Sign-up

VARIoT news about IoT security

TP-Link Vulnerability Allows Authentication Bypass Via Password Recovery Feature

Trust: 4.75

Fetched: Jan. 27, 2026, 7:25 p.m., Published: Jan. 20, 2026, 1:24 p.m.
 Vulnerabilities: authentication vulnerability, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2026-0629

CVE-2025-65397 - Blurams Flare Camera Authentication Bypass Vulnerability

Trust: 3.75

Fetched: Jan. 27, 2026, 7:24 p.m., Published: Jan. 14, 2026, 6:16 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-65397

CVE-2026-0782 - ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability

Trust: 4.75

Fetched: Jan. 27, 2026, 7:24 p.m., Published: Jan. 23, 2026, 4:16 a.m.
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2026-0782

CVE-2026-0779 - ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability

Trust: 4.75

Fetched: Jan. 27, 2026, 7:24 p.m., Published: Jan. 23, 2026, 4:16 a.m.
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2026-0779

CVE-2026-0796 - Vulnerability Details - OpenCVE

Trust: 4.75

Fetched: Jan. 27, 2026, 7:23 p.m., Published: Jan. 27, 8180, midnight
 Vulnerabilities: command injection, code execution, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-0796

CVE-2025-71157 - RDMA/core: always drop device refcount in ib_del_sub_device_and_put()

Trust: 3.0

Fetched: Jan. 27, 2026, 7:23 p.m., Published: Jan. 23, 2026, 3:16 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-71157

VU#650657 - Livewire Filemanager contains an insecure .php component that allows for unauthenticated RCE in Laravel Products

Trust: 4.0

Fetched: Jan. 27, 2026, 7:22 p.m., Published: Jan. 16, 2026, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-14894

iPhone Security Crisis: 80% Remain Vulnerable Despite Patches

Trust: 3.5

Fetched: Jan. 27, 2026, 7 p.m., Published: Jan. 26, 2026, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android
vendor: apple model: safari
vendor: apple model: software update
vendor: apple model: ipad
vendor: apple model: tvos
vendor: apple model: ipad air
vendor: apple model: webkit
vendor: apple model: watchos
vendor: apple model: iphone

The Unsettling Persistence of Insecurity: Nearly 800,000 Telnet Servers Exposed to Critical Remote Attacks

Trust: 3.5

Fetched: Jan. 27, 2026, 6:59 p.m., Published: -
 Vulnerabilities: default credentials, code execution, authentication bypass
Affected productsExternal IDs

Fortinet Confirms Active Exploitation of FortiCloud SSO Authentication Bypass Vulnerability

Trust: 6.0

Fetched: Jan. 27, 2026, 6:59 p.m., Published: Jan. 23, 2026, 11:52 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2025-59718, CVE-2025-59719

Critical Reference Count Vulnerability in Linux Kernel - CVE-2025-71157

Trust: 5.25

Fetched: Jan. 27, 2026, 6:58 p.m., Published: Jan. 23, 2026, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2025-71157

Apple iPhone Security Alert: WebKit Flaw Threatens Mobile Commerce

Trust: 5.25

Fetched: Jan. 27, 2026, 6:58 p.m., Published: Jan. 20, 2026, midnight
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: tvos
vendor: apple model: ipad air
vendor: apple model: webkit
vendor: apple model: watchos
vendor: apple model: iphone
db: NVD ids: CVE-2025-14174, CVE-2025-43529

Google Fast Pair WhisperPair flaws allow Bluetooth device hijacking | Fox News

Trust: 3.5

Fetched: Jan. 27, 2026, 6:56 p.m., Published: Jan. 27, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: google model: pixel
vendor: google model: android
vendor: apple model: software update
vendor: apple model: iphone
vendor: oneplus model: one
vendor: oneplus model: oneplus

CVE-2026-20045 | TenableĀ®

Trust: 3.5

Fetched: Jan. 27, 2026, 6:55 p.m., Published: Jan. 22, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2026-20045

How to spot and stop everyday cyberattacks | PCWorld

Trust: 4.25

Fetched: Jan. 27, 2026, 6:55 p.m., Published: Jan. 27, 2026, midnight
 Vulnerabilities: default password
Affected productsExternal IDs
vendor: google model: home
vendor: google model: android
vendor: apple model: mac os

Mass Exploitation Of Fortinet FortiGate Via FortiCloud SSO Vulnerability CVE-2025-59718

Trust: 3.75

Fetched: Jan. 27, 2026, 6:54 p.m., Published: Jan. 26, 2026, 2:39 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2025-59718, CVE-2025-59719

Approve, block, unblock, or delete a managed device - Google Workspace Admin Help

Trust: 3.5

Fetched: Jan. 27, 2026, 6:53 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: google model: android

2026 Device Vulnerabilities Surge: AI Exploits Threaten IoT and Infrastructure

Trust: 4.5

Fetched: Jan. 25, 2026, 9:29 a.m., Published: Jan. 25, 2026, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
db: NVD ids: CVE-2026-22910, CVE-2026-22920

Fortinet FortiGate devices hit in automated attacks which create rogue accounts and steal firewall data | TechRadar

Trust: 4.0

Fetched: Jan. 25, 2026, 9:29 a.m., Published: Jan. 23, 2026, 3:25 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2025-59719, CVE-2025-59718

WhisperPair: What the New Bluetooth Fast Pair Vulnerability Means for Your Devices

Trust: 3.75

Fetched: Jan. 25, 2026, 9:27 a.m., Published: Jan. 3, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
vendor: oneplus model: 3
vendor: oneplus model: oneplus
vendor: xiaomi model: redmi
db: NVD ids: CVE-2025-36911