Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (6 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-32646 2 Gardyn, Mygardyn 2 Cloud Api, Cloud Api 2026-04-22 7.5 High
A specific administrative endpoint is accessible without proper authentication, exposing device management functions.
CVE-2026-28767 2 Gardyn, Mygardyn 2 Cloud Api, Cloud Api 2026-04-22 5.3 Medium
A specific administrative endpoint notifications is accessible without proper authentication.
CVE-2026-28766 2 Gardyn, Mygardyn 2 Cloud Api, Cloud Api 2026-04-22 9.3 Critical
A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication.
CVE-2026-25197 2 Gardyn, Mygardyn 2 Cloud Api, Cloud Api 2026-04-22 9.1 Critical
A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call.
CVE-2026-32662 2 Gardyn, Mygardyn 2 Cloud Api, Cloud Api 2026-04-22 5.3 Medium
Development and test API endpoints are present that mirror production functionality.
CVE-2025-10681 1 Gardyn 2 Cloud Api, Mobile Application 2026-04-07 8.6 High
Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers.