Sign-up

VARIoT news about IoT security

CVE-2026-25963: Fleet Cert Template Auth Bypass | Miggo

Trust: 4.0

Fetched: Feb. 27, 2026, 10:08 a.m., Published: Feb. 27, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2026-25963

Critical Zyxel Router Vulnerabilities Allow Remote Command Injection Attacks

Trust: 5.75

Fetched: Feb. 27, 2026, 10:07 a.m., Published: Feb. 26, 2026, 12:30 p.m.
 Vulnerabilities: command execution, remote command injection, command injection
Affected productsExternal IDs
vendor: google model: home
db: NVD ids: CVE-2025-13942, CVE-2025-13943, CVE-2026-1459, CVE-2025-11845

LUKS Encryption Compromised on Linux ICS Devices via TPM Bus Sniffing Exploit

Trust: 4.0

Fetched: Feb. 27, 2026, 10:06 a.m., Published: Feb. 3, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: infineon model: trusted platform
db: NVD ids: CVE-2026-0714

Critical CVE-2025-13942 Vulnerability in Zyxel Routers: Over 76,000 Devices at Risk

Trust: 3.25

Fetched: Feb. 27, 2026, 10:05 a.m., Published: Feb. 25, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-13942

Software engineer accidentally gains control of 7,000 robot vacuums in a security flaw | - The Times of India

Trust: 4.0

Fetched: Feb. 27, 2026, 10:05 a.m., Published: Feb. 17, 2026, midnight
 Vulnerabilities: authentication flaw
Affected productsExternal IDs

Siemens Simcenter Femap and Nastran | CISA

Trust: 4.75

Fetched: Feb. 27, 2026, 9:58 a.m., Published: March 7, 2026, midnight
 Vulnerabilities: code execution, application crash, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2026-23715, CVE-2026-23720, CVE-2026-23717, CVE-2026-23718, CVE-2026-23716, CVE-2026-23719

Cisco SD-WAN Software Privilege Escalation Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202209-1970, VAR-202209-1914

Trust: 5.0

Fetched: Feb. 27, 2026, 9:57 a.m., Published: Feb. 25, 2026, 8:29 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: sd-wan
vendor: cisco model: cisco sd-wan
db: NVD ids: CVE-2022-20818, CVE-2022-20775

Defending Against Broken Access Control Vulnerabilities: A Comprehensive Guide - Authgear

Trust: 3.5

Fetched: Feb. 27, 2026, 9:55 a.m., Published: Feb. 12, 2026, midnight
 Vulnerabilities: cross-site scripting, privilege escalation, session hijacking...
Affected productsExternal IDs

Blog | Arctic Wolf

Trust: 5.0

Fetched: Feb. 27, 2026, 9:55 a.m., Published: -
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: cisco model: sd-wan
vendor: cisco model: wan manager
vendor: cisco model: catalyst
db: NVD ids: CVE-2026-20127

Fixing Log4j 2.25 Vulnerabilities: A 2025 Retrospective Guide | Markaicode

Trust: 3.75

Fetched: Feb. 27, 2026, 9:54 a.m., Published: March 18, 2025, midnight
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2025-21384, CVE-2025-21386, CVE-2025-21385

OpenSSH Flaws Expose SSH Servers to Critical DoS Attacks and MiTM Vulnerabilities - Security Spotlight

Trust: 3.0

Fetched: Feb. 27, 2026, 9:53 a.m., Published: Feb. 19, 2025, 5:34 p.m.
 Vulnerabilities: service disruption
Affected productsExternal IDs
db: NVD ids: CVE-2025-26465, CVE-2025-26466

PoC Exploit Released for Grandstream GXP1600 VoIP Phones RCE Vulnerability

Trust: 5.5

Fetched: Feb. 27, 2026, 9:52 a.m., Published: Feb. 23, 2026, 12:46 p.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: grandstream model: gxp1615
vendor: grandstream model: gxp1600
vendor: grandstream model: gxp1610
vendor: grandstream model: gxp1630
vendor: grandstream model: gxp1628
vendor: grandstream model: gxp1625
vendor: grandstream model: gxp1620
db: NVD ids: CVE-2026-2329

Security Bulletin: There is a vulnerability in werkzeug-3.1.3-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-66221)

Trust: 3.25

Fetched: Feb. 27, 2026, 9:51 a.m., Published: Feb. 2, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-66221

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

Trust: 5.5

Fetched: Feb. 27, 2026, 9:50 a.m., Published: Feb. 18, 2026, 6:52 a.m.
 Vulnerabilities: request forgery, command execution, file upload vulnerability...
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2008-0015, CVE-2020-7796, CVE-2026-2441, CVE-2024-7694

Moxa Switches Vulnerability Allows Attackers to Bypass Authentication

Trust: 3.0

Fetched: Feb. 27, 2026, 9:50 a.m., Published: Feb. 5, 2026, 1 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-12297

Pixel Update Bulletin-February 2026 | Android Open Source Project

Trust: 4.5

Fetched: Feb. 27, 2026, 9:49 a.m., Published: Feb. 27, 2026, midnight
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2026-0106

OpenClaw security guide 2026: CVE-2026-25253, Moltbook breach & hardening

Trust: 4.25

Fetched: Feb. 27, 2026, 9:47 a.m., Published: Feb. 5, 2026, 5:03 p.m.
 Vulnerabilities: privilege escalation, code execution, command injection
Affected productsExternal IDs
vendor: cisco model: personal assistant
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo model: networks
vendor: palo model: firewall
db: NVD ids: CVE-2026-24763, CVE-2026-25157, CVE-2026-22708, CVE-2026-25253

Critical Zyxel Router Flaw Exposes Thousands to Remote Hacking

Trust: 4.75

Fetched: Feb. 27, 2026, 9:46 a.m., Published: Feb. 25, 2026, midnight
 Vulnerabilities: command execution, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-13942, CVE-2025-13943, CVE-2026-1459

The Hidden Dangers of IoT: When Your Smart Devices Turn Against You

Trust: 3.25

Fetched: Feb. 27, 2026, 9:45 a.m., Published: Feb. 26, 2026, 6:08 a.m.
 Vulnerabilities: authentication flaw, default credentials
Affected productsExternal IDs

Update Canonical Ubuntu Desktop: USN-8063-1: Protocol Buffers vulnerability

Trust: 4.0

Fetched: Feb. 27, 2026, 9:45 a.m., Published: Jan. 27, 8063, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu