VARIoT latest news about IoT security

CVE-2025-14748 - Ningyuanda TC155 IP Camera Unauthenticated Hard Reset Vulnerability via ONVIF Device Management Service \| Volerion Advisory Trust: 3.25 Fetched: Jan. 13, 2026, 10:10 a.m., Published: Jan. 1, 2026, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-14748

CVE-2025-3606: Sensitive Information Exposure Vulnerability in Vestel AC Charger - Ameeba Exploit Tracker Trust: 5.0 Fetched: Jan. 13, 2026, 10:09 a.m., Published: Nov. 30, 0001, midnight	Vulnerabilities: information exposure

Affected products

External IDs

db:

NVD

ids:

CVE-2025-3606

CVE-2026-0855 - Merit LILIN｜IP Camera - OS Command Injection - SecAlerts Trust: 5.0 Fetched: Jan. 13, 2026, 10:08 a.m., Published: -	Vulnerabilities: command injection, os command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2026-0855

CarPlay vulnerability via AirPlay: BMW does not want to patch "Pwn My Ride" \| heise online Trust: 4.0 Fetched: Jan. 13, 2026, 10:08 a.m., Published: Jan. 9, 2026, 10:02 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

software update

db:

NVD

ids:

CVE-2025-24132

Update Canonical Ubuntu Server: USN-7943-1: libcaca vulnerability Trust: 3.25 Fetched: Jan. 13, 2026, 10:08 a.m., Published: Jan. 13, 7943, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

CVE-2025-52516 - Samsung Exynos Denial of Service (DoS) Vulnerability Trust: 5.75 Fetched: Jan. 13, 2026, 10:07 a.m., Published: Jan. 5, 2026, 7:15 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	samsung	model:	exynos
vendor:	samsung	model:	mobile
vendor:	samsung	model:	samsung mobile
vendor:	samsung	model:	samsung

db:

NVD

ids:

CVE-2025-52516

Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers Trust: 4.75 Fetched: Jan. 13, 2026, 10:07 a.m., Published: Jan. 7, 2026, 4:31 a.m.	Vulnerabilities: command injection, code execution

Affected products

External IDs

vendor:	d-link	model:	router
vendor:	d-link	model:	dsl-2740r
vendor:	d-link	model:	dsl-2640b

db:

NVD

ids:

CVE-2026-0625

Security Advisory on Vulnerabilities in TP-Link Archer BE400 V1 (CVE-2025-14631) Trust: 5.25 Fetched: Jan. 13, 2026, 10:06 a.m., Published: Jan. 7, 2026, midnight	Vulnerabilities: pointer dereference vulnerability

Affected products

External IDs

db:

NVD

ids:

CVE-2025-14631

Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover Trust: 4.0 Fetched: Jan. 13, 2026, 10:06 a.m., Published: Jan. 6, 2026, 3:47 p.m.	Vulnerabilities: arbitrary command execution, command execution

Affected products

External IDs

db:

NVD

ids:

CVE-2025-65606

CVE-2026-22213 RIOT RIOT OS CVETodo Trust: 4.25 Fetched: Jan. 13, 2026, 10:06 a.m., Published: Jan. 12, 2026, 11:15 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

riot

model:

riot

db:

NVD

ids:

CVE-2026-22213

Flashpoint Weekly Vulnerability Insights and Prioritization Report \| Flashpoint Related entries in the VARIoT vulnerabilities database: VAR-202511-2428, VAR-202505-1415, VAR-202501-3155, VAR-202506-0316, VAR-202504-1046, VAR-202504-3437, VAR-202107-1715, VAR-202509-3974, VAR-202502-1766, VAR-202509-3042, VAR-202501-3666, VAR-202504-1178 Trust: 3.75 Fetched: Jan. 13, 2026, 10:05 a.m., Published: Dec. 31, 2025, 4:25 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

node.js

model:

node.js

db:

NVD

ids:

CVE-2025-24288, CVE-2025-29891, CVE-2025-14087, CVE-2025-53770, CVE-2025-32375, CVE-2025-20354, CVE-2025-11953, CVE-2025-61884, CVE-2022-35420, CVE-2025-1980, CVE-2025-68613, CVE-2025-20674, CVE-2025-1974, CVE-2025-24472, CVE-2025-27135, CVE-2024-55591, CVE-2025-59366, CVE-2024-40890, CVE-2025-3248, CVE-2025-39247, CVE-2025-2071, CVE-2025-43529, CVE-2025-48148, CVE-2025-27363, CVE-2025-58367, CVE-2025-32444, CVE-2025-5597, CVE-2025-20333, CVE-2025-33223, CVE-2025-30216, CVE-2025-22457, CVE-2025-34222, CVE-2025-66399, CVE-2025-53771, CVE-2024-40891, CVE-2025-59503, CVE-2025-2746, CVE-2025-48054, CVE-2025-27797, CVE-2025-43858, CVE-2025-41244, CVE-2025-55727, CVE-2025-62713, CVE-2025-60854, CVE-2025-66516, CVE-2025-62168, CVE-2025-6222, CVE-2025-46348, CVE-2025-7775, CVE-2025-49136, CVE-2025-55182, CVE-2025-64095, CVE-2025-22224, CVE-2025-49132, CVE-2025-25256, CVE-2025-59230, CVE-2025-27007, CVE-2025-62703, CVE-2025-34224, CVE-2025-34036, CVE-2025-55796, CVE-2025-27224, CVE-2025-6543, CVE-2024-56196, CVE-2025-54309, CVE-2025-41680, CVE-2025-54122, CVE-2025-14174, CVE-2025-30259, CVE-2025-61928, CVE-2025-59346, CVE-2025-52166, CVE-2025-27781, CVE-2024-58274, CVE-2025-32445, CVE-2025-20363, CVE-2025-61882, CVE-2025-26613, CVE-2025-57819, CVE-2025-2783, CVE-2025-58371, CVE-2025-62221, CVE-2024-57811, CVE-2025-10035, CVE-2025-40765, CVE-2025-21355, CVE-2025-32819, CVE-2025-55190, CVE-2025-34159, CVE-2025-62645, CVE-2024-14007, CVE-2025-34027, CVE-2025-33222, CVE-2025-27364, CVE-2025-20156, CVE-2025-2787, CVE-2025-58048, CVE-2025-5622, CVE-2025-31201, CVE-2025-3495, CVE-2025-55150, CVE-2025-43995, CVE-2025-24990, CVE-2025-58159, CVE-2025-64446, CVE-2025-9900, CVE-2025-54875, CVE-2025-27223, CVE-2025-29927, CVE-2025-31324, CVE-2025-7503, CVE-2025-20188, CVE-2025-1393, CVE-2025-48926, CVE-2024-50664, CVE-2025-34044, CVE-2025-59719, CVE-2024-8266, CVE-2025-6558, CVE-2025-23006, CVE-2025-8876, CVE-2025-21218, CVE-2025-27636, CVE-2025-27140, CVE-2025-41430, CVE-2025-22372, CVE-2025-5353, CVE-2025-59118, CVE-2025-30356, CVE-2025-52906, CVE-2025-32068, CVE-2025-1496, CVE-2025-61932, CVE-2025-1539, CVE-2025-14847, CVE-2025-36250, CVE-2025-54964, CVE-2025-2000, CVE-2025-12686, CVE-2025-27554, CVE-2025-25181, CVE-2025-0108, CVE-2025-11833, CVE-2024-13789, CVE-2024-8420, CVE-2025-43300, CVE-2025-7426, CVE-2025-47282, CVE-2025-47277, CVE-2025-59718, CVE-2025-24201, CVE-2025-3015, CVE-2025-5419, CVE-2025-43200, CVE-2025-47646, CVE-2025-8424, CVE-2025-34153, CVE-2025-58321, CVE-2025-46811, CVE-2025-53942, CVE-2025-8875, CVE-2025-8857, CVE-2025-33053, CVE-2025-50201, CVE-2025-8110, CVE-2025-34143, CVE-2025-24085, CVE-2025-32992, CVE-2025-29972, CVE-2022-4980, CVE-2025-41723, CVE-2025-27690, CVE-2025-32433, CVE-2025-34046, CVE-2025-51495, CVE-2025-64428, CVE-2025-52452, CVE-2025-3699, CVE-2025-65018, CVE-2025-55728, CVE-2025-42599, CVE-2025-54347, CVE-2025-41651, CVE-2025-50454, CVE-2025-49125, CVE-2025-31129, CVE-2025-29913, CVE-2025-24522, CVE-2025-22455, CVE-2025-20289, CVE-2025-57870, CVE-2025-58366, CVE-2025-10159, CVE-2025-49844, CVE-2025-27819, CVE-2025-32432, CVE-2025-64400

CVE-2025-69416 - Plex Media Server Device Token Information Disclosure Vulnerability Trust: 5.25 Fetched: Jan. 13, 2026, 10:01 a.m., Published: Jan. 2, 2026, 5:16 p.m.	Vulnerabilities: information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2025-69416, CVE-2025-34158

TOTOLINK EX200 Extender Vulnerability Allows Attackers to Gain Full System Access Trust: 4.0 Fetched: Jan. 13, 2026, 10:01 a.m., Published: Jan. 7, 2026, 1:08 p.m.	Vulnerabilities: default credentials

Affected products

External IDs

db:

NVD

ids:

CVE-2025-65606

Apple is warning iOS and macOS users about critical security flaws Trust: 4.25 Fetched: Jan. 13, 2026, 10 a.m., Published: Jan. 12, 2026, 3 a.m.	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	wi-fi router
vendor:	google	model:	google chrome
vendor:	apple	model:	macos
vendor:	apple	model:	software update
vendor:	apple	model:	webkit
vendor:	apple	model:	safari
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2025-43529, CVE-2025-14174, CVE-2025-43531

CVE-2026-22213 - RIOT OS <= 2026.01-devel-317 Stack-Based Buffer Overflow in tapslip6 Utility - SecAlerts Trust: 5.0 Fetched: Jan. 13, 2026, 9:59 a.m., Published: -	Vulnerabilities: buffer overflow

Affected products

External IDs

vendor:

riot

model:

riot

db:

NVD

ids:

CVE-2026-22213

CVE-2026-21860 - Werkzeug safe_join() allows Windows special device names with compound extensions - SecAlerts Trust: 3.25 Fetched: Jan. 13, 2026, 9:59 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2026-21860

CISA Warns of WHILL Model C2 Wheelchair Vulnerabilities Allowing Remote Control Trust: 3.0 Fetched: Jan. 13, 2026, 9:58 a.m., Published: Jan. 2, 2026, 7:50 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-14346

CVE-2025-68622 espressif esp-usb Medium CVETodo Trust: 3.5 Fetched: Jan. 13, 2026, 9:57 a.m., Published: Jan. 12, 2026, 5:15 p.m.	Vulnerabilities: denial of service, memory corruption, buffer overflow...

Affected products

External IDs

db:

NVD

ids:

CVE-2025-686221, CVE-2025-68622

WhatsApp Vulnerabilities Leak User Metadata, Including Device Operating System Details Trust: 3.0 Fetched: Jan. 13, 2026, 9:56 a.m., Published: Jan. 6, 2026, 7:07 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

CERT/CC warns of critical, unfixed vulnerability in TOTOLINK EX200 Trust: 4.25 Fetched: Jan. 13, 2026, 9:56 a.m., Published: Jan. 6, 2026, 8:28 p.m.	Vulnerabilities: security bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2025-65606

VARIoT news about IoT security