Sign-up

VARIoT news about IoT security

Cisco Catalyst Center Cross-Site Scripting Vulnerability - Cisco

Trust: 5.25

Fetched: Nov. 16, 2025, 9:33 a.m., Published: Nov. 13, 2025, 10:51 a.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: catalyst

Access Denied

Trust: 3.0

Fetched: Nov. 16, 2025, 9:31 a.m., Published: Nov. 18, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: watch
vendor: apple model: safari

CVE-2025-64446: Fortinet FortiWeb Zero-Day Path Traversal Vulnerability Exploited in the Wild - Security Boulevard

Trust: 3.25

Fetched: Nov. 16, 2025, 9:30 a.m., Published: Nov. 14, 2025, 5:45 p.m.
 Vulnerabilities: path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2025-64446

CISA Identifies Ongoing Cyber Threats to Cisco ASA and Firepower Devices | CISA

Trust: 3.0

Fetched: Nov. 16, 2025, 9:29 a.m., Published: Nov. 12, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: firepower

Cloaked - Are Your Networks at Risk? What the Latest Cisco Firewall Vulnerabilities Mean for You

Trust: 4.5

Fetched: Nov. 14, 2025, 9:33 a.m., Published: Nov. 8, 2025, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: essential model: phone
vendor: cisco model: firepower threat defense
vendor: cisco model: adaptive security appliance
vendor: cisco model: firepower
vendor: cisco model: threat response
vendor: cisco model: routers
db: NVD ids: CVE-2025-20333, CVE-2025-20362

Holiday Tech Alert: Digital Picture Frame Security Issues | Quokka

Trust: 4.5

Fetched: Nov. 14, 2025, 9:31 a.m., Published: Nov. 13, 2025, 1 p.m.
 Vulnerabilities: sql injection, code execution, path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2025-58391, CVE-2025-58396, CVE-2025-58394, CVE-2025-58390, CVE-2025-58389, CVE-2025-58397, CVE-2025-58395, CVE-2025-58388, CVE-2025-58392, CVE-2025-58387, CVE-2025-58393

CISA Lists WatchGuard Firebox Vulnerabilities | BTI Group

Trust: 3.25

Fetched: Nov. 14, 2025, 9:30 a.m., Published: Nov. 14, 2025, 1:39 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: watchguard model: firebox

U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog

Trust: 4.5

Fetched: Nov. 14, 2025, 9:30 a.m., Published: Nov. 13, 2025, 11:29 a.m.
 Vulnerabilities: access control vulnerability, improper access control, code execution
Affected productsExternal IDs
vendor: watchguard model: firebox
vendor: watchguard model: fireware
vendor: watchguard model: watchguard fireware
db: NVD ids: CVE-2025-9242, CVE-2025-62215, CVE-2025-30406, CVE-2025-11371, CVE-2025-12480

Cisco Desk, IP, and Video Phones Vulnerable to Remote DoS and XSS Attacks

Related entries in the VARIoT vulnerabilities database: VAR-202510-4196, VAR-202510-3182

Trust: 5.5

Fetched: Nov. 14, 2025, 9:30 a.m., Published: Oct. 17, 2025, 8:57 a.m.
 Vulnerabilities: buffer overflow, cross-site scripting
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: cisco unified communications manager
vendor: cisco model: unified communications manager
vendor: cisco model: ip phone 7800
vendor: cisco model: ip phone
vendor: cisco model: unified communications
vendor: essential model: phone
db: NVD ids: CVE-2025-20351, CVE-2025-20350

CISA Warns: WatchGuard Firebox Out-of-Bounds Write Vulnerability Under Active Exploitation

Trust: 3.75

Fetched: Nov. 14, 2025, 9:29 a.m., Published: Nov. 13, 2025, 9:13 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: watchguard model: firebox
db: NVD ids: CVE-2025-9242

CVE-2025-40181 - x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP - SecAlerts

Trust: 3.75

Fetched: Nov. 14, 2025, 9:29 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dram model: dram
db: NVD ids: CVE-2025-40181

Siemens Security Slip-Up: CSRF Vulnerability Hits SICAM Devices! - The Nimble Nerd

Trust: 3.25

Fetched: Nov. 14, 2025, 9:28 a.m., Published: May 14, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: sicam

CVE-2025-20349 - Cisco DNA Center API Command Injection Vulnerability - SecAlerts

Trust: 5.0

Fetched: Nov. 14, 2025, 9:27 a.m., Published: -
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: dna center
db: NVD ids: CVE-2025-20349

INTEL-SA-01398

Trust: 5.0

Fetched: Nov. 14, 2025, 9:26 a.m., Published: Oct. 14, 2025, 12:53 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2025-24512, CVE-2025-35963, CVE-2025-35971, CVE-2025-30255, CVE-2025-35967, CVE-2025-33029

Palo Alto PAN-OS Firewall Vulnerability Let Attackers Reboot Firewall by

Trust: 4.5

Fetched: Nov. 14, 2025, 9:26 a.m., Published: Nov. 14, 2025, 10:49 a.m.
 Vulnerabilities: service disruption, security bypass
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: firewall
vendor: snort.org model: snort
vendor: snort model: snort
vendor: wireshark model: wireshark
db: NVD ids: CVE-2025-4619

A Practical Guide to PrintNightmare in 2024 | itm4n's blog

Related entries in the VARIoT vulnerabilities database: VAR-202107-1010

Trust: 6.25

Fetched: Nov. 14, 2025, 9:25 a.m., Published: Jan. 27, 2024, 11 p.m.
 Vulnerabilities: privilege escalation, code execution, path traversal...
Affected productsExternal IDs
vendor: lexmark model: lexmark
vendor: lexmark model: printer sharing
vendor: lexmark model: printer
db: NVD ids: CVE-2021-35449, CVE-2021-34527

Managing Third-Party Application Vulnerabilities: A Critical Component of Modern Device Management

Trust: 3.0

Fetched: Nov. 14, 2025, 9:24 a.m., Published: Nov. 3, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362

Trust: 3.75

Fetched: Nov. 14, 2025, 9:23 a.m., Published: Nov. 6, 2025, 2:58 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: unified contact center express
vendor: cisco model: adaptive security appliance
vendor: cisco model: identity services engine
vendor: cisco model: unified ccx
db: NVD ids: CVE-2025-20354, CVE-2025-20333, CVE-2025-20343, CVE-2025-20358, CVE-2025-20362

CVE-2025-20353 - Cisco Catalyst Center Cross-Site Scripting Vulnerability - SecAlerts

Trust: 5.0

Fetched: Nov. 14, 2025, 9:22 a.m., Published: -
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: catalyst
db: NVD ids: CVE-2025-20353

Synology BeeStation 0-Day Vulnerability Let Remote Attackers Execute

Trust: 4.75

Fetched: Nov. 14, 2025, 9:21 a.m., Published: Nov. 12, 2025, 12:50 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
vendor: snort model: snort
db: NVD ids: CVE-2025-12686