Sign-up

VARIoT news about IoT security

Cisco IOS XE Software HTTP API Command Injection Vulnerability

Trust: 4.75

Fetched: Oct. 17, 2025, 9:51 a.m., Published: Sept. 24, 2025, 4:06 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: ios software
vendor: cisco model: router
vendor: cisco model: nx-os software
vendor: cisco model: ios xr
vendor: cisco model: cisco ios
vendor: cisco model: ios xr software
vendor: cisco model: cisco ios xe
vendor: cisco model: nx-os
vendor: cisco model: ios xe

Tenable discovers RCE vulnerabilities in SimpleHelp | Tenable®

Trust: 4.75

Fetched: Oct. 17, 2025, 9:49 a.m., Published: Oct. 16, 2025, 2 p.m.
 Vulnerabilities: code execution, request forgery, cross-site request forgery
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2025-36727, CVE-2025-36728

GHSA-6g2v-66ch-6xmh - XSS - SecAlerts

Trust: 5.75

Fetched: Oct. 17, 2025, 9:48 a.m., Published: -
 Vulnerabilities: cross-site scripting, code execution, script execution
Affected productsExternal IDs
vendor: jquery model: jquery
db: NVD ids: CVE-2025-62412

Apple Font Parser Vulnerability 2025 Puts Devices at Risk

Trust: 5.5

Fetched: Oct. 17, 2025, 9:47 a.m., Published: Oct. 17, 2025, midnight
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: installer
vendor: trend model: security
vendor: trend model: antivirus
db: NVD ids: CVE-2025-43400

The ‘Pixnapping’ Attack Can Steal Your 2FA Codes | Lifehacker

Trust: 3.5

Fetched: Oct. 17, 2025, 9:46 a.m., Published: Oct. 14, 2025, 7 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: samsung model: galaxy
vendor: samsung model: samsung
db: NVD ids: CVE-2025-48561

Cisco IOS and IOS XE Software Vulnerabilities Let Attackers Execute Remote Code

Trust: 3.75

Fetched: Oct. 17, 2025, 9:45 a.m., Published: Oct. 17, 2025, 2:26 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: nx-os software
vendor: cisco model: access points
vendor: cisco model: ios xr
vendor: cisco model: cisco ios
vendor: cisco model: ios xr software
vendor: cisco model: routers
vendor: cisco model: nx-os
vendor: cisco model: ios xe

Industrial Control at Risk: Red Lion RTU Vulnerabilities Score 10.0 CVSS - Security Spotlight

Trust: 4.5

Fetched: Oct. 17, 2025, 9:44 a.m., Published: Oct. 16, 2025, 11:56 a.m.
 Vulnerabilities: command injection, remote command injection, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2023-40151, CVE-2023-42770

Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits | Trend Micro (UK)

Trust: 4.75

Fetched: Oct. 17, 2025, 9:44 a.m., Published: Oct. 15, 2025, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: router
vendor: cisco model: cisco ios
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe
vendor: trend micro model: security
vendor: trend model: security

What is CyberSecurity: Types, Measures and Best Practices - AstrillVPN Blog

Trust: 4.25

Fetched: Oct. 17, 2025, 9:42 a.m., Published: Sept. 30, 2025, 1:03 a.m.
 Vulnerabilities: sql injection, service disruption
Affected productsExternal IDs
vendor: check point model: check point
vendor: essential model: phone
vendor: trend model: internet security
vendor: trend model: security
vendor: trend model: password manager
vendor: trend model: data loss prevention
vendor: trend model: antivirus

Android's Strandhogg 2.0 Vulnerability Enables App Hijacking and Data Theft

Trust: 3.0

Fetched: Oct. 17, 2025, 9:40 a.m., Published: Oct. 15, 2025, 2:30 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution

Trust: 3.0

Fetched: Oct. 17, 2025, 9:35 a.m., Published: Oct. 14, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Authentication Bypass Vulnerabilities: Risks and Prevention

Trust: 3.5

Fetched: Oct. 17, 2025, 9:34 a.m., Published: Sept. 30, 2025, 10:38 a.m.
 Vulnerabilities: authentication bypass, sql injection, session hijacking...
Affected productsExternal IDs

Operation Zero Disco: Cisco SNMP Vulnerability Exploited - TheCyberThrone

Related entries in the VARIoT vulnerabilities database: VAR-201703-0892

Trust: 4.75

Fetched: Oct. 17, 2025, 9:33 a.m., Published: Oct. 16, 2025, 3:01 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: router
vendor: cisco model: prime network
vendor: cisco model: series
vendor: cisco model: cisco ios
vendor: cisco model: cisco prime network
vendor: cisco model: ios xe
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2017-3881, CVE-2025-20352

Cisco IOS Software Industrial Ethernet Switch Device Manager D... | Tenable®

Trust: 3.0

Fetched: Oct. 17, 2025, 9:33 a.m., Published: Oct. 15, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: ios software
vendor: cisco model: device manager
vendor: cisco model: industrial ethernet

Critical Cisco IOS and IOS XE Flaws Allow Remote Code Execution

Trust: 4.5

Fetched: Oct. 17, 2025, 9:32 a.m., Published: Oct. 17, 2025, 5:53 a.m.
 Vulnerabilities: code execution, buffer overflow, denial of service
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: ios software
vendor: cisco model: nx-os software
vendor: cisco model: ios xr
vendor: cisco model: cisco ios
vendor: cisco model: ios xr software
vendor: cisco model: nx-os
vendor: cisco model: ios xe
db: NVD ids: CVE-2025-203527, CVE-2025-20352

Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits | Trend Micro (US)

Trust: 4.75

Fetched: Oct. 17, 2025, 9:32 a.m., Published: Oct. 15, 2025, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: router
vendor: cisco model: cisco ios
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe
vendor: trend micro model: security
vendor: trend model: security

Cisco IOS and IOS XE Software Vulnerabilities Let Attackers Execute Remote

Related entries in the VARIoT vulnerabilities database: VAR-202302-0213

Trust: 5.5

Fetched: Oct. 17, 2025, 9:29 a.m., Published: Oct. 17, 2025, 10:16 a.m.
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
vendor: snort model: snort
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: wireshark model: wireshark
db: NVD ids: CVE-2023-20076, CVE-2023-20077

Microsoft Patch Tuesday October 2025 - 172 Vulnerabilities Fixed Along with 4 Zero-days

Trust: 3.75

Fetched: Oct. 17, 2025, 9:28 a.m., Published: Oct. 14, 2025, 7:07 p.m.
 Vulnerabilities: feature bypass, security feature bypass, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2025-59188, CVE-2025-59237, CVE-2025-58716, CVE-2025-59231, CVE-2025-55699, CVE-2025-59502, CVE-2025-59272, CVE-2025-59292, CVE-2025-59246, CVE-2025-55677, CVE-2025-55336, CVE-2025-55339, CVE-2025-50175, CVE-2025-55686, CVE-2025-55331, CVE-2025-59250, CVE-2025-59195, CVE-2025-58718, CVE-2025-55689, CVE-2025-59284, CVE-2025-59230, CVE-2025-59202, CVE-2025-54132, CVE-2025-55681, CVE-2025-55697, CVE-2025-55680, CVE-2025-48813, CVE-2025-59277, CVE-2025-59189, CVE-2025-47827, CVE-2025-58720, CVE-2025-59494, CVE-2025-55338, CVE-2025-59192, CVE-2025-55326, CVE-2025-59228, CVE-2025-55334, CVE-2025-55692, CVE-2025-55340, CVE-2025-55335, CVE-2025-58726, CVE-2025-59260, CVE-2025-58715, CVE-2025-59235, CVE-2025-55240, CVE-2025-59288, CVE-2025-59203, CVE-2025-55694, CVE-2025-59257, CVE-2025-59199, CVE-2025-59252, CVE-2025-55696, CVE-2025-59213, CVE-2025-59201, CVE-2025-59227, CVE-2025-55325, CVE-2025-58737, CVE-2025-55315, CVE-2025-59244, CVE-2025-55693, CVE-2025-59247, CVE-2025-59220, CVE-2025-59294, CVE-2025-59223, CVE-2025-59291, CVE-2025-58733, CVE-2025-59222, CVE-2025-2884, CVE-2025-58739, CVE-2025-59275, CVE-2025-55337, CVE-2025-59497, CVE-2025-59255, CVE-2025-59191, CVE-2025-54957, CVE-2025-59278, CVE-2025-59198, CVE-2025-59233, CVE-2025-59287, CVE-2025-50174, CVE-2025-49708, CVE-2025-59209, CVE-2025-55700, CVE-2025-58717, CVE-2025-55328, CVE-2025-59207, CVE-2025-59242, CVE-2025-58722, CVE-2025-59190, CVE-2025-59271, CVE-2025-59238, CVE-2025-59210, CVE-2025-59243, CVE-2025-59197, CVE-2025-59290, CVE-2025-55247, CVE-2025-55682, CVE-2025-59200, CVE-2025-59261, CVE-2025-48004, CVE-2025-53139, CVE-2025-55320, CVE-2025-55691, CVE-2025-59282, CVE-2025-59295, CVE-2025-59229, CVE-2025-59204, CVE-2025-55683, CVE-2025-55333, CVE-2025-59214, CVE-2025-59211, CVE-2025-59258, CVE-2025-59234, CVE-2025-59194, CVE-2025-53768, CVE-2025-58727, CVE-2025-59248, CVE-2025-58728, CVE-2025-59187, CVE-2025-59259, CVE-2025-59249, CVE-2025-59225, CVE-2025-59236, CVE-2025-47989, CVE-2025-59232, CVE-2025-59185, CVE-2025-58736, CVE-2025-58729, CVE-2025-59253, CVE-2025-58724, CVE-2025-55330, CVE-2025-55678, CVE-2025-55698, CVE-2025-59196, CVE-2025-59285, CVE-2025-55321, CVE-2025-59280, CVE-2025-58719, CVE-2025-55684, CVE-2025-59281, CVE-2025-59193, CVE-2025-55687, CVE-2025-53782, CVE-2025-59208, CVE-2025-58730, CVE-2025-59286, CVE-2025-58735, CVE-2025-55676, CVE-2025-55332, CVE-2025-55690, CVE-2025-59218, CVE-2025-59224, CVE-2025-59206, CVE-2025-55695, CVE-2025-59254, CVE-2025-53717, CVE-2025-59186, CVE-2025-59226, CVE-2025-58734, CVE-2025-58725, CVE-2025-55685, CVE-2025-50152, CVE-2025-59184, CVE-2025-55679, CVE-2025-58731, CVE-2025-58738, CVE-2025-59289, CVE-2025-59489, CVE-2025-55688, CVE-2025-58732, CVE-2025-59221, CVE-2025-59205, CVE-2025-55248, CVE-2025-53150, CVE-2025-55701, CVE-2025-59241, CVE-2025-58714, CVE-2025-47979

Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor

Trust: 3.0

Fetched: Oct. 17, 2025, 9:20 a.m., Published: Oct. 13, 2025, 9:54 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Device Vulnerability Management Consumption Market Size by Application: United Kingdom | Germany | France | United States | Spain

Trust: 3.5

Fetched: Oct. 17, 2025, 9:16 a.m., Published: March 17, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks