Sign-up

VARIoT news about IoT security

Microsoft Desktop Windows Manager Out-Of-Bounds Vulnerability Let Attackers Escalate Privileges

Trust: 4.75

Fetched: Dec. 19, 2025, 12:01 a.m., Published: Dec. 17, 2025, 3:52 p.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-55681

Apple Releases Urgent Security Updates to Address Exploited WebKit Vulnerabilities - Cyber Warriors Middle East

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 4.5

Fetched: Dec. 19, 2025, 12:01 a.m., Published: Dec. 13, 2025, 5:32 a.m.
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: watchos
vendor: apple model: tvos
vendor: apple model: apple tv
vendor: apple model: iphone
vendor: apple model: watch
vendor: apple model: webkit
vendor: apple model: ipad
db: NVD ids: CVE-2025-24200, CVE-2025-43529, CVE-2025-14174, CVE-2025-24201, CVE-2025-24085

Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users

Trust: 5.5

Fetched: Dec. 19, 2025, 12:01 a.m., Published: Dec. 13, 2025, 2:44 a.m.
 Vulnerabilities: memory corruption, privilege escalation, code execution...
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: software update
vendor: apple model: iphone
db: NVD ids: CVE-2025-43501, CVE-2025-46277, CVE-2025-43538, CVE-2025-5918, CVE-2025-43529, CVE-2024-7264, CVE-2025-14174, CVE-2025-9086, CVE-2025-43541, CVE-2025-46276, CVE-2025-46285

CISA Warns of Iskra iHUB Vulnerability Allowing Remote Device

Trust: 4.5

Fetched: Dec. 19, 2025, midnight, Published: Dec. 3, 2025, 5:45 p.m.
 Vulnerabilities: authentication vulnerability, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-13510

Firmware and Bootloaders Under Attack as Hackers Target Pre-OS Environments - Security Spotlight

Trust: 3.75

Fetched: Dec. 19, 2025, midnight, Published: May 28, 2025, 11:19 a.m.
 Vulnerabilities: detection bypass, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-21894

Update Canonical Ubuntu Desktop: USN-7916-1: python-apt vulnerability

Trust: 4.25

Fetched: Dec. 18, 2025, 11:59 p.m., Published: Jan. 19, 7916, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

Update Microsoft SharePoint Server 2019: KB5002802: This security update resolves Microsoft Excel Information vulnerability

Trust: 4.0

Fetched: Dec. 18, 2025, 11:59 p.m., Published: Dec. 18, 2019, midnight
 Vulnerabilities: code execution, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2025-62562, CVE-2025-62559, CVE-2025-62555, CVE-2025-62558

Fortinet FortiWeb Vulnerability (CVE-2025-64446) Exploited in the Wild for Full Admin Takeover

Trust: 4.75

Fetched: Dec. 18, 2025, 11:59 p.m., Published: Dec. 16, 2025, 2:34 p.m.
 Vulnerabilities: path traversal, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-64446

CVE-2025-40761: Bypass Authentication Vulnerability in RUGGEDCOM ROX Devices - Ameeba Exploit Tracker

Trust: 4.0

Fetched: Dec. 18, 2025, 11:58 p.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: authentication vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2025-40761

ZnDoor Malware Exploiting React2Shell Vulnerability to Compromise Network Devices

Trust: 5.0

Fetched: Dec. 18, 2025, 11:57 p.m., Published: Dec. 15, 2025, 6:43 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2025-55182

Millions of smart devices threatened by multiple critical vulnerabilities: security bulletin - CybersecAsia

Trust: 5.0

Fetched: Dec. 18, 2025, 11:56 p.m., Published: Dec. 3, 2025, 10 a.m.
 Vulnerabilities: pointer dereference flaw, buffer overflow, memory corruption...
Affected productsExternal IDs
db: NVD ids: CVE-2025-47319, CVE-2025-47372, CVE-2025-47323, CVE-2025-47350, CVE-2025-47325, CVE-2025-47387, CVE-2025-47322

Access Denied

Trust: 3.0

Fetched: Dec. 18, 2025, 11:56 p.m., Published: March 18, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: iphone
vendor: apple model: watch

Update Microsoft SharePoint Server 2016: KB5002821: This security update resolves Microsoft Outlook Remote Code Execution vulnerability

Trust: 3.25

Fetched: Dec. 18, 2025, 11:55 p.m., Published: Dec. 18, 2016, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-62562, CVE-2025-62559, CVE-2025-62555, CVE-2025-62558

CVE-2025-14738 - Configuration Disclosure Vulnerability in TP-Link WA850RE - SecAlerts

Trust: 3.0

Fetched: Dec. 18, 2025, 11:55 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-14738

Update Canonical Ubuntu Server: USN-7932-1: libsoup vulnerability

Trust: 4.25

Fetched: Dec. 18, 2025, 11:55 p.m., Published: Jan. 18, 7932, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

IEC 60601 Vulnerability Assessment & Penetration Testing | Medical Device Security Services in Indonesia - Cyberintelsys

Trust: 3.75

Fetched: Dec. 18, 2025, 11:54 p.m., Published: Nov. 25, 2025, 9:05 a.m.
 Vulnerabilities: service disruption
Affected productsExternal IDs

Vulnerability management for Azure Kubernetes Service - Azure Kubernetes Service | Azure Docs

Trust: 3.5

Fetched: Dec. 18, 2025, 11:53 p.m., Published: Sept. 21, 2025, midnight
 Vulnerabilities: cross-site scripting, sql injection, buffer overflow
Affected productsExternal IDs
vendor: canonical model: ubuntu

Android chip vulnerability puts Web3 wallets at risk

Trust: 3.5

Fetched: Dec. 18, 2025, 11:51 p.m., Published: Dec. 18, 7300, midnight
 Vulnerabilities: injection attack, code execution
Affected productsExternal IDs

Disclosed Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202507-3117, VAR-202507-3108, VAR-202507-3132

Trust: 4.25

Fetched: Dec. 18, 2025, 11:49 p.m., Published: Aug. 22, 2025, 7:05 a.m.
 Vulnerabilities: code execution, denial of service, local file inclusion...
Affected productsExternal IDs
vendor: mailenable model: mailenable
vendor: sonicwall model: sma100
vendor: sonicwall model: sonicos
vendor: mitel model: micollab
vendor: watchguard model: firebox
db: NVD ids: CVE-2025-24472, CVE-2024-42455, CVE-2023-30805, CVE-2025-32370, CVE-2022-26377, CVE-2025-34522, CVE-2025-27816, CVE-2025-0109, CVE-2025-53694, CVE-2024-21902, CVE-2023-39279, CVE-2025-2775, CVE-2025-21547, CVE-2022-33737, CVE-2023-30804, CVE-2023-39280, CVE-2023-50362, CVE-2023-39277, CVE-2025-2776, CVE-2023-50361, CVE-2025-2748, CVE-2025-40598, CVE-2024-32763, CVE-2023-50364, CVE-2022-34298, CVE-2024-22319, CVE-2024-8069, CVE-2023-50363, CVE-2024-8885, CVE-2025-40596, CVE-2023-30803, CVE-2025-53693, CVE-2025-11838, CVE-2025-34510, CVE-2025-34028, CVE-2025-2747, CVE-2025-34509, CVE-2025-23120, CVE-2025-23121, CVE-2024-41713, CVE-2025-2777, CVE-2023-30802, CVE-2025-40597, CVE-2025-2794, CVE-2024-27130, CVE-2023-41711, CVE-2025-32372, CVE-2025-34521, CVE-2025-53691, CVE-2025-26336, CVE-2025-2749, CVE-2024-8068, CVE-2025-2746, CVE-2024-27127, CVE-2024-27128, CVE-2024-27131, CVE-2025-3600, CVE-2023-30806, CVE-2023-39276, CVE-2023-42344, CVE-2024-22320, CVE-2023-41712, CVE-2022-33738, CVE-2023-42343, CVE-2025-34511, CVE-2025-53692, CVE-2023-42345, CVE-2025-34523, CVE-2023-39278, CVE-2025-7433, CVE-2023-42346, CVE-2025-36604, CVE-2024-27129, CVE-2024-22024, CVE-2024-48248, CVE-2025-34520, CVE-2025-36605, CVE-2023-41713, CVE-2024-50566

About the security content of iOS 18.7.3 and iPadOS 18.7.3 - Apple Support

Trust: 5.25

Fetched: Dec. 18, 2025, 11:48 p.m., Published: July 18, 2003, midnight
 Vulnerabilities: process crash, code execution, user interface issue...
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone
db: NVD ids: CVE-2025-43501, CVE-2025-43530, CVE-2025-46276, CVE-2025-43541, CVE-2025-43531, CVE-2025-43535, CVE-2025-46287, CVE-2025-43538, CVE-2025-43539, CVE-2025-46292, CVE-2025-43532, CVE-2025-14174, CVE-2025-43542, CVE-2025-43512, CVE-2025-46285, CVE-2025-43536, CVE-2025-46279, CVE-2024-7264, CVE-2025-43529, CVE-2025-9086, CVE-2025-5918