Sign-up

VARIoT news about IoT security

Multiple Vulnerabilities in Fortinet Products Could Allow for Arbitrary Code Execution

Trust: 3.0

Fetched: Jan. 14, 2026, 9:26 a.m., Published: Jan. 13, 2026, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Cisco identifies vulnerability in ISE network access control

Trust: 4.5

Fetched: Jan. 14, 2026, 9:26 a.m., Published: Jan. 9, 2026, 2:11 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: cisco systems model: identity services engine
vendor: cisco systems model: network access control
vendor: cisco model: identity services engine
vendor: cisco model: network access control
db: NVD ids: CVE-2026-20029

One Request to Rule Them All: Critical Trendnet Flaw (CVE-2025-15471) Allows Total Takeover

Trust: 4.5

Fetched: Jan. 14, 2026, 9:25 a.m., Published: Jan. 8, 2026, 12:17 a.m.
 Vulnerabilities: command injection, command execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-15471

Today is the monthly 'Windows Update' day, with patches for Windows 11 and Windows 10, and automatic updates for expired Secure Boot certificates. - GIGAZINE

Trust: 3.0

Fetched: Jan. 14, 2026, 9:24 a.m., Published: Jan. 11, 2026, midnight
 Vulnerabilities: feature bypass, information disclosure, privilege escalation...
Affected productsExternal IDs
db: NVD ids: CVE-2026-20805, CVE-2026-21265, CVE-2023-31096

CVE-2025-71075 - scsi: aic94xx: fix use-after-free in device removal path

Trust: 3.0

Fetched: Jan. 14, 2026, 9:23 a.m., Published: Jan. 13, 2026, 4:16 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-71075

CVE-2025-37166 Hewlett Packard Enterprise (HPE) Instant On CVETodo

Trust: 4.5

Fetched: Jan. 14, 2026, 9:22 a.m., Published: Jan. 13, 2026, 6:16 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: hewlett packard model: integrity
vendor: hewlett packard enterprise model: integrity
db: NVD ids: CVE-2025-37166

CVE-2025-68657 - espressif/usb_host_hid Double-Free Race Condition in USB Host HID Device Close Path

Trust: 3.0

Fetched: Jan. 14, 2026, 9:22 a.m., Published: Jan. 12, 2026, 6:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-68657

CVE-2026-22755 - Remote code injection via upload_map.cgi in Legacy Vivotek Devices

Trust: 4.0

Fetched: Jan. 14, 2026, 9:21 a.m., Published: Jan. 13, 2026, 3:16 p.m.
 Vulnerabilities: code injection, os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-22755

CVE-2026-22755 - Use of default login credentials in Legacy Vivotek Devices - SecAlerts

Trust: 3.75

Fetched: Jan. 14, 2026, 9:20 a.m., Published: -
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-22755

iPhone users urged to check setting for 'product's security' | UK | News | Express.co.uk

Trust: 3.75

Fetched: Jan. 14, 2026, 9:14 a.m., Published: Jan. 13, 2026, 12:55 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: icloud

Buffer Overflow Vulnerabilities in Some Hikvision Products - Security Advisory - Hikvision Global

Trust: 6.0

Fetched: Jan. 14, 2026, 9:14 a.m., Published: Jan. 3, 2026, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: hikvision model: hikvision
db: NVD ids: CVE-2025-66176, CVE-2025-66177

Use Quick Share on your Android device - Android Help

Trust: 3.0

Fetched: Jan. 14, 2026, 9:13 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: wifi
vendor: google model: pixel
vendor: google model: android

Download apps to your Android device - Android Help

Trust: 3.0

Fetched: Jan. 14, 2026, 9:13 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Download apps & digital content - Google Play Help

Trust: 3.0

Fetched: Jan. 14, 2026, 9:12 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

WhatsApp Vulnerabilities Leaks User’s Metadata Including Device’s

Trust: 3.75

Fetched: Jan. 13, 2026, 10:22 a.m., Published: Jan. 6, 2026, 9:58 a.m.
 Vulnerabilities: information exposure
Affected productsExternal IDs
vendor: wireshark model: wireshark

What Is Known Exploited Vulnerabilities Catalog (KEV)?

Trust: 3.5

Fetched: Jan. 13, 2026, 10:21 a.m., Published: Jan. 13, 2025, midnight
 Vulnerabilities: privilege escalation, buffer overflow, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-22457

Cisco Zero-Day Vulnerability Targeted to Deploy Malicious Lua Backdoor on Thousands of Devices - Breach Spot

Related entries in the VARIoT vulnerabilities database: VAR-202103-0773

Trust: 4.75

Fetched: Jan. 13, 2026, 10:21 a.m., Published: Jan. 2, 2026, 5 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
db: NVD ids: CVE-2023-20273, CVE-2023-20198, CVE-2021-1435

Remote Code Execution Vulnerability in React and Next.js Frameworks: December 2025

Trust: 4.75

Fetched: Jan. 13, 2026, 10:20 a.m., Published: Dec. 17, 2025, 10:37 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: finesse
vendor: cisco model: webex
vendor: cisco model: cisco finesse
vendor: cisco model: catalyst
vendor: cisco model: sd-wan
vendor: cisco model: webex meetings
vendor: cisco model: email encryption

PolySwarm’s 2025 Year in Review

Trust: 4.75

Fetched: Jan. 13, 2026, 10:19 a.m., Published: Jan. 13, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: nexus
db: NVD ids: CVE-2025-53771, CVE-2025-55182, CVE-2025-49706, CVE-2025-49704, CVE-2025-53770, CVE-2025-61882

Top 10 Vulnerability Assessment Tools: Features, Pros, Cons & Comparison - Cotocus

Trust: 4.5

Fetched: Jan. 13, 2026, 10:19 a.m., Published: Jan. 2, 2026, 9 a.m.
 Vulnerabilities: sql injection, cross-site scripting
Affected productsExternal IDs
vendor: essential model: phone
db: NVD ids: CVE-2024-1234