16 matches found
CVE-2026-25197 Gardyn Cloud API Authorization Bypass Through User-Controlled Key
A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call...
CVE-2026-25197
CVE-2026-25197 pertains to Gardyn Cloud API, where an endpoint allows an authenticated user to pivot to other user profiles by altering the id parameter in the API call. The underlying issue is an authorization bypass via a user-controlled key/id, enabling access to other profiles and potentially...
CVE-2026-25197 Gardyn Cloud API Authorization Bypass Through User-Controlled Key
A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call...
CVE-2026-28766 Gardyn Cloud API Missing Authentication for Critical Function
A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...
CVE-2026-28766 Gardyn Cloud API Missing Authentication for Critical Function
A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...
CVE-2026-28766
CVE-2026-28766 refers to Gardyn Cloud API missing authentication for a critical function. The initial description and related documents confirm that a specific endpoint exposes all user account information for registered Gardyn users without requiring authentication, enabling potential confidenti...
CVE-2026-28767 Gardyn Cloud API Missing Authentication for Critical Function
A specific administrative endpoint notifications is accessible without proper authentication...
CVE-2026-28767
CVE-2026-28767 affects Gardyn Cloud API: the administrative endpoint /api/admin/notifications is accessible without authentication. This allows information disclosure of internal administrative communications and related data. The documented remediation is to require admin authentication on all /...
CVE-2026-28767 Gardyn Cloud API Missing Authentication for Critical Function
A specific administrative endpoint notifications is accessible without proper authentication...
CVE-2026-32646 Gardyn Cloud API Missing Authentication for Critical Function
A specific administrative endpoint is accessible without proper authentication, exposing device management functions...
CVE-2026-32646
CVE-2026-32646 concerns the Gardyn Cloud API where administrative endpoints (e.g., /api/admin/) lack proper authentication, exposing device management and internal admin communications. Multiple connected sources (Red Hat, CVE/CVE list, Circle, CVE writeups, and PT-2026-30214) corroborate a patte...
CVE-2026-32646 Gardyn Cloud API Missing Authentication for Critical Function
A specific administrative endpoint is accessible without proper authentication, exposing device management functions...
CVE-2026-32662 Gardyn Cloud API Active Debug Code
Development and test API endpoints are present that mirror production functionality...
CVE-2026-32662
Technical details about CVE-2026-32662 are not provided in the supplied documents. Monitor for updates from vendors and security advisories.
CVE-2026-32662 Gardyn Cloud API Active Debug Code
Development and test API endpoints are present that mirror production functionality...
Gardyn 安全漏洞
Gardyn is an indoor smart hydroponic cultivation device developed by the American company Gardyn. There is a security vulnerability in the Gardyn Cloud API, which stems from the development and testing of APIs for image generation functions...