Sign-up

VARIoT news about IoT security

Microsoft Patch Tuesday March Fixes 79 Flaws, 2 Zero-Days

Trust: 3.75

Fetched: March 15, 2026, 9:53 a.m., Published: March 11, 2026, 9:09 a.m.
 Vulnerabilities: improper access control, security feature bypass, denial of service...
Affected productsExternal IDs
db: NVD ids: CVE-2026-26127, CVE-2026-26128, CVE-2026-21262, CVE-2026-26118, CVE-2026-26144, CVE-2026-26109

CVE-2026-21536: Microsoft Devices Pricing RCE Vulnerability

Trust: 3.75

Fetched: March 15, 2026, 9:47 a.m., Published: March 15, 2026, midnight
 Vulnerabilities: command execution, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2026-21536

Apple releases iOS 15.8.7 and iOS 16.7.15 for older devices to patch the Coruna exploit - Mobile News - Nsane Forums

Trust: 4.25

Fetched: March 15, 2026, 9:45 a.m., Published: March 12, 2026, 2:30 a.m.
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: apple model: software update
vendor: apple model: ipod touch
vendor: apple model: iphone
vendor: apple model: webkit
vendor: apple model: ipad air
vendor: apple model: ipad
db: NVD ids: CVE-2023-43000, CVE-2023-41974, CVE-2024-23222

Cisco Secure Firewall Threat Defense Software TLS with Snort 3 Detection Engine Denial of Service Vulnerability

Trust: 4.75

Fetched: March 15, 2026, 9:45 a.m., Published: March 4, 2026, 4:10 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: asa software
vendor: snort model: snort

Siemens RUGGEDCOM APE1808 Devices | CISA

Trust: 5.5

Fetched: March 15, 2026, 9:36 a.m., Published: March 9, 2026, midnight
 Vulnerabilities: format string vulnerability, authentication bypass
Affected productsExternal IDs
vendor: siemens model: ruggedcom
db: NVD ids: CVE-2026-24858, CVE-2025-62439, CVE-2025-64157, CVE-2025-55018

How a Security Vulnerability Exploit Bypasses Encryption

Trust: 5.5

Fetched: March 15, 2026, 9:35 a.m., Published: March 10, 2026, midnight
 Vulnerabilities: integer overflow, memory corruption, privilege escalation
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-43047, CVE-2026-21385

CVE-2026-20118 | Tenable®

Trust: 5.0

Fetched: March 15, 2026, 9:26 a.m., Published: March 15, 5500, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: ios xr software
vendor: cisco model: cisco ios xr
vendor: cisco model: routers
vendor: cisco model: series
vendor: cisco model: cisco ios
vendor: cisco model: network convergence system
vendor: cisco model: ios xr
db: NVD ids: CVE-2026-20118

PT SWARM - Positive Technologies Offensive Team

Trust: 4.0

Fetched: March 13, 2026, 10:16 a.m., Published: March 10, 2026, midnight
 Vulnerabilities: request forgery, denial of service
Affected productsExternal IDs

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: March 13, 2026, 10:13 a.m., Published: -
 Vulnerabilities: configuration error
Affected productsExternal IDs

SSA-126399

Trust: 4.25

Fetched: March 13, 2026, 10:06 a.m., Published: March 1, 2026, midnight
 Vulnerabilities: improper access control
Affected productsExternal IDs
db: NVD ids: CVE-2025-27769

Android Zero Day, Cisco Firewall Root Access Flaw, and the Coruna iPhone Exploit Chain

Trust: 4.5

Fetched: March 13, 2026, 10:05 a.m., Published: March 3, 2026, midnight
 Vulnerabilities: code execution, integer overflow, privilege escalation...
Affected productsExternal IDs
vendor: hikvision model: hikvision
vendor: google model: android
db: NVD ids: CVE-2026-3102, CVE-2026-21385

SecureBoot Bypass Vulnerability in Insyde H2O - UEFI Firmware Threat - UBOS

Trust: 3.5

Fetched: March 13, 2026, 10:04 a.m., Published: Feb. 26, 2026, 11:48 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: lenovo model: updates
vendor: lenovo model: bios
vendor: lenovo model: system
vendor: dell model: bios

Ceragon Siklu MultiHaul and EtherHaul Vulnerability (CVE-2025-57176)

Trust: 4.0

Fetched: March 13, 2026, 10:03 a.m., Published: March 13, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siklu model: etherhaul
db: NVD ids: CVE-2025-57176

Get Root Privileges on Xiaomi Without Bootloader Unlocking! - DroidWin

Trust: 4.75

Fetched: March 13, 2026, 10:01 a.m., Published: March 10, 2026, 10:08 a.m.
 Vulnerabilities: parameter injection
Affected productsExternal IDs
vendor: xiaomi model: miui

iOS 16.7.15 Released for Older iPhones: Security Fix You Should Instal

Trust: 3.0

Fetched: March 13, 2026, 9:58 a.m., Published: July 16, 2015, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: software update
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: ipad

Coruna iOS Exploit Kit Compromises Thousands of iPhones | eSecurity Planet

Trust: 3.25

Fetched: March 13, 2026, 9:58 a.m., Published: March 5, 2026, 2:01 p.m.
 Vulnerabilities: code execution, privilege escalation, memory corruption
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone

MediaTek Vulnerability: CMF Phone Security Broken in 45 Seconds

Trust: 3.0

Fetched: March 13, 2026, 9:55 a.m., Published: March 12, 2026, 5:24 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2026-20435

Apple confirms today’s iOS and iPadOS updates fix Coruna exploit - 9to5Mac

Trust: 4.25

Fetched: March 13, 2026, 9:54 a.m., Published: March 12, 2026, 12:13 a.m.
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: ipod touch
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: ipad
db: NVD ids: CVE-2023-41974, CVE-2023-43010, CVE-2024-23222, CVE-2023-43000

Fortinet Authentication Bypass Vulnerabilities Exploited - Léargas Security

Trust: 5.0

Fetched: March 13, 2026, 9:53 a.m., Published: March 10, 2026, 7:46 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2026-24858, CVE-2025-59718, CVE-2025-59719

CVE-2026-24295: Patch Windows Device Association Service Local Privilege Escalation | Windows Forum

Trust: 4.5

Fetched: March 13, 2026, 9:46 a.m., Published: March 10, 2026, 6:54 p.m.
 Vulnerabilities: code execution, privilege escalation, memory corruption
Affected productsExternal IDs
db: NVD ids: CVE-2026-24295