Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (6 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-32662 1 Gardyn 1 Cloud Api 2026-04-07 5.3 Medium
Development and test API endpoints are present that mirror production functionality.
CVE-2026-32646 1 Gardyn 1 Cloud Api 2026-04-07 7.5 High
A specific administrative endpoint is accessible without proper authentication, exposing device management functions.
CVE-2026-28767 1 Gardyn 1 Cloud Api 2026-04-07 5.3 Medium
A specific administrative endpoint notifications is accessible without proper authentication.
CVE-2026-28766 1 Gardyn 1 Cloud Api 2026-04-06 9.3 Critical
A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication.
CVE-2026-25197 1 Gardyn 1 Cloud Api 2026-04-06 9.1 Critical
A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call.
CVE-2025-10681 1 Gardyn 2 Cloud Api, Mobile Application 2026-04-06 8.6 High
Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers.