Sign-up

VARIoT news about IoT security

CISA Warns of Android 0-Day Use-After-Free Vulnerability Exploited in

Trust: 5.0

Fetched: Sept. 9, 2025, 9:14 a.m., Published: Sept. 8, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-48543

Microsoft Patch Tuesday August 2025 Released - 107 Vulnerabilities Fixed, Including 35 RCE

Trust: 3.75

Fetched: Sept. 9, 2025, 9:13 a.m., Published: Aug. 12, 2025, 5:32 p.m.
 Vulnerabilities: denial of service, information disclosure, cross-site scripting...
Affected productsExternal IDs
db: NVD ids: CVE-2025-53136, CVE-2025-53732, CVE-2025-49736, CVE-2025-53786, CVE-2025-53769, CVE-2025-49755, CVE-2025-50161, CVE-2025-50156, CVE-2025-53734, CVE-2025-50160, CVE-2025-53138, CVE-2025-53772, CVE-2025-50158, CVE-2025-49745, CVE-2025-53723, CVE-2025-49759, CVE-2025-53728, CVE-2025-53737, CVE-2025-49761, CVE-2025-53766, CVE-2025-25005, CVE-2025-50176, CVE-2025-53722, CVE-2025-53155, CVE-2025-53153, CVE-2025-53778, CVE-2025-25007, CVE-2025-33051, CVE-2025-50157, CVE-2025-53133, CVE-2025-53735, CVE-2025-50163, CVE-2025-53151, CVE-2025-53144, CVE-2025-53142, CVE-2025-53140, CVE-2025-50162, CVE-2025-53733, CVE-2025-50171, CVE-2025-49758, CVE-2025-53738, CVE-2025-53716, CVE-2025-53783, CVE-2025-53721, CVE-2025-49751, CVE-2025-53724, CVE-2025-50154, CVE-2025-50153, CVE-2025-50170, CVE-2025-25006, CVE-2025-53781, CVE-2025-49743, CVE-2025-53741, CVE-2025-53759, CVE-2025-50159, CVE-2025-53145, CVE-2025-53789, CVE-2025-49707, CVE-2025-53719, CVE-2025-53131, CVE-2025-53739, CVE-2025-50166, CVE-2025-53148, CVE-2025-53141, CVE-2025-50155, CVE-2025-50168, CVE-2025-50177, CVE-2025-53143, CVE-2025-53726, CVE-2025-53137, CVE-2025-48807, CVE-2025-49757, CVE-2025-53736, CVE-2025-50164, CVE-2025-53761, CVE-2025-24999, CVE-2025-50169, CVE-2025-53727, CVE-2025-53793, CVE-2025-47954, CVE-2025-53152, CVE-2025-53779, CVE-2025-53731, CVE-2025-53132, CVE-2025-53765, CVE-2025-53788, CVE-2025-53740, CVE-2025-53135, CVE-2025-53147, CVE-2025-53156, CVE-2025-50172, CVE-2025-53729, CVE-2025-53784, CVE-2025-53725, CVE-2025-53134, CVE-2025-53773, CVE-2025-53149, CVE-2025-50167, CVE-2025-53730, CVE-2025-50165, CVE-2025-53760, CVE-2025-53154, CVE-2025-49762, CVE-2025-53720, CVE-2025-53718, CVE-2025-49712, CVE-2025-50173

CVE-2025-10093 - D-Link DIR-852 Device Configuration getcfg.php phpcgi_main information disclosure - SecAlerts

Trust: 5.0

Fetched: Sept. 9, 2025, 9:12 a.m., Published: -
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: d-link model: dir-852
db: NVD ids: CVE-2025-10093

WhatsApp Zero-Click Vulnerability - Review | Security Curated

Trust: 4.75

Fetched: Sept. 9, 2025, 9:11 a.m., Published: Sept. 2, 2025, 3:10 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2025-55177, CVE-2025-43300

Apple Confirms Critical 0-Day Under Active Attack - Immediate Update Urged

Trust: 4.75

Fetched: Sept. 9, 2025, 9:11 a.m., Published: Aug. 21, 2025, 6:06 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: ipad
vendor: apple model: software update
db: NVD ids: CVE-2025-43300

Honeywell OneWireless Wireless Device Manager (WDM) | CISA

Trust: 3.75

Fetched: Sept. 9, 2025, 9:10 a.m., Published: Sept. 1, 2025, midnight
 Vulnerabilities: buffer overread, denial of service, information exposure...
Affected productsExternal IDs
db: NVD ids: CVE-2025-2522, CVE-2025-2521, CVE-2025-3946, CVE-2025-2523

Android's September Security Nightmare: Critical Vulnerabilities Leave Millions Exposed | Technobezz

Trust: 5.75

Fetched: Sept. 9, 2025, 9:10 a.m., Published: Sept. 6, 2025, 7:36 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: google model: wifi
db: NVD ids: CVE-2025-38352, CVE-2025-48539

Apple rushes out fix for active zero-day in iOS and macOS • The Register

Trust: 4.75

Fetched: Sept. 9, 2025, 9:08 a.m., Published: -
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: icloud
vendor: apple model: macos
db: NVD ids: CVE-2025-43300

CISA Warns of Critical SunPower Device Vulnerability Let Attackers Gain Full Device Access

Trust: 3.0

Fetched: Sept. 9, 2025, 9:08 a.m., Published: Sept. 3, 2025, 7:43 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-9696

Security Vulnerability Exposes Medtronic MyCareLink Patient Monitors to Attacks

Trust: 4.75

Fetched: Sept. 9, 2025, 9:07 a.m., Published: Sept. 2, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: medtronic model: mycarelink patient monitor
db: NVD ids: CVE-2025-4395

Reset your Android device to factory settings - Android Help

Trust: 3.0

Fetched: Sept. 9, 2025, 9:06 a.m., Published: Sept. 9, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

CISA Warns of WhatsApp 0-Day Vulnerability Exploited in Attacks

Trust: 3.0

Fetched: Sept. 5, 2025, 10 a.m., Published: Sept. 4, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-55177

Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center: Software Vulnerability Information: Software: Hitachi

Trust: 3.75

Fetched: Sept. 5, 2025, 10 a.m., Published: Oct. 9, 2002, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hitachi model: hitachi compute systems manager
vendor: hitachi model: tuning manager
vendor: hitachi model: hitachi global link manager
vendor: hitachi model: ops center analyzer viewpoint
vendor: hitachi model: hitachi tuning manager
vendor: hitachi model: hitachi ops center common services
vendor: hitachi model: ops center common services
vendor: hitachi model: hitachi ops center analyzer viewpoint
vendor: hitachi model: device manager
vendor: hitachi model: compute systems manager
vendor: hitachi model: hitachi replication manager
vendor: hitachi model: hitachi tiered storage manager
vendor: hitachi model: global link manager
vendor: hitachi model: tiered storage manager
vendor: hitachi model: hitachi device manager
vendor: hitachi model: replication manager
vendor: hitachi model: hitachi infrastructure analytics advisor
db: NVD ids: CVE-2025-30749, CVE-2025-50106, CVE-2025-30754, CVE-2025-50059, CVE-2025-30761

Endpoint Protection Services: Types & Key Features

Trust: 3.5

Fetched: Sept. 5, 2025, 9:57 a.m., Published: Sept. 2, 2025, 6:44 a.m.
 Vulnerabilities: cross-site scripting, denial of service, sql injection
Affected productsExternal IDs

MediaTek Security Update - Patch for Multiple Vulnerabilities Across

Trust: 3.5

Fetched: Sept. 5, 2025, 9:56 a.m., Published: Sept. 3, 2025, midnight
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: snort model: snort

Hackers Scan Cisco ASA Devices for Known Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202007-1057, VAR-202005-0696

Trust: 4.5

Fetched: Sept. 5, 2025, 9:56 a.m., Published: Sept. 5, 2025, 8:47 a.m.
 Vulnerabilities: default credentials, session hijacking, information disclosure
Affected productsExternal IDs
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: asa software
vendor: cisco model: adaptive security appliance
vendor: google model: chrome
db: NVD ids: CVE-2020-3452, CVE-2020-3259

CISA Alerts - Critical SunPower Vulnerability Could Grant Attackers Full Device Control

Trust: 3.0

Fetched: Sept. 5, 2025, 9:55 a.m., Published: Sept. 3, 2025, 11:09 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-9696

CVE-2025-38683 - hv_netvsc: Fix panic during namespace deletion with VF - SecAlerts

Trust: 3.0

Fetched: Sept. 5, 2025, 9:55 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-38683

CVE-2025-36900 : Out-of-Bounds Write Vulnerability in Android Pixel Devices

Trust: 3.0

Fetched: Sept. 5, 2025, 9:54 a.m., Published: Sept. 4, 2025, 4:56 a.m.
 Vulnerabilities: integer overflow, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2025-36900

CVE-2025-9483: Critical Buffer Overflow Vulnerability in Linksys Devices - Cybersecurity Exploit Tracker by Ameeba

Related entries in the VARIoT vulnerabilities database: VAR-202508-2330

Trust: 5.5

Fetched: Sept. 5, 2025, 9:54 a.m., Published: Sept. 3, 2025, 4:34 a.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: linksys model: re6500
vendor: linksys model: re6300
db: NVD ids: CVE-2025-9483