Sign-up

VARIoT news about IoT security

Cisco ISE maximum severity flaw lets hackers execute root code | TechRadar

Trust: 4.0

Fetched: July 25, 2025, 9:50 a.m., Published: July 17, 2025, 5 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco identity services engine
vendor: cisco model: identity services engine
db: NVD ids: CVE-2025-20337

Critical Arbitrary File Upload Vulnerability in SonicWall SMA 100 Series Devices

Trust: 5.25

Fetched: July 25, 2025, 9:43 a.m., Published: July 23, 2025, 2:59 p.m.
 Vulnerabilities: file upload vulnerability
Affected productsExternal IDs
vendor: sonicwall model: sma 100

TP-Link Network Video Recorder Vulnerability Let Attackers Execute Arbitrary Commands - HEAL Security Inc. - Cyber Threat Intelligence for the Healthcare Sector

Trust: 5.0

Fetched: July 25, 2025, 9:42 a.m., Published: July 24, 2025, 5:31 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-7723, CVE-2025-7724

CVE-2025-27210: Node.js Vulnerability in Path API for Windows Device Names

Trust: 3.75

Fetched: July 25, 2025, 9:41 a.m., Published: July 22, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: node.js model: node.js
db: NVD ids: CVE-2025-23084, CVE-2025-27210

Update Canonical Ubuntu Desktop: USN-7651-2: Linux kernel vulnerabilities

Trust: 3.0

Fetched: July 25, 2025, 9:41 a.m., Published: Feb. 25, 7651, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Cisco patches critical CVE-2025-20337 bug in Identity Services Engine with CVSS 10 Severity

Trust: 4.75

Fetched: July 25, 2025, 9:40 a.m., Published: July 17, 2025, 10:29 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine
db: NVD ids: CVE-2025-203373, CVE-2025-20282, CVE-2025-20337, CVE-2025-20281

CVE-2025-7433: Local Privilege Escalation Vulnerability in Sophos Intercept X for Windows - Cybersecurity Exploit Tracker by Ameeba

Trust: 5.0

Fetched: July 25, 2025, 9:40 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2025-7433

CVE-2025-7794: Remote Stack-based Buffer Overflow Vulnerability in Tenda FH451 - Cybersecurity Exploit Tracker by Ameeba

Related entries in the VARIoT vulnerabilities database: VAR-202507-2364

Trust: 5.75

Fetched: July 25, 2025, 9:39 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: denial of service, buffer overflow, code execution
Affected productsExternal IDs
vendor: essential model: phone
db: NVD ids: CVE-2025-7794

TP-Link NVR Update: Command Injection Flaws Expose Devices to Remote Code Execution

Trust: 5.0

Fetched: July 25, 2025, 9:20 a.m., Published: July 24, 2025, 12:40 a.m.
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-7723, CVE-2025-7724

Kandji helps secure Apple enterprise with Vulnerability Response - Computerworld

Trust: 3.0

Fetched: July 25, 2025, 9:20 a.m., Published: July 23, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos

CVE-2025-31700 & CVE-2025-31701: Buffer Overflow Flaws in Dahua IP Cameras Expose Devices to RCE

Trust: 6.5

Fetched: July 25, 2025, 9:19 a.m., Published: July 24, 2025, 12:10 a.m.
 Vulnerabilities: service disruption, buffer overflow, code execution
Affected productsExternal IDs
vendor: dahua model: ip camera
vendor: dahua model: camera
vendor: dahua technology model: ip camera
vendor: dahua technology model: camera
db: NVD ids: CVE-2025-31701, CVE-2025-31700

CVE-2025-27210 : Node.js Vulnerability Affecting Windows Device Names

Trust: 5.0

Fetched: July 23, 2025, 12:42 p.m., Published: July 18, 2025, 10:54 p.m.
 Vulnerabilities: service disruption
Affected productsExternal IDs
vendor: node.js model: node.js
db: NVD ids: CVE-2025-27210, CVE-2025-23084

Network Penetration Testing : A Detailed Guide

Trust: 3.0

Fetched: July 23, 2025, 12:36 p.m., Published: March 28, 2024, 1:09 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

CVE-2025-7723 : Command Injection Vulnerability in VIGI NVR Products by TP-Link

Trust: 4.0

Fetched: July 23, 2025, 12:31 p.m., Published: July 22, 2025, 8:42 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-7723

Sophos Intercept X for Windows Vulnerabilities Enable Arbitrary Code Execution

Trust: 5.5

Fetched: July 23, 2025, 12:30 p.m., Published: July 18, 2025, 1:21 p.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
vendor: sophos model: intercept x endpoint
db: NVD ids: CVE-2025-7433, CVE-2025-7472, CVE-2024-13972

CVE-2025-48733 : Unauthorized Access Vulnerability in DuraComm SPM-500

Trust: 3.0

Fetched: July 23, 2025, 12:30 p.m., Published: July 22, 2025, 9:35 p.m.
 Vulnerabilities: access control vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2025-48733

CERT-EU - Critical Vulnerabilities in Cisco ISE

Trust: 4.0

Fetched: July 23, 2025, 12:24 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: identity services engine
db: NVD ids: CVE-2025-20281, CVE-2025-20282, CVE-2025-20337

Citrix NetScaler - Memory Leak (CVE-2025-5777) - Vulnerability & Exploit Database

Trust: 6.0

Fetched: July 23, 2025, 12:23 p.m., Published: July 7, 2025, midnight
 Vulnerabilities: memory leak
Affected productsExternal IDs
vendor: citrix model: netscaler
db: NVD ids: CVE-2025-5777

How DeviceTotal Discovered a Fortinet Vulnerability That NVD Didn't Notice - CoreWin

Trust: 3.0

Fetched: July 23, 2025, 12:23 p.m., Published: July 22, 2025, 10:31 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-22862

Google Patched Chrome Zero-Day That Allowed Sandbox Escape

Trust: 4.5

Fetched: July 23, 2025, 12:22 p.m., Published: July 21, 2025, 10:52 a.m.
 Vulnerabilities: heap corruption, integer overflow
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: android
vendor: google model: chrome
db: NVD ids: CVE-2025-7656, CVE-2025-6558, CVE-2025-7657