VARIoT latest news about IoT security

CISA Adds ASUS Embedded Malicious Code Vulnerability to KEV List Following Trust: 3.5 Fetched: Dec. 19, 2025, 9:46 a.m., Published: Dec. 19, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	asus	model:	asus
vendor:	snort	model:	snort

db:

NVD

ids:

CVE-2025-59374

CVE-2025-11901 - ASUS Motherboard Intel Chipset DMA Resource Consumption Vulnerability Trust: 5.25 Fetched: Dec. 19, 2025, 9:46 a.m., Published: Dec. 17, 2025, 5:16 a.m.	Vulnerabilities: resource consumption vulnerability

Affected products

External IDs

vendor:

asus

model:

asus

db:

NVD

ids:

CVE-2025-11901

CVE-2025-34449 - Genymobile/scrcpy <= 3.3.3 Global Buffer Overflow - SecAlerts Trust: 4.5 Fetched: Dec. 19, 2025, 9:46 a.m., Published: -	Vulnerabilities: denial of service, buffer overflow, memory corruption

Affected products

External IDs

db:

NVD

ids:

CVE-2025-34449

CVE-2025-40898 - Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0 - SecAlerts Trust: 6.0 Fetched: Dec. 19, 2025, 9:45 a.m., Published: -	Vulnerabilities: path traversal

Affected products

External IDs

vendor:

nozominetworks

model:

guardian

db:

NVD

ids:

CVE-2025-40898

CVE-2025-56124 - Command Injection - SecAlerts Trust: 3.25 Fetched: Dec. 19, 2025, 9:45 a.m., Published: -	Vulnerabilities: command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2025-56124

CVE-2025-14748 : Access Control Vulnerability in Ningyuanda TC155 ONVIF Device Management Service Trust: 3.5 Fetched: Dec. 19, 2025, 9:45 a.m., Published: Dec. 16, 2025, 3:02 a.m.	Vulnerabilities: access control vulnerability

Affected products

External IDs

db:

NVD

ids:

CVE-2025-14748

React2Shell and related RSC vulnerabilities threat brief: early exploitation activity and threat actor techniques Trust: 4.75 Fetched: Dec. 19, 2025, 9:44 a.m., Published: Dec. 11, 2025, 4:20 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

node.js

model:

node.js

db:

NVD

ids:

CVE-2025-55182, CVE-2025-55184, CVE-2025-67779, CVE-2025-55183

Google Chrome Zero-Day Patch Released (Dec 11 2025) Trust: 3.0 Fetched: Dec. 19, 2025, 9:44 a.m., Published: Dec. 11, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	google chrome
vendor:	google	model:	chrome

CVE-2025-28170: Grandstream Networks GXP1628 Incorrect Access Control Vulnerability - Ameeba Exploit Tracker Trust: 4.75 Fetched: Dec. 19, 2025, 9:44 a.m., Published: Nov. 30, 0001, midnight	Vulnerabilities: access control vulnerability

Affected products

External IDs

vendor:	grandstream	model:	gxp1628
vendor:	grandstream networks	model:	gxp1628

db:

NVD

ids:

CVE-2025-28170

Cybersecurity News Weekly Newsletter - Windows, Chrome, and Apple 0-days, Kali Linux 2025.4, and MITRE Top 25 Trust: 4.25 Fetched: Dec. 19, 2025, 9:42 a.m., Published: Dec. 14, 2025, 2:46 p.m.	Vulnerabilities: command injection, cross-site scripting, privilege escalation...

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	google	model:	chrome
vendor:	google	model:	google chrome
vendor:	apple	model:	safari
vendor:	apple	model:	watch
vendor:	apple	model:	macos
vendor:	cisco	model:	cisco ios
vendor:	essential	model:	phone
vendor:	watchguard	model:	fireware
vendor:	watchguard	model:	firebox

db:

NVD

ids:

CVE-2025-55182, CVE-2023-52076

CVE-2025-68187 - net: mdio: Check regmap pointer returned by device_node_to_regmap() - SecAlerts Trust: 3.0 Fetched: Dec. 19, 2025, 9:42 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-68187

Apple Issues Security Updates After Two WebKit Zero-Day Flaws Exploited in the Wild Related entries in the VARIoT vulnerabilities database: VAR-202501-3666 Trust: 4.5 Fetched: Dec. 19, 2025, 9:41 a.m., Published: Dec. 16, 2025, 6:28 a.m.	Vulnerabilities: privilege escalation, code execution, memory corruption...

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	apple	model:	watch
vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	apple	model:	ipad
vendor:	apple	model:	watchos
vendor:	apple	model:	apple tv
vendor:	apple	model:	webkit
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad air
vendor:	apple	model:	tvos
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2025-31200, CVE-2025-43200, CVE-2025-24085, CVE-2025-14174, CVE-2025-31201, CVE-2025-43300, CVE-2025-43529, CVE-2025-24201, CVE-2025-24200

CVE-2025-10910 - Gaining remote control over Govee devices - SecAlerts Trust: 3.25 Fetched: Dec. 19, 2025, 9:41 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-10910

Apple Patches Two Actively Exploited Zero-Day WebKit Vulnerabilities Trust: 4.25 Fetched: Dec. 19, 2025, 9:40 a.m., Published: Dec. 14, 2025, 8:20 a.m.	Vulnerabilities: cross-site scripting, code execution, memory corruption

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	apple	model:	watchos
vendor:	apple	model:	webkit
vendor:	apple	model:	iphone
vendor:	apple	model:	tvos

db:

NVD

ids:

CVE-2025-43520, CVE-2025-43510, CVE-2025-14174, CVE-2025-43300, CVE-2025-43529, CVE-2025-24201

Apple covers up two zero-day vulnerabilities in WebKit exploited in targeted attacks Related entries in the VARIoT vulnerabilities database: VAR-202501-3666 Trust: 4.25 Fetched: Dec. 19, 2025, 9:39 a.m., Published: Dec. 18, 2025, 9:56 p.m.	Vulnerabilities: memory access problem, privilege escalation, memory corruption...

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	apple	model:	watch
vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	apple	model:	ipad
vendor:	apple	model:	watchos
vendor:	apple	model:	software update
vendor:	apple	model:	apple tv
vendor:	apple	model:	webkit
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad air
vendor:	apple	model:	tvos

db:

NVD

ids:

CVE-2025-31200, CVE-2025-43200, CVE-2025-24085, CVE-2025-14174, CVE-2025-31201, CVE-2025-43300, CVE-2025-43529, CVE-2025-24201, CVE-2025-24200, CVE-2025-46285

WatchGuard 0-day Vulnerability Exploited in the Wild to Hijack Firewalls Trust: 3.75 Fetched: Dec. 19, 2025, 9:38 a.m., Published: Dec. 19, 2025, 8:31 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	watchguard	model:	firebox
vendor:	watchguard	model:	fireware

db:

NVD

ids:

CVE-2025-14733

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances Trust: 4.75 Fetched: Dec. 19, 2025, 9:37 a.m., Published: Dec. 18, 2025, 4:10 a.m.	Vulnerabilities: default administrator password

Affected products

External IDs

vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	ssl vpn
vendor:	palo alto networks	model:	palo alto networks globalprotect
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	networks globalprotect
vendor:	cisco	model:	asyncos
vendor:	cisco	model:	management appliance
vendor:	cisco	model:	nexus
vendor:	cisco	model:	asyncos software
vendor:	cisco	model:	cisco asyncos
vendor:	palo	model:	firewall
vendor:	palo	model:	ssl vpn
vendor:	palo	model:	palo alto networks globalprotect
vendor:	palo	model:	networks
vendor:	palo	model:	networks globalprotect

db:

NVD

ids:

CVE-2025-20393

Hackers are exploiting critical Fortinet flaws days after patch release Trust: 6.0 Fetched: Dec. 19, 2025, 9:36 a.m., Published: Dec. 16, 2025, 3:40 p.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2025-59719, CVE-2025-59718

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw Trust: 5.5 Fetched: Dec. 19, 2025, 9:36 a.m., Published: Dec. 18, 2025, 9:11 p.m.	Vulnerabilities: authentication bypass, information disclosure, directory traversal...

Affected products

External IDs

vendor:	hewlett packard enterprise	model:	synergy
vendor:	hewlett packard	model:	synergy

db:

NVD

ids:

CVE-2025-37093, CVE-2025-37164

About the security content of iOS 26.2 and iPadOS 26.2 - Apple Support Trust: 5.25 Fetched: Dec. 19, 2025, 9:35 a.m., Published: Dec. 26, 2025, midnight	Vulnerabilities: integer overflow, information disclosure, user interface issue...

Affected products

External IDs

vendor:	apple	model:	ipad
vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	safari
vendor:	trend micro	model:	security
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2025-43536, CVE-2025-46288, CVE-2025-43532, CVE-2025-46287, CVE-2025-43539, CVE-2025-43538, CVE-2025-43542, CVE-2025-46292, CVE-2025-43475, CVE-2025-43511, CVE-2024-7264, CVE-2025-43541, CVE-2025-43529, CVE-2025-43533, CVE-2025-43518, CVE-2025-14174, CVE-2025-46279, CVE-2025-46277, CVE-2025-43501, CVE-2025-46285, CVE-2025-43428, CVE-2025-9086, CVE-2025-43535, CVE-2025-46276, CVE-2025-5918, CVE-2025-43531

VARIoT news about IoT security