Sign-up

VARIoT news about IoT security

Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass

Trust: 6.0

Fetched: Dec. 19, 2025, 9:35 a.m., Published: Dec. 16, 2025, 10:58 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2025-59719, CVE-2025-59718

WatchGuard Firebox iked Out of Bounds Write Vulnerability | WatchGuard Technologies

Trust: 3.5

Fetched: Dec. 19, 2025, 9:28 a.m., Published: Dec. 18, 2025, midnight
 Vulnerabilities: process crash
Affected productsExternal IDs
vendor: watchguard model: firebox
vendor: watchguard model: watchguard fireware
vendor: watchguard model: fireware

Fortinet FortiWeb Vulnerability (CVE-2025-64446) Exploited in the Wild for

Trust: 4.5

Fetched: Dec. 19, 2025, 12:15 a.m., Published: Dec. 17, 2025, 11:38 a.m.
 Vulnerabilities: path traversal, authentication bypass, security bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-64446

GitHub - thesystemowner/CVE-2025-20393-POC: This scanner detects Cisco SEG/SEWM appliances vulnerable to CVE-2025-20393, a critical unauthenticated RCE vulnerability in Cisco AsyncOS affecting devices with Spam Quarantine feature exposed to the internet. CVSS Score: 10.0 (Critical)

Trust: 4.0

Fetched: Dec. 19, 2025, 12:15 a.m., Published: Dec. 10, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: asyncos
vendor: cisco model: cisco asyncos
db: NVD ids: CVE-2025-20393

SolisCloud Monitoring Platform | CISA

Trust: 4.0

Fetched: Dec. 19, 2025, 12:12 a.m., Published: Dec. 1, 2025, midnight
 Vulnerabilities: access control vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2025-13932

CISA Warns of Apple WebKit Vulnerability 0-Day Vulnerability Exploited in

Trust: 4.5

Fetched: Dec. 19, 2025, 12:12 a.m., Published: Dec. 17, 2025, 11:36 a.m.
 Vulnerabilities: system crash, privilege escalation, code execution...
Affected productsExternal IDs
vendor: cisco model: umbrella
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: watchos
vendor: apple model: webkit
db: NVD ids: CVE-2025-43529

Google’s latest Android security update fixes two actively exploited flaws

Trust: 5.0

Fetched: Dec. 19, 2025, 12:06 a.m., Published: Dec. 2, 2025, 10:23 a.m.
 Vulnerabilities: denial of service, information disclosure
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-47372, CVE-2025-48633, CVE-2025-48572, CVE-2025-47319

Three IoT Architecture Layers in Modern Systems - KITRUM

Trust: 3.75

Fetched: Dec. 19, 2025, 12:05 a.m., Published: Nov. 25, 2025, 4:28 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: roku model: roku

CISA Warns of D-Link Routers Buffer Overflow Vulnerability Exploited in Attacks

Trust: 4.75

Fetched: Dec. 19, 2025, 12:05 a.m., Published: Dec. 9, 2025, 8:20 a.m.
 Vulnerabilities: improper memory management, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2022-37055

Critical WatchGuard Firebox Vulnerabilities Let Attackers Bypass Integrity Checks and Inject Malicious Codes

Trust: 5.5

Fetched: Dec. 19, 2025, 12:05 a.m., Published: Dec. 8, 2025, 10:55 a.m.
 Vulnerabilities: session hijacking, code execution, cross-site scripting...
Affected productsExternal IDs
vendor: trend model: security
vendor: watchguard model: fireware
vendor: watchguard model: firebox
db: NVD ids: CVE-2025-13939, CVE-2025-12195, CVE-2025-1545, CVE-2025-13937, CVE-2025-12196, CVE-2025-13936, CVE-2025-13938, CVE-2025-12026, CVE-2025-13940, CVE-2025-11838

Cacti Command Injection Vulnerability Let Attackers Execute Malicious Code Remotely

Trust: 3.5

Fetched: Dec. 19, 2025, 12:04 a.m., Published: Dec. 5, 2025, 7:36 a.m.
 Vulnerabilities: command execution, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-66399

Threat Protection - Cisco Meraki Documentation

Trust: 3.5

Fetched: Dec. 19, 2025, 12:04 a.m., Published: Oct. 5, 2020, 6:12 p.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: cisco model: sd-wan
vendor: cisco model: advanced malware protection
vendor: cisco model: intrusion prevention system
vendor: snort model: snort

Most Common Wireless Network Attacks - WiFi Attacks Explained

Trust: 4.5

Fetched: Dec. 19, 2025, 12:02 a.m., Published: Dec. 20, 2025, midnight
 Vulnerabilities: default credentials, buffer overflow, weak password
Affected productsExternal IDs
vendor: orange model: livebox

Update Canonical Ubuntu Desktop: USN-7912-1: CUPS vulnerability

Trust: 3.75

Fetched: Dec. 19, 2025, 12:01 a.m., Published: Jan. 19, 7912, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
vendor: cups model: cups
db: NVD ids: CVE-2025-58436

Microsoft Desktop Windows Manager Out-Of-Bounds Vulnerability Let Attackers Escalate Privileges

Trust: 4.75

Fetched: Dec. 19, 2025, 12:01 a.m., Published: Dec. 17, 2025, 3:52 p.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-55681

Apple Releases Urgent Security Updates to Address Exploited WebKit Vulnerabilities - Cyber Warriors Middle East

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 4.5

Fetched: Dec. 19, 2025, 12:01 a.m., Published: Dec. 13, 2025, 5:32 a.m.
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: watchos
vendor: apple model: tvos
vendor: apple model: apple tv
vendor: apple model: iphone
vendor: apple model: watch
vendor: apple model: webkit
vendor: apple model: ipad
db: NVD ids: CVE-2025-24200, CVE-2025-43529, CVE-2025-14174, CVE-2025-24201, CVE-2025-24085

Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users

Trust: 5.5

Fetched: Dec. 19, 2025, 12:01 a.m., Published: Dec. 13, 2025, 2:44 a.m.
 Vulnerabilities: memory corruption, privilege escalation, code execution...
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: software update
vendor: apple model: iphone
db: NVD ids: CVE-2025-43501, CVE-2025-46277, CVE-2025-43538, CVE-2025-5918, CVE-2025-43529, CVE-2024-7264, CVE-2025-14174, CVE-2025-9086, CVE-2025-43541, CVE-2025-46276, CVE-2025-46285

CISA Warns of Iskra iHUB Vulnerability Allowing Remote Device

Trust: 4.5

Fetched: Dec. 19, 2025, midnight, Published: Dec. 3, 2025, 5:45 p.m.
 Vulnerabilities: authentication vulnerability, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-13510

Firmware and Bootloaders Under Attack as Hackers Target Pre-OS Environments - Security Spotlight

Trust: 3.75

Fetched: Dec. 19, 2025, midnight, Published: May 28, 2025, 11:19 a.m.
 Vulnerabilities: detection bypass, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-21894

Update Canonical Ubuntu Desktop: USN-7916-1: python-apt vulnerability

Trust: 4.25

Fetched: Dec. 18, 2025, 11:59 p.m., Published: Jan. 19, 7916, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu