23 matches found
Gardyn 4 信任管理问题漏洞
Gardyn 4 is a home-use vertical hydroponic cultivation system developed by the American company Gardyn. Gardyn 4 has a vulnerability related to trust management. This vulnerability stems from the ability to extract management credentials through application API responses, mobile application rever...
EUVD-2025-22714
Malicious code in bioql PyPI...
EUVD-2025-22717
Malicious code in bioql PyPI...
EUVD-2025-22716
Malicious code in bioql PyPI...
EUVD-2025-22715
Malicious code in bioql PyPI...
CVE-2025-29630
Gardyn Home Kit Firmware allows a remote attacker with the corresponding ssh private key to achieve remote root access...
CVE-2025-29629
Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 use weak default credentials for secure shell access. This may result in attackers gaining access to exposed Gardyn Home Kits...
CVE-2025-29631
Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 allow command injection through vulnerable methods that do not sanitize input before passing content to the operating system for execution. The vulnerability may allow an...
CVE-2025-29628
A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 leaving the string vulnerable to interception and modification through a...
CVE-2025-29628
A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 leaving the string vulnerable to interception and modification through a...
CVE-2025-29630
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue; there is no indication that an applicable SSH private key has ever been compromised. Notes: none...
CVE-2025-29631
Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 allow command injection through vulnerable methods that do not sanitize input before passing content to the operating system for execution. The vulnerability may allow an...
CVE-2025-29630
Summary: CVE-2025-29630 affects Gardyn 4 and enables a remote attacker who possesses the corresponding SSH private key to gain remote root access to affected devices. The vulnerability is characterized by an SSH key backdoor/backdoor-like access enabling total compromise of the device, with high ...
Gardyn 4 安全漏洞
Gardyn 4 is a home vertical hydroponic growing system from Gardyn USA. A security vulnerability exists in Gardyn 4 that stems from mishandling of the component Gardyn Home, which could lead to information disclosure and execution of arbitrary code...
CVE-2025-29631
Gardyn 4 is affected by a vulnerability that allows a remote attacker to obtain sensitive information and execute arbitrary code via a request. The PT-2025-30888 entry confirms Gardyn version 4 as vulnerable and notes there is no information about a newer version containing a fix. No explicit exp...
CVE-2025-29631
Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 allow command injection through vulnerable methods that do not sanitize input before passing content to the operating system for execution. The vulnerability may allow an...
CVE-2025-29628
A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 leaving the string vulnerable to interception and modification through a...
CVE-2025-29629
Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 use weak default credentials for secure shell access. This may result in attackers gaining access to exposed Gardyn Home Kits...
CVE-2025-29631
Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 allow command injection through vulnerable methods that do not sanitize input before passing content to the operating system for execution. The vulnerability may allow an...
CVE-2025-29629
Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 use weak default credentials for secure shell access. This may result in attackers gaining access to exposed Gardyn Home Kits...