Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-32646 | 1 Mygardyn | 1 Cloud Api | 2026-04-22 | N/A | 7.5 HIGH |
| A specific administrative endpoint is accessible without proper authentication, exposing device management functions. | |||||
| CVE-2026-28767 | 1 Mygardyn | 1 Cloud Api | 2026-04-22 | N/A | 5.3 MEDIUM |
| A specific administrative endpoint notifications is accessible without proper authentication. | |||||
| CVE-2026-28766 | 1 Mygardyn | 1 Cloud Api | 2026-04-22 | N/A | 9.3 CRITICAL |
| A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication. | |||||
| CVE-2026-25197 | 1 Mygardyn | 1 Cloud Api | 2026-04-22 | N/A | 9.1 CRITICAL |
| A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call. | |||||
| CVE-2026-32662 | 1 Mygardyn | 1 Cloud Api | 2026-04-22 | N/A | 5.3 MEDIUM |
| Development and test API endpoints are present that mirror production functionality. | |||||