Sign-up

VARIoT news about IoT security

Critical Vivotek Vulnerability Allows Remote Users to Inject Arbitrary Code

Trust: 5.75

Fetched: Jan. 27, 2026, 7:32 p.m., Published: Jan. 22, 2026, 1:29 p.m.
 Vulnerabilities: code injection, code execution, command execution
Affected productsExternal IDs
vendor: vivotek model: camera
db: NVD ids: CVE-2026-22755

Response to Ivanti's Recent Zero-day Vulnerability Exploitation - AttackIQ

Trust: 5.25

Fetched: Jan. 27, 2026, 7:31 p.m., Published: Feb. 7, 2024, 9:55 a.m.
 Vulnerabilities: command injection, brute force attack, authentication bypass
Affected productsExternal IDs
vendor: pulse secure model: policy secure
vendor: pulse secure model: connect secure
db: NVD ids: CVE-2024-21887, CVE-2023-46805

Hubitat Elevation Hubs | CISA

Trust: 3.0

Fetched: Jan. 27, 2026, 7:30 p.m., Published: March 9, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2026-1201

HPE Alletra and Nimble Storage Vulnerability Allows Remote Attackers to Gain Admin Access

Trust: 4.75

Fetched: Jan. 27, 2026, 7:29 p.m., Published: Jan. 23, 2026, 7:14 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: hewlett packard enterprise model: integrity
vendor: hewlett packard model: integrity
db: NVD ids: CVE-2026-23594, CVE-2026-235948

Cisco ASA & FTD Firewalls Hit by Active Zero-Day Exploitation (2025)

Trust: 3.75

Fetched: Jan. 27, 2026, 7:29 p.m., Published: Jan. 27, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: adaptive security appliance
db: NVD ids: CVE-2025-20333, CVE-2025-20362

Fortinet SSO Vulnerability Actively Exploited to Hack Firewalls and Gain Admin Access

Trust: 6.0

Fetched: Jan. 27, 2026, 7:28 p.m., Published: Jan. 22, 2026, 2:49 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2025-59718

CVE-2026-0780 - ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability

Trust: 4.75

Fetched: Jan. 27, 2026, 7:26 p.m., Published: Jan. 23, 2026, 4:16 a.m.
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2026-0780

Could One Wi-Fi Frame Crash Your 5G Network? | Technology Curated

Trust: 3.5

Fetched: Jan. 27, 2026, 7:25 p.m., Published: Jan. 22, 2026, 8:34 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asus model: asus firmware
vendor: asus model: asus
vendor: asus model: router

TP-Link Vulnerability Allows Authentication Bypass Via Password Recovery Feature

Trust: 4.75

Fetched: Jan. 27, 2026, 7:25 p.m., Published: Jan. 20, 2026, 1:24 p.m.
 Vulnerabilities: authentication vulnerability, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2026-0629

CVE-2025-65397 - Blurams Flare Camera Authentication Bypass Vulnerability

Trust: 3.75

Fetched: Jan. 27, 2026, 7:24 p.m., Published: Jan. 14, 2026, 6:16 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-65397

CVE-2026-0782 - ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability

Trust: 4.75

Fetched: Jan. 27, 2026, 7:24 p.m., Published: Jan. 23, 2026, 4:16 a.m.
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2026-0782

CVE-2026-0779 - ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability

Trust: 4.75

Fetched: Jan. 27, 2026, 7:24 p.m., Published: Jan. 23, 2026, 4:16 a.m.
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2026-0779

CVE-2026-0796 - Vulnerability Details - OpenCVE

Trust: 4.75

Fetched: Jan. 27, 2026, 7:23 p.m., Published: Jan. 27, 8180, midnight
 Vulnerabilities: command injection, code execution, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-0796

CVE-2025-71157 - RDMA/core: always drop device refcount in ib_del_sub_device_and_put()

Trust: 3.0

Fetched: Jan. 27, 2026, 7:23 p.m., Published: Jan. 23, 2026, 3:16 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-71157

VU#650657 - Livewire Filemanager contains an insecure .php component that allows for unauthenticated RCE in Laravel Products

Trust: 4.0

Fetched: Jan. 27, 2026, 7:22 p.m., Published: Jan. 16, 2026, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-14894

iPhone Security Crisis: 80% Remain Vulnerable Despite Patches

Trust: 3.5

Fetched: Jan. 27, 2026, 7 p.m., Published: Jan. 26, 2026, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android
vendor: apple model: safari
vendor: apple model: software update
vendor: apple model: ipad
vendor: apple model: tvos
vendor: apple model: ipad air
vendor: apple model: webkit
vendor: apple model: watchos
vendor: apple model: iphone

The Unsettling Persistence of Insecurity: Nearly 800,000 Telnet Servers Exposed to Critical Remote Attacks

Trust: 3.5

Fetched: Jan. 27, 2026, 6:59 p.m., Published: -
 Vulnerabilities: default credentials, code execution, authentication bypass
Affected productsExternal IDs

Fortinet Confirms Active Exploitation of FortiCloud SSO Authentication Bypass Vulnerability

Trust: 6.0

Fetched: Jan. 27, 2026, 6:59 p.m., Published: Jan. 23, 2026, 11:52 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2025-59718, CVE-2025-59719

Critical Reference Count Vulnerability in Linux Kernel - CVE-2025-71157

Trust: 5.25

Fetched: Jan. 27, 2026, 6:58 p.m., Published: Jan. 23, 2026, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2025-71157

Apple iPhone Security Alert: WebKit Flaw Threatens Mobile Commerce

Trust: 5.25

Fetched: Jan. 27, 2026, 6:58 p.m., Published: Jan. 20, 2026, midnight
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: tvos
vendor: apple model: ipad air
vendor: apple model: webkit
vendor: apple model: watchos
vendor: apple model: iphone
db: NVD ids: CVE-2025-14174, CVE-2025-43529