| Vendor | Products | CVEs | KEV | Avg EPSS | Worst Severity |
|---|
| 1 | 5 | 0 | 29.4% | CRITICAL |
| CVE ID | Description | Severity | CVSS | KEV | EPSS | Published | |
|---|
| CVE-2026-32662 | Development and test API endpoints are present that mirror production functionality. | MEDIUM | 6.9 | — | 23.3% | Apr 3, 2026 | |
| CVE-2026-32646 | A specific administrative endpoint is accessible without proper authentication, exposing device management functions. | HIGH | 8.7 | — | 38.2% | Apr 3, 2026 | |
| CVE-2026-28767 | A specific administrative endpoint notifications is accessible without proper authentication. | MEDIUM | 6.9 | — | 29.5% | Apr 3, 2026 | |
| CVE-2026-28766 | A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication. | CRITICAL | 9.2 | — | 34.9% | Apr 3, 2026 | |
| CVE-2026-25197 | A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call. | CRITICAL | 9.3 | — | 21.2% | Apr 3, 2026 | |