Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

75 matches found

GithubExploit
GithubExploitadded 2026/04/07 4:37 a.m.79 views

Exploit for CVE-2025-10681

CERT/CC VU653116 | CISA Advisory ICSA-26-055-03https:/...

8.8CVSS6.1AI score0.00056EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2026/04/06 10:57 a.m.2 views

CVE-2026-28766

A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...

9.3CVSS5.9AI score0.00086EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/03 9:31 p.m.2 views

EUVD-2026-18839

A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...

9.3CVSS5.9AI score0.00086EPSS
Exploits1References4
NVD
NVDadded 2026/04/03 9:17 p.m.1 views

CVE-2026-28766

A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...

9.3CVSS0.00086EPSS
Exploits1References3
CVE
CVEadded 2026/04/03 8:26 p.m.5 views

CVE-2025-10681

Gardyn CVE-2025-10681 affects the Gardyn mobile app and device firmware, which hardcode Azure Blob Storage account keys granting account‑level access to three storage accounts. Impact includes read access to ~115k camera images, read/write to OTA firmware storage (enabling supply chain risk), acc...

8.8CVSS5.9AI score0.00056EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/04/03 8:26 p.m.2 views

CVE-2025-10681 Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials

Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers...

8.8CVSS5.9AI score0.00056EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/04/03 8:23 p.m.19 views

CVE-2026-25197 Gardyn Cloud API Authorization Bypass Through User-Controlled Key

A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call...

9.3CVSS0.00034EPSS
Exploits0References3
CVE
CVEadded 2026/04/03 8:23 p.m.2 views

CVE-2026-25197

CVE-2026-25197 pertains to Gardyn Cloud API, where an endpoint allows an authenticated user to pivot to other user profiles by altering the id parameter in the API call. The underlying issue is an authorization bypass via a user-controlled key/id, enabling access to other profiles and potentially...

9.3CVSS5.9AI score0.00034EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/03 8:23 p.m.1 views

CVE-2026-25197 Gardyn Cloud API Authorization Bypass Through User-Controlled Key

A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call...

9.3CVSS5.9AI score0.00034EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/04/03 8:20 p.m.20 views

CVE-2026-28766 Gardyn Cloud API Missing Authentication for Critical Function

A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...

9.3CVSS0.00086EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/04/03 8:20 p.m.2 views

CVE-2026-28766 Gardyn Cloud API Missing Authentication for Critical Function

A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...

9.3CVSS5.9AI score0.00086EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/04/03 8:20 p.m.1 views

CVE-2026-28766

A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...

9.3CVSS5.9AI score0.00086EPSS
Exploits1References4
CVE
CVEadded 2026/04/03 8:20 p.m.3 views

CVE-2026-28766

CVE-2026-28766 refers to Gardyn Cloud API missing authentication for a critical function. The initial description and related documents confirm that a specific endpoint exposes all user account information for registered Gardyn users without requiring authentication, enabling potential confidenti...

9.3CVSS5.9AI score0.00086EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/04/03 8:18 p.m.8 views

CVE-2026-28767

CVE-2026-28767 affects Gardyn Cloud API: the administrative endpoint /api/admin/notifications is accessible without authentication. This allows information disclosure of internal administrative communications and related data. The documented remediation is to require admin authentication on all /...

6.9CVSS5.9AI score0.0008EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2026/04/03 8:18 p.m.14 views

CVE-2026-28767 Gardyn Cloud API Missing Authentication for Critical Function

A specific administrative endpoint notifications is accessible without proper authentication...

6.9CVSS0.0008EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/04/03 8:18 p.m.0 views

CVE-2026-28767 Gardyn Cloud API Missing Authentication for Critical Function

A specific administrative endpoint notifications is accessible without proper authentication...

6.9CVSS5.9AI score0.0008EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/04/03 8:15 p.m.3 views

CVE-2026-32646 Gardyn Cloud API Missing Authentication for Critical Function

A specific administrative endpoint is accessible without proper authentication, exposing device management functions...

8.7CVSS5.9AI score0.00086EPSS
Exploits1References3
CVE
CVEadded 2026/04/03 8:15 p.m.9 views

CVE-2026-32646

CVE-2026-32646 concerns the Gardyn Cloud API where administrative endpoints (e.g., /api/admin/) lack proper authentication, exposing device management and internal admin communications. Multiple connected sources (Red Hat, CVE/CVE list, Circle, CVE writeups, and PT-2026-30214) corroborate a patte...

8.7CVSS5.9AI score0.00086EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2026/04/03 8:15 p.m.16 views

CVE-2026-32646 Gardyn Cloud API Missing Authentication for Critical Function

A specific administrative endpoint is accessible without proper authentication, exposing device management functions...

8.7CVSS0.00086EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/04/03 8:11 p.m.18 views

CVE-2026-32662 Gardyn Cloud API Active Debug Code

Development and test API endpoints are present that mirror production functionality...

6.9CVSS0.00038EPSS
Exploits0References3
Rows per page
Query Builder