cisco model: evolved programmable network manager
vendor: cisco model: cisco evolved programmable network manager

Apple Addressed Zero-day Vulnerability Impacting iOS, iPadOS, and macOS (CVE-2025-43300) - Qualys ThreatPROTECT

Trust: 5.0

Fetched: Sept. 5, 2025, 9:32 a.m., Published: -
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: macos
db: NVD ids: CVE-2025-43300

CVE-2025-38682 - i2c: core: Fix double-free of fwnode in i2c_unregister_device() - SecAlerts

Trust: 3.0

Fetched: Sept. 5, 2025, 9:31 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-38682

CVE-2025-48553 : Denial of Service Vulnerability in Device Policy Manager Service by Android

Trust: 4.25

Fetched: Sept. 5, 2025, 9:30 a.m., Published: Sept. 4, 2025, 6:34 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2025-48553

Honeywell Updates Wireless Device Manager - ISSSource

Trust: 4.5

Fetched: Sept. 5, 2025, 9:30 a.m., Published: Sept. 4, 2025, 6:55 p.m.
 Vulnerabilities: code execution, buffer overread
Affected productsExternal IDs
db: NVD ids: CVE-2025-2521, CVE-2025-2523, CVE-2025-3946, CVE-2025-2522

CISA Warns of Critical SunPower Device Vulnerability Let Attackers Gain

Trust: 3.5

Fetched: Sept. 5, 2025, 9:30 a.m., Published: Sept. 4, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: wireshark model: wireshark
vendor: snort model: snort
db: NVD ids: CVE-2025-9696

Latest CODESYS Security Advisories

Trust: 3.5

Fetched: Sept. 3, 2025, 10:04 a.m., Published: -
 Vulnerabilities: path traversal, authentication bypass
Affected productsExternal IDs
vendor: wibu model: codemeter
vendor: wibu model: codemeter runtime
vendor: codesys model: development system v3
vendor: codesys model: gateway
vendor: codesys model: control
vendor: codesys model: codesys
vendor: codesys model: control win
vendor: codesys model: development system
vendor: codesys model: codesys gateway
vendor: codesys model: web server
vendor: codesys model: runtime
vendor: codesys model: linux

Dutch NCSC Confirms Active Exploitation of Citrix NetScaler CVE-2025-6543 in Critical Sectors

Trust: 3.75

Fetched: Sept. 3, 2025, 10:04 a.m., Published: Aug. 12, 2025, 8:36 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: citrix model: netscaler
vendor: citrix model: gateway
vendor: citrix model: netscaler gateway
vendor: citrix model: netscaler adc
db: NVD ids: CVE-2025-5777, CVE-2025-6543

CVE-2025-7731 - Information Disclosure Vulnerability in MELSEC iQ-F Series CPU module - SecAlerts

Trust: 4.5

Fetched: Sept. 3, 2025, 9:58 a.m., Published: -
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: mitsubishi electric model: fx5u-32mt/es
vendor: mitsubishi electric model: fx5uc
vendor: mitsubishi electric model: melsec iq-f series
vendor: mitsubishi electric model: fx5uj
vendor: mitsubishi electric model: melsec iq-f
vendor: mitsubishi electric model: fx5u
vendor: mitsubishi model: fx5u-32mt/es
vendor: mitsubishi model: fx5uc
vendor: mitsubishi model: melsec iq-f series
vendor: mitsubishi model: fx5uj
vendor: mitsubishi model: melsec iq-f
vendor: mitsubishi model: fx5u
db: NVD ids: CVE-2025-7731

Critical Firmware Vulnerabilities Leave Millions of Dell Laptops Open to Device Takeover and Malware Threats - Lab 997

Trust: 4.5

Fetched: Sept. 3, 2025, 9:58 a.m., Published: -
 Vulnerabilities: information leakage, buffer overflow, code execution
Affected productsExternal IDs
vendor: cisco model: series
vendor: dell model: latitude
db: NVD ids: CVE-2025-24311, CVE-2025-24919, CVE-2025-25050, CVE-2025-24922, CVE-2025-25215

WhatsApp Patches Zero-Click Spyware Flaw Targeting iOS, macOS Devices

Trust: 3.75

Fetched: Sept. 3, 2025, 9:56 a.m., Published: Sept. 1, 2025, 12:35 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2025-43300, CVE-2025-55177

Dangerous WhatsApp vulnerability - users must act now | blue News

Trust: 3.75

Fetched: Sept. 3, 2025, 9:55 a.m., Published: Jan. 9, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2025-55177

CVE-2025-8613 - (0Day) Vacron Camera ping Command Injection Remote Code Execution Vulnerability - SecAlerts

Trust: 4.0

Fetched: Sept. 3, 2025, 9:55 a.m., Published: -
 Vulnerabilities: code execution, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-8613

MediaTek Security Update - Patch for Multiple Vulnerabilities Across Chipsets

Related entries in the VARIoT vulnerabilities database: VAR-202509-0101, VAR-202509-0115

Trust: 5.75

Fetched: Sept. 3, 2025, 9:54 a.m., Published: Sept. 1, 2025, 1:50 p.m.
 Vulnerabilities: memory corruption, code execution, privilege escalation
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-20704, CVE-2025-20706, CVE-2025-20705, CVE-2025-20703, CVE-2025-20707, CVE-2025-20708

Cisco Cyber Vision Data Sheet - Cisco

Trust: 3.5

Fetched: Sept. 3, 2025, 9:52 a.m., Published: Aug. 21, 2025, 10:41 a.m.
 Vulnerabilities: default password
Affected productsExternal IDs
vendor: snort model: snort
vendor: cisco model: umbrella
vendor: cisco model: routers
vendor: cisco model: identity services engine
vendor: cisco model: ic3000 industrial compute gateway
vendor: cisco model: router
vendor: cisco model: catalyst
vendor: cisco model: ic3000
vendor: cisco model: series
vendor: cisco model: cisco identity services engine
vendor: cisco model: ucs manager
vendor: cisco model: cisco ucs manager
vendor: cisco model: integrated management controller
vendor: cisco model: cisco ic3000 industrial compute gateway
vendor: cisco model: cisco integrated management controller

ARC Solo vulnerability allows unauthenticated device takeover - Advisories

Trust: 4.25

Fetched: Sept. 3, 2025, 9:52 a.m., Published: Sept. 9, 2025, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-5095

CVE-2025-9523: Critical Stack-Based Buffer Overflow Vulnerability in Tenda AC1206 - Cybersecurity Exploit Tracker by Ameeba

Related entries in the VARIoT vulnerabilities database: VAR-202508-2337

Trust: 4.75

Fetched: Sept. 3, 2025, 9:51 a.m., Published: Sept. 2, 2025, 11:27 a.m.
 Vulnerabilities: information disclosure, denial of service, buffer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2025-9523

Cisco Nexus 3000 and 9000 Series Switches Protocol Independent Multicast Version 6 Denial of Service Vulnerability

Trust: 4.75

Fetched: Sept. 3, 2025, 9:50 a.m., Published: Aug. 27, 2025, 3:57 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: nx-os
vendor: cisco model: nexus 3000
vendor: cisco model: mds 9000 series
vendor: cisco model: nexus
vendor: cisco model: nexus 7000
vendor: cisco model: firepower 2100
vendor: cisco model: nexus 9000
vendor: cisco model: series switches
vendor: cisco model: cisco nexus 9000 series
vendor: cisco model: firepower 9300
vendor: cisco model: nexus 9000 series
vendor: cisco model: firepower
vendor: cisco model: mds 9000

Certification in Smart Home Security Testing

Trust: 3.0

Fetched: Sept. 3, 2025, 9:50 a.m., Published: Sept. 3, 2025, 9:50 a.m.
 Vulnerabilities: -
Affected productsExternal IDs

CVE-2025-9696 - Use of Hard-coded Credentials in SunPower PVS6 - SecAlerts

Trust: 3.0

Fetched: Sept. 3, 2025, 9:50 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-9696