Sign-up

VARIoT news about IoT security

Update Canonical Ubuntu Desktop: USN-7975-1: pyasn1 vulnerability

Trust: 4.25

Fetched: Jan. 28, 2026, 9:21 a.m., Published: Jan. 28, 7975, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

Update Canonical Ubuntu Server: USN-7975-1: pyasn1 vulnerability

Trust: 4.25

Fetched: Jan. 28, 2026, 9:21 a.m., Published: Jan. 28, 7975, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

Update Canonical Ubuntu Server: USN-7971-1: GLib vulnerability

Trust: 4.25

Fetched: Jan. 28, 2026, 9:21 a.m., Published: Jan. 28, 7971, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

U.S. CISA adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

Related entries in the VARIoT vulnerabilities database: VAR-201809-0668

Trust: 4.75

Fetched: Jan. 28, 2026, 9:21 a.m., Published: Jan. 27, 2026, 2:54 p.m.
 Vulnerabilities: feature bypass, security feature bypass, authentication bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2026-23760, CVE-2025-52691, CVE-2018-14634, CVE-2026-21509, CVE-2026-24061

CVE-2020-36982 : Unquoted Service Path Vulnerability in Motorola Device Manager

Trust: 4.25

Fetched: Jan. 28, 2026, 9:18 a.m., Published: Jan. 27, 2026, 6:51 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: motorola model: motorola
db: NVD ids: CVE-2020-36982

Redmi Buds Vulnerability Exposes Call Data and Enables Firmware Crashes

Related entries in the VARIoT vulnerabilities database: VAR-201404-0592

Trust: 5.0

Fetched: Jan. 27, 2026, 7:33 p.m., Published: Jan. 19, 2026, 2:02 p.m.
 Vulnerabilities: resource exhaustion
Affected productsExternal IDs
vendor: xiaomi model: redmi
db: NVD ids: CVE-2025-13328, CVE-2025-13834, CVE-2014-0160

Cyber Security News Today | Articles on Cyber Security, Malware Attack updates | Cyware

Trust: 3.25

Fetched: Jan. 27, 2026, 7:32 p.m., Published: Jan. 27, 2026, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-37079

Fortinet Confirms Active Exploitation of FortiCloud SSO Authentication Bypass Flaw

Trust: 4.25

Fetched: Jan. 27, 2026, 7:32 p.m., Published: Jan. 23, 2026, 2:18 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-59718, CVE-2025-597199, CVE-2025-59719, CVE-2025-597189

Critical Vivotek Vulnerability Allows Remote Users to Inject Arbitrary Code

Trust: 5.75

Fetched: Jan. 27, 2026, 7:32 p.m., Published: Jan. 22, 2026, 1:29 p.m.
 Vulnerabilities: code injection, code execution, command execution
Affected productsExternal IDs
vendor: vivotek model: camera
db: NVD ids: CVE-2026-22755

Response to Ivanti's Recent Zero-day Vulnerability Exploitation - AttackIQ

Trust: 5.25

Fetched: Jan. 27, 2026, 7:31 p.m., Published: Feb. 7, 2024, 9:55 a.m.
 Vulnerabilities: command injection, brute force attack, authentication bypass
Affected productsExternal IDs
vendor: pulse secure model: policy secure
vendor: pulse secure model: connect secure
db: NVD ids: CVE-2024-21887, CVE-2023-46805

Hubitat Elevation Hubs | CISA

Trust: 3.0

Fetched: Jan. 27, 2026, 7:30 p.m., Published: March 9, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2026-1201

HPE Alletra and Nimble Storage Vulnerability Allows Remote Attackers to Gain Admin Access

Trust: 4.75

Fetched: Jan. 27, 2026, 7:29 p.m., Published: Jan. 23, 2026, 7:14 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: hewlett packard enterprise model: integrity
vendor: hewlett packard model: integrity
db: NVD ids: CVE-2026-23594, CVE-2026-235948

Cisco ASA & FTD Firewalls Hit by Active Zero-Day Exploitation (2025)

Trust: 3.75

Fetched: Jan. 27, 2026, 7:29 p.m., Published: Jan. 27, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: adaptive security appliance
db: NVD ids: CVE-2025-20333, CVE-2025-20362

Fortinet SSO Vulnerability Actively Exploited to Hack Firewalls and Gain Admin Access

Trust: 6.0

Fetched: Jan. 27, 2026, 7:28 p.m., Published: Jan. 22, 2026, 2:49 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2025-59718

CVE-2026-0780 - ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability

Trust: 4.75

Fetched: Jan. 27, 2026, 7:26 p.m., Published: Jan. 23, 2026, 4:16 a.m.
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2026-0780

Could One Wi-Fi Frame Crash Your 5G Network? | Technology Curated

Trust: 3.5

Fetched: Jan. 27, 2026, 7:25 p.m., Published: Jan. 22, 2026, 8:34 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asus model: asus firmware
vendor: asus model: asus
vendor: asus model: router

TP-Link Vulnerability Allows Authentication Bypass Via Password Recovery Feature

Trust: 4.75

Fetched: Jan. 27, 2026, 7:25 p.m., Published: Jan. 20, 2026, 1:24 p.m.
 Vulnerabilities: authentication vulnerability, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2026-0629

CVE-2025-65397 - Blurams Flare Camera Authentication Bypass Vulnerability

Trust: 3.75

Fetched: Jan. 27, 2026, 7:24 p.m., Published: Jan. 14, 2026, 6:16 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-65397

CVE-2026-0782 - ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability

Trust: 4.75

Fetched: Jan. 27, 2026, 7:24 p.m., Published: Jan. 23, 2026, 4:16 a.m.
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2026-0782

CVE-2026-0779 - ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability

Trust: 4.75

Fetched: Jan. 27, 2026, 7:24 p.m., Published: Jan. 23, 2026, 4:16 a.m.
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2026-0779