Sign-up

VARIoT news about IoT security

Google Confirms Active Exploitation of Android Graphics Flaw - Delimiter Online

Trust: 5.0

Fetched: March 4, 2026, 9:19 a.m., Published: March 3, 2026, 6:48 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2026-21385

CVE-2026-23999 - Predictable Device Unlock PINs in Fleet Device Management Software

Trust: 3.0

Fetched: March 4, 2026, 9:18 a.m., Published: Feb. 26, 2026, 2:45 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2026-23999

Claude's collaboration tools allowed remote code execution • The Register

Trust: 5.75

Fetched: March 4, 2026, 9:17 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: check point model: check point
db: NVD ids: CVE-2025-59536, CVE-2026-21852

Are Smart Home Devices Safe: Every Risk and How to Neutralize It - Shield Operations

Trust: 5.25

Fetched: March 4, 2026, 9:16 a.m., Published: March 3, 2026, midnight
 Vulnerabilities: default credentials, default password
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: hikvision model: hikvision
vendor: philips model: hue bridge
vendor: philips hue model: hue bridge
vendor: google model: home
vendor: google model: pixel
vendor: google model: google home
vendor: zooz model: plug
vendor: home assistant model: home assistant
vendor: samsung model: samsung
vendor: netgear model: router
vendor: asus model: router
vendor: asus model: routers
vendor: asus model: asus
vendor: lifx model: bulb
vendor: ecobee model: smart thermostat
vendor: raspberry pi model: 3
db: NVD ids: CVE-2020-6007

Hitachi REB500 Vulnerabilities CVE-2026-2459 and CVE-2026-2460: Patch to 8.3.3.1 | Windows Forum

Trust: 3.75

Fetched: March 4, 2026, 9:15 a.m., Published: March 3, 2026, 6:10 p.m.
 Vulnerabilities: directory traversal
Affected productsExternal IDs
db: NVD ids: CVE-2026-2460, CVE-2026-2459

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability - The Network DNA: Networking, Cloud, and Security Technology Blog

Related entries in the VARIoT vulnerabilities database: VAR-202602-3258

Trust: 4.25

Fetched: March 4, 2026, 9:14 a.m., Published: Feb. 27, 2026, midnight
 Vulnerabilities: authentication bypass, denial of service
Affected productsExternal IDs
vendor: cisco model: catalyst
vendor: cisco model: vedge
vendor: cisco model: cisco sd-wan
vendor: cisco model: sd-wan vmanage
vendor: cisco model: wan manager
vendor: cisco model: sd-wan
db: NVD ids: CVE-2026-20127

CVE-2026-20127 Zero-Day Auth Bypass Exploited | Tenable®

Related entries in the VARIoT vulnerabilities database: VAR-202209-1914, VAR-202602-3258

Trust: 4.75

Fetched: March 4, 2026, 9:13 a.m., Published: Feb. 25, 2026, 6:51 p.m.
 Vulnerabilities: privilege escalation, authentication bypass
Affected productsExternal IDs
vendor: cisco model: catalyst
vendor: cisco model: cisco sd-wan
vendor: cisco model: sd-wan vmanage
vendor: cisco model: wan manager
vendor: cisco model: sd-wan
db: NVD ids: CVE-2022-20775, CVE-2026-20127

Google Confirms CVE-2026-21385 in Qualcomm Android Component Is Being Exploited

Trust: 5.5

Fetched: March 4, 2026, 9:12 a.m., Published: March 3, 2026, 8:57 a.m.
 Vulnerabilities: integer overflow, privilege escalation, memory corruption
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2026-21385, CVE-2026-0006

Android devices hit by exploited Qualcomm flaw CVE-2026-21385

Trust: 6.0

Fetched: March 4, 2026, 9:12 a.m., Published: March 3, 2026, 10:03 a.m.
 Vulnerabilities: memory corruption, integer overflow, denial of service...
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2026-21385, CVE-2026-0031, CVE-2024-43859, CVE-2026-0028, CVE-2026-0030, CVE-2026-0027, CVE-2026-0047, CVE-2026-0006, CVE-2025-48631, CVE-2026-0037, CVE-2026-0038

Google addresses actively exploited Qualcomm zero-day in fresh batch of 129 Android vulnerabilities | CyberScoop

Trust: 4.0

Fetched: March 4, 2026, 9:11 a.m., Published: March 2, 2026, 10:20 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2026-21385

Don’t ignore Apple’s urgent security update | 930 WFMD Free Talk

Trust: 5.75

Fetched: March 3, 2026, 9:47 a.m., Published: -
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: watch
vendor: apple model: apple tv
db: NVD ids: CVE-2026-20700

Zyxel Patches Critical Vulnerability in Multiple Device Models | Automated News - Automator Solutions posted on the topic | LinkedIn

Trust: 3.75

Fetched: March 3, 2026, 9:45 a.m., Published: March 3, 2026, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: wireshark model: wireshark

Cyber News Live on X: "Google has patched a high-severity zero-day vulnerability (CVE-2026-21385) in Qualcomm display components that affects 234 Android chipsets and is being actively exploited in targeted attacks. The flaw was reported in December but only publicly disclosed now, with fixes available" / X

Trust: 4.25

Fetched: March 3, 2026, 9:44 a.m., Published: March 3, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2026-21385

CISA Warns of RESURGE Malware Exploiting 0-Days to Breach Ivanti Connect

Trust: 4.5

Fetched: March 3, 2026, 9:44 a.m., Published: March 2, 2026, 4:45 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: snort model: snort
vendor: trend model: security
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2023-46805, CVE-2024-21887

MAR-25993211-r1.v2 Ivanti Connect Secure (RESURGE) | CISA

Trust: 4.25

Fetched: March 3, 2026, 9:40 a.m., Published: Feb. 26, 2026, midnight
 Vulnerabilities: command execution, arbitrary command execution
Affected productsExternal IDs
vendor: quick heal model: quick heal
vendor: clamav model: clamav
vendor: emsisoft model: antivirus
vendor: sophos model: firewall
vendor: avira model: antivirus
db: NVD ids: CVE-2025-0282

About the security content of macOS Tahoe 26.3 - Apple Support

Trust: 4.25

Fetched: March 3, 2026, 9:39 a.m., Published: March 26, 2026, midnight
 Vulnerabilities: memory corruption, process crash, bounds access issue...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: icloud
vendor: trend model: security
db: NVD ids: CVE-2026-20656, CVE-2026-20677, CVE-2026-20612, CVE-2026-20634, CVE-2026-20673, CVE-2026-20662, CVE-2026-20652, CVE-2026-20615, CVE-2026-20621, CVE-2026-20628, CVE-2026-20610, CVE-2026-20602, CVE-2026-20700, CVE-2026-20616, CVE-2026-20624, CVE-2026-20660, CVE-2026-20658, CVE-2026-20619, CVE-2026-20617, CVE-2026-20601, CVE-2026-20649, CVE-2026-20636, CVE-2026-20654, CVE-2026-20676, CVE-2026-20627, CVE-2026-20646, CVE-2026-20626, CVE-2026-20635, CVE-2026-20614, CVE-2026-20608, CVE-2026-20611, CVE-2026-20675, CVE-2025-59375, CVE-2026-20603, CVE-2026-20653, CVE-2026-20650, CVE-2026-20625, CVE-2026-20623, CVE-2026-20606, CVE-2026-20647, CVE-2026-20667, CVE-2026-20618, CVE-2025-43529, CVE-2026-20609, CVE-2025-14174, CVE-2026-20644, CVE-2026-20620, CVE-2026-20680, CVE-2026-20605, CVE-2026-20681, CVE-2026-20648, CVE-2026-20666, CVE-2026-20671, CVE-2026-20629, CVE-2026-20641, CVE-2026-20630, CVE-2026-20669

Mitsubishi Electric MELSEC iQ-R Series | CISA

Trust: 5.25

Fetched: March 3, 2026, 9:39 a.m., Published: May 3, 2026, midnight
 Vulnerabilities: improper validation, information disclosure
Affected productsExternal IDs
vendor: mitsubishi model: melsec iq-r
vendor: mitsubishi model: melsec iq-r series
vendor: mitsubishi model: r08/16/32/120pcpu
vendor: mitsubishi electric model: melsec iq-r
vendor: mitsubishi electric model: melsec iq-r series
vendor: mitsubishi electric model: r08/16/32/120pcpu
db: NVD ids: CVE-2025-15080

Ivanti Endpoint Manager Vulnerability Allows Remote Attackers to Leak Arbitrary Data

Trust: 4.75

Fetched: March 3, 2026, 9:39 a.m., Published: Feb. 11, 2026, 11:13 a.m.
 Vulnerabilities: sql injection, weak password, authentication bypass
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2026-1602, CVE-2026-1603

NSA Joins ASD’s ACSC and Others to Release a Cybersecurity Alert and Related Hunt Guide on Cisco SD-WAN Systems > National Security Agency/Central Security Service > Press Release View

Related entries in the VARIoT vulnerabilities database: VAR-202602-3258

Trust: 4.75

Fetched: March 3, 2026, 9:38 a.m., Published: Feb. 26, 2026, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: cisco model: catalyst
vendor: cisco model: sd-wan
vendor: cisco model: cisco sd-wan
db: NVD ids: CVE-2026-20127

AL26-004 - Critical vulnerability affecting Cisco Catalyst SD-WAN - CVE-2026-20127 - Canadian Centre for Cyber Security

Related entries in the VARIoT vulnerabilities database: VAR-202602-3258

Trust: 3.5

Fetched: March 3, 2026, 9:35 a.m., Published: Feb. 25, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: wan manager
vendor: cisco model: sd-wan
vendor: cisco model: sd-wan vmanage
vendor: cisco model: catalyst
db: NVD ids: CVE-2026-20127