Gr0m

9 exploits Active since Feb 2026
CVE-2026-32662 NOMISEC MEDIUM WRITEUP
Gardyn Cloud API Active Debug Code
Development and test API endpoints are present that mirror production functionality.
1 stars
CVSS 5.3
CVE-2026-28767 NOMISEC MEDIUM WRITEUP
Gardyn Cloud API Missing Authentication for Critical Function
A specific administrative endpoint notifications is accessible without proper authentication.
1 stars
CVSS 5.3
CVE-2026-32646 NOMISEC HIGH WRITEUP
Gardyn Cloud API Missing Authentication for Critical Function
A specific administrative endpoint is accessible without proper authentication, exposing device management functions.
1 stars
CVSS 7.5
CVE-2025-10681 NOMISEC HIGH WRITEUP
Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials
Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers.
1 stars
CVSS 8.6
CVE-2026-25197 NOMISEC CRITICAL WRITEUP
Gardyn Cloud API Authorization Bypass Through User-Controlled Key
A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call.
1 stars
CVSS 9.1
CVE-2026-28766 NOMISEC CRITICAL WRITEUP
Gardyn Cloud API Missing Authentication for Critical Function
A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication.
1 stars
CVSS 9.3
CVE-2026-28766 NOMISEC CRITICAL WRITEUP
Gardyn Cloud API Missing Authentication for Critical Function
A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication.
1 stars
CVSS 9.3
CVE-2025-1242 NOMISEC CRITICAL WRITEUP
Gardyn IoT Hub - Info Disclosure
The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicious control.
CVSS 9.1
CVE-2025-1242 NOMISEC CRITICAL WRITEUP
Gardyn IoT Hub - Info Disclosure
The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicious control.
CVSS 9.1