Lucene search
K

8 matches found

Cvelist
Cvelist
added 5 days ago51 views

CVE-2026-54477 Gardyn IoT Hub Improper Neutralization of HTTP Headers for Scripting Syntax

The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...

5.4CVSS0.00238EPSS
Exploits0References3
CVE
CVE
added 5 days ago17 views

CVE-2026-54477

CVE-2026-54477 affects the Gardyn IoT Hub admin panel, where the absence of standard security headers allows clickjacking and cross-site scripting. The available data show an impact with low confidentiality and integrity impact (CVSS scores: 5.1/4.0 base metrics, MEDIUM), but no explicit details ...

5.4CVSS5.6AI score0.00238EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago56 views

CVE-2026-55726 Gardyn IoT Hub Exposure of Sensitive System Information to an Unauthorized Control Sphere

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS0.00359EPSS
Exploits0References3
CVE
CVE
added 5 days ago14 views

CVE-2026-55726

CVE-2026-55726 concerns Gardyn IoT Hub: the Azure Blob Storage container used for device logs is publicly listable without authentication, enabling access to any device log file in that container. The root cause is a misconfiguration of storage permissions, exposing logs to unauthenticated users....

6.9CVSS5.8AI score0.00359EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/26 10:35 p.m.4 views

CVE-2025-1242

The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicio...

9.3CVSS5.4AI score0.00438EPSS
Exploits2References1
EUVD
EUVD
added 2026/02/25 6:31 p.m.6 views

EUVD-2025-208113

The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicio...

9.3CVSS5.4AI score0.00438EPSS
Exploits2References4
NVD
NVD
added 2026/02/25 4:23 p.m.10 views

CVE-2025-1242

The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicio...

9.3CVSS0.00438EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/02/25 3:21 p.m.4 views

CVE-2025-1242

The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicio...

9.3CVSS5.4AI score0.00438EPSS
Exploits2References4
Rows per page
Query Builder