Sign-up

VARIoT news about IoT security

Synology BeeStation 0-Day Vulnerability Let Remote Attackers Execute

Trust: 4.75

Fetched: Nov. 14, 2025, 9:21 a.m., Published: Nov. 12, 2025, 12:50 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
vendor: snort model: snort
db: NVD ids: CVE-2025-12686

Cisco Catalyst Center REST API Command Injection Vulnerability

Trust: 5.25

Fetched: Nov. 14, 2025, 9:21 a.m., Published: Nov. 13, 2025, 3:55 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: catalyst

Device Exposure - Sophos Central Admin

Trust: 3.0

Fetched: Nov. 14, 2025, 9:21 a.m., Published: Oct. 24, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sophos model: endpoint protection

Cisco Catalyst Center Cross-Site Scripting Vulnerability

Trust: 5.25

Fetched: Nov. 14, 2025, 9:20 a.m., Published: Nov. 13, 2025, 3:55 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: catalyst

Update: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities | CISA

Trust: 3.25

Fetched: Nov. 14, 2025, 9:20 a.m., Published: Sept. 14, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: firepower

BadCandy Threat - Cisco IOS XE Web UI Vulnerability (CVE-2023-20198): Status and Response Guide

Trust: 4.0

Fetched: Nov. 14, 2025, 9:20 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
db: NVD ids: CVE-2023-20198

CVE-2025-43418 - Apple iOS and iPadOS Locked Device Information Exposure Vulnerability | Volerion Advisory

Trust: 5.25

Fetched: Nov. 14, 2025, 9:19 a.m., Published: Nov. 4, 2025, midnight
 Vulnerabilities: information exposure
Affected productsExternal IDs
db: NVD ids: CVE-2025-43418

CISA urges immediate patching of Cisco ASA and Firepower devices due to active zero-day exploits - Industrial Cyber

Trust: 4.5

Fetched: Nov. 14, 2025, 9:18 a.m., Published: Nov. 13, 2025, 1:58 p.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: cisco model: network access control
vendor: cisco model: cisco identity services engine
vendor: cisco model: asa software
vendor: cisco model: firepower
vendor: cisco model: identity services engine
db: NVD ids: CVE-2025-5777, CVE-2025-20333, CVE-2025-20337, CVE-2025-20362

Why Enterprises Trust ManageEngine Endpoint Central For Unified Device Management

Trust: 3.75

Fetched: Nov. 14, 2025, 9:17 a.m., Published: Nov. 13, 2025, 3:29 a.m.
 Vulnerabilities: script execution
Affected productsExternal IDs
vendor: check point model: endpoint security
vendor: check point model: check point

Identify IoT vulnerabilities and enhance your device security

Trust: 4.0

Fetched: Nov. 14, 2025, 9:17 a.m., Published: -
 Vulnerabilities: default credentials, encryption issue
Affected productsExternal IDs
vendor: google model: home
vendor: google model: google home
vendor: hikvision model: hikvision
vendor: hikvision model: ip cameras

Patch Tuesday: Microsoft fixes actively exploited Windows kernel vulnerability (CVE-2025-62215) - Help Net Security

Trust: 5.25

Fetched: Nov. 14, 2025, 9:16 a.m., Published: Nov. 12, 2025, 11:08 a.m.
 Vulnerabilities: command injection, buffer overflow, code execution...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2025-62215, CVE-2025-60724, CVE-2025-62222, CVE-2025-62199

Update now: November Patch Tuesday fixes Windows zero-day exploited in the wild | Malwarebytes

Trust: 3.75

Fetched: Nov. 14, 2025, 9:16 a.m., Published: Nov. 12, 2025, 11:53 a.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-62215, CVE-2025-60724

Siemens LOGO! 8 BM Devices | CISA

Trust: 3.75

Fetched: Nov. 14, 2025, 9:15 a.m., Published: Nov. 8, 2025, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-40816, CVE-2025-40817, CVE-2025-40815

Synology BeeStation 0-Day Vulnerability Lets Remote Attackers Execute Arbitrary Code

Trust: 5.0

Fetched: Nov. 12, 2025, 9:39 a.m., Published: Nov. 11, 2025, 2:55 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-12686

Ivanti Endpoint Manager Vulnerabilities Let Attackers Write Arbitrary Files

Trust: 4.5

Fetched: Nov. 12, 2025, 9:39 a.m., Published: Nov. 12, 2025, 12:40 p.m.
 Vulnerabilities: privilege escalation, code execution, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2025-10918

DANGER ZONE! Is Your Samsung Galaxy Data STOLEN? Critical 9.8/10 Vulnerability Targeted Middle East Users with Spyware! - Pune Times Mirror

Trust: 3.5

Fetched: Nov. 12, 2025, 9:36 a.m., Published: Nov. 11, 2025, 11:11 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
db: NVD ids: CVE-2025-21042

CVE-2025-4645 : Arbitrary Code Execution Vulnerability in Axis Devices

Trust: 6.25

Fetched: Nov. 12, 2025, 9:33 a.m., Published: Nov. 11, 2025, 6:45 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: axis model: axis
db: NVD ids: CVE-2025-4645

Update Canonical Ubuntu Server: USN-7860-2: Linux kernel (Real-time) vulnerability

Trust: 3.25

Fetched: Nov. 12, 2025, 9:32 a.m., Published: Feb. 12, 7860, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Samsung Security Snafu: Galaxy Devices Hit by Zero-Day Vulnerability Exploit - The Nimble Nerd

Trust: 3.0

Fetched: Nov. 12, 2025, 9:32 a.m., Published: Nov. 11, 2025, 9:24 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: galaxy
vendor: samsung model: samsung

CVE-2025-8108 : Privilege Escalation Vulnerability in Axis Devices due to Improper ACAP Configuration

Trust: 5.25

Fetched: Nov. 12, 2025, 9:32 a.m., Published: Nov. 11, 2025, 7:10 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: axis model: axis
db: NVD ids: CVE-2025-8108