VARIoT latest news about IoT security

CVE-2026-1281, CVE-2026-1340: Ivanti Endpoint Manager Mobile (EPMM) Zero-Day Vulnerabilities Exploited - Blog \| Tenable® Trust: 5.0 Fetched: Feb. 1, 2026, 9:21 a.m., Published: Jan. 30, 2026, 6:42 p.m.	Vulnerabilities: code execution, code injection

Affected products

External IDs

db:

NVD

ids:

CVE-2026-1340, CVE-2026-1281

Microsoft rolled out January 2026 firmware updates for Surface Laptop Studio 2 Trust: 3.5 Fetched: Feb. 1, 2026, 9:20 a.m., Published: Jan. 27, 2026, 5 a.m.	Vulnerabilities: information disclosure, denial of service, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2025-23286, CVE-2024-44074, CVE-2024-0146, CVE-2025-23309, CVE-2024-21864, CVE-2025-23276, CVE-2025-23345, CVE-2025-23288, CVE-2025-23281, CVE-2024-0150, CVE-2025-23347

Analysis of Single Sign-On Abuse on FortiOS \| Fortinet Blog Trust: 3.75 Fetched: Feb. 1, 2026, 9:19 a.m., Published: Jan. 22, 2026, 6:44 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2025-59718, CVE-2025-59719

Bluetooth Fast Pair Vulnerability Exposes Devices to Hacking Risks - UBOS Tech Analysis - UBOS Trust: 3.0 Fetched: Feb. 1, 2026, 9:19 a.m., Published: Jan. 18, 2026, 2:35 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

CISA Warns of FortiCloud SSO Authentication Bypass Vulnerability Actively Exploited in the Wild - Digital Warfare Trust: 3.5 Fetched: Feb. 1, 2026, 9:18 a.m., Published: Jan. 30, 2026, 11:43 a.m.	Vulnerabilities: code execution, authentication bypass, memory corruption

Affected products	External IDs

Device Vulnerability Management Consumption Market Key Trends Driving Global Expansion \| United Kingdom \| Japan \| France \| Germany Trust: 3.5 Fetched: Feb. 1, 2026, 9:17 a.m., Published: March 1, 2026, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	palo alto networks	model:	networks

Update Canonical Ubuntu Server: USN-7978-1: GNU Screen vulnerabilities Trust: 6.0 Fetched: Jan. 30, 2026, 9:43 a.m., Published: Jan. 30, 7978, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2025-46804, CVE-2025-46805, CVE-2023-24626, CVE-2025-46802

Update Canonical Ubuntu Desktop: USN-7973-1: cJSON vulnerabilities Trust: 6.0 Fetched: Jan. 30, 2026, 9:43 a.m., Published: Jan. 30, 7973, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2023-53154, CVE-2025-57052, CVE-2023-26819

Update Canonical Ubuntu Server: USN-7977-1: Git LFS vulnerabilities Trust: 4.0 Fetched: Jan. 30, 2026, 9:42 a.m., Published: Jan. 30, 7977, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2024-53263, CVE-2025-26625

Update Canonical Ubuntu Desktop: USN-7981-1: wlc vulnerabilities Trust: 4.25 Fetched: Jan. 30, 2026, 9:42 a.m., Published: Jan. 30, 7981, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2026-22250, CVE-2026-22251

H-ISAC TLP White Active Exploitations of an Authentication Bypass Vulnerability \| AHA Trust: 3.25 Fetched: Jan. 30, 2026, 9:42 a.m., Published: Jan. 28, 2026, 2:13 p.m.	Vulnerabilities: authentication bypass

Affected products	External IDs

Why Default Passwords Are Still the Biggest Cybersecurity Risk in 2026 - Shunyatax Global Trust: 4.0 Fetched: Jan. 30, 2026, 9:41 a.m., Published: Jan. 30, 2026, midnight	Vulnerabilities: default credentials

Affected products	External IDs

Update Canonical Ubuntu Desktop: USN-7980-1: OpenSSL vulnerabilities Trust: 6.0 Fetched: Jan. 30, 2026, 9:39 a.m., Published: Jan. 30, 7980, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2025-15467, CVE-2025-69418, CVE-2025-68160, CVE-2025-66199, CVE-2025-11187, CVE-2026-22795, CVE-2026-22796, CVE-2025-15468, CVE-2025-69421, CVE-2025-69420, CVE-2025-69419, CVE-2025-15469

Multiple Vulnerabilities in Ivanti Endpoint Manager Mobile Could Allow for Remote Code Execution Trust: 3.0 Fetched: Jan. 30, 2026, 9:35 a.m., Published: Jan. 30, 2026, midnight	Vulnerabilities: code execution

Affected products	External IDs

CVE-2025-26785: Critical Buffer Overflow Vulnerability in Samsung Mobile and Wearable Processors - Ameeba Exploit Tracker Trust: 5.5 Fetched: Jan. 30, 2026, 9:35 a.m., Published: Nov. 30, 0001, midnight	Vulnerabilities: code execution, system crash, buffer overflow

Affected products

External IDs

vendor:	samsung	model:	mobile
vendor:	samsung	model:	samsung
vendor:	samsung	model:	samsung mobile
vendor:	samsung	model:	exynos

db:

NVD

ids:

CVE-2025-26785

XSS vulnerability in LiveHelperChat and CVE-2026-0483 Trust: 4.75 Fetched: Jan. 30, 2026, 9:34 a.m., Published: Jan. 28, 2026, 9:32 a.m.	Vulnerabilities: cross-site scripting

Affected products

External IDs

db:

NVD

ids:

CVE-2026-0483

CVE-2025-15543 - Read-Only Root Access via USB Storage Device in TP-Link VX800v Trust: 3.0 Fetched: Jan. 30, 2026, 9:33 a.m., Published: Jan. 29, 2026, 7:16 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-15543

Fortinet 2026 FortiCloud SSO Authentication Bypass Breach Trust: 5.0 Fetched: Jan. 30, 2026, 9:32 a.m., Published: Jan. 30, 2026, midnight	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2026-24858

CVE-2025-48647 : Memory Overwrite Vulnerability in Google Pixel Products Trust: 6.25 Fetched: Jan. 30, 2026, 9:29 a.m., Published: Jan. 16, 2026, 6:19 p.m.	Vulnerabilities: memory overwrite

Affected products

External IDs

vendor:

google

model:

pixel

db:

NVD

ids:

CVE-2025-48647

Microsoft rolled out new firmware updates (January 26, 2026) for Surface Pro 10 Trust: 3.75 Fetched: Jan. 30, 2026, 9:28 a.m., Published: Jan. 26, 2026, midnight	Vulnerabilities: information disclosure, denial of service, authentication bypass

Affected products	External IDs

VARIoT news about IoT security