Sign-up

VARIoT news about IoT security

Critical FortiGate SSO Vulnerability Actively Exploited in Real-World Attacks

Trust: 6.0

Fetched: Dec. 18, 2025, 11:07 p.m., Published: Dec. 16, 2025, 11:14 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2025-59719, CVE-2025-59718, CVE-2025-597199, CVE-2025-597189

Critical FortiGate SSO Vulnerability Actively Exploited in the Wild

Trust: 5.75

Fetched: Dec. 18, 2025, 11:07 p.m., Published: Dec. 16, 2025, 11:47 a.m.
 Vulnerabilities: authentication bypass, weak password
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2025-59719, CVE-2025-59718

SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

Trust: 5.25

Fetched: Dec. 18, 2025, 11:07 p.m., Published: Dec. 18, 2025, 7:16 a.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
vendor: sonicwall model: secure mobile access
vendor: sonicwall model: remote access
vendor: sonicwall model: sma 100
db: NVD ids: CVE-2025-40602, CVE-2025-23006

Critical FortiGate Devices SSO Vulnerabilities Actively Exploited in the Wild

Trust: 6.0

Fetched: Dec. 18, 2025, 11:01 p.m., Published: Dec. 16, 2025, 7:43 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2025-59719, CVE-2025-59718

Surface Laptop 5 gets new (November 25, 2025) firmware updates

Trust: 3.75

Fetched: Nov. 26, 2025, 9:17 a.m., Published: Nov. 25, 2025, midnight
 Vulnerabilities: denial of service, application crash, information disclosure...
Affected productsExternal IDs
db: NVD ids: CVE-2024-21864, CVE-2022-36392, CVE-2022-38102, CVE-2024-44074

General Industrial Controls Lynx+ Gateway | CISA

Trust: 5.0

Fetched: Nov. 25, 2025, 9:42 a.m., Published: Nov. 1, 2025, midnight
 Vulnerabilities: weak password
Affected productsExternal IDs
db: NVD ids: CVE-2025-55034, CVE-2025-62765, CVE-2025-58083, CVE-2025-59780

The Hidden Risk of Device Sprawl: Why More Devices Mean More Exposure

Trust: 3.0

Fetched: Nov. 25, 2025, 9:41 a.m., Published: Nov. 3, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Update Canonical Ubuntu Server: USN-7878-1: cups-filters vulnerabilities

Trust: 4.5

Fetched: Nov. 25, 2025, 9:41 a.m., Published: Jan. 25, 7878, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cups model: cups
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-64503, CVE-2025-57812, CVE-2025-64524

Update Canonical Ubuntu Server: USN-7877-1: libcupsfilters vulnerabilities

Trust: 6.25

Fetched: Nov. 25, 2025, 9:40 a.m., Published: Jan. 25, 7877, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-64503, CVE-2025-57812

Update Canonical Ubuntu Server: USN-7861-3: Linux kernel vulnerabilities

Trust: 4.25

Fetched: Nov. 25, 2025, 9:39 a.m., Published: March 25, 7861, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-40300

Update Canonical Ubuntu Desktop: USN-7886-1: Python vulnerabilities

Trust: 5.0

Fetched: Nov. 25, 2025, 9:39 a.m., Published: Jan. 25, 7886, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-8291, CVE-2025-6075

Update Canonical Ubuntu Server: USN-7879-1: Linux kernel vulnerabilities

Trust: 3.25

Fetched: Nov. 25, 2025, 9:39 a.m., Published: Jan. 25, 7879, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities - Cyber Security Review

Trust: 3.75

Fetched: Nov. 25, 2025, 9:38 a.m., Published: Nov. 12, 2025, 8:46 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: nexus
vendor: cisco model: firepower
db: NVD ids: CVE-2025-41244, CVE-2025-53770, CVE-2025-20362, CVE-2025-20333

Tenda N300 Vulnerabilities Let Attacker to Execute Arbitrary Commands as Root User

Related entries in the VARIoT vulnerabilities database: VAR-202305-0900

Trust: 5.75

Fetched: Nov. 25, 2025, 9:37 a.m., Published: Nov. 24, 2025, 1:36 p.m.
 Vulnerabilities: code execution, command execution, command injection
Affected productsExternal IDs
vendor: tenda model: router
db: NVD ids: CVE-2023-2649, CVE-2025-13207, CVE-2024-24481

CE-Cyber Delegated Act: What IoT Manufacturers Need to Do Before Enforcement - IoT Business News

Trust: 3.75

Fetched: Nov. 25, 2025, 9:36 a.m., Published: Nov. 24, 2025, 8:25 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs

Microsoft Update Health Tools Vulnerability Lets Attackers Run Remote Code

Trust: 4.0

Fetched: Nov. 25, 2025, 9:35 a.m., Published: Nov. 25, 2025, 5:39 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year

Trust: 4.5

Fetched: Nov. 25, 2025, 9:30 a.m., Published: Nov. 18, 2025, 3:56 p.m.
 Vulnerabilities: code execution, resource exhaustion
Affected productsExternal IDs
db: NVD ids: CVE-2025-59489

Qualcomm confirms security vulnerability; Samsung, Apple devices affected

Trust: 4.5

Fetched: Nov. 25, 2025, 9:29 a.m., Published: Nov. 3, 2025, midnight
 Vulnerabilities: code execution, memory corruption, privilege escalation
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: oneplus model: oneplus
vendor: oneplus model: 3
vendor: samsung model: samsung
db: NVD ids: CVE-2024-43047

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Nov. 25, 2025, 9:29 a.m., Published: -
 Vulnerabilities: configuration error
Affected productsExternal IDs

CVE-2025-40591: Command Injection Vulnerability in RUGGEDCOM ROX Devices - Ameeba Exploit Tracker

Trust: 4.0

Fetched: Nov. 25, 2025, 9:29 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-40591