ReportizFlow
Filtered by vendor Gardyn
Subscriptions
Filtered by product Cloud Api
Subscriptions
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28766 | 1 Gardyn | 1 Cloud Api | 2026-04-07 | 9.3 Critical |
| A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication. | ||||
| CVE-2026-25197 | 1 Gardyn | 1 Cloud Api | 2026-04-07 | 9.1 Critical |
| A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call. | ||||
| CVE-2025-10681 | 1 Gardyn | 2 Cloud Api, Mobile Application | 2026-04-07 | 8.6 High |
| Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers. | ||||
| CVE-2026-32662 | 1 Gardyn | 1 Cloud Api | 2026-04-07 | 5.3 Medium |
| Development and test API endpoints are present that mirror production functionality. | ||||
| CVE-2026-32646 | 1 Gardyn | 1 Cloud Api | 2026-04-07 | 7.5 High |
| A specific administrative endpoint is accessible without proper authentication, exposing device management functions. | ||||
| CVE-2026-28767 | 1 Gardyn | 1 Cloud Api | 2026-04-07 | 5.3 Medium |
| A specific administrative endpoint notifications is accessible without proper authentication. | ||||
Page 1 of 1.