7.1
CVE-2026-22664 - prompts.chat SSRF via Fal.ai Media Status Polling
prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack of URL validatβ¦
8.7
CVE-2026-22663 - prompts.chat Authorization Bypass Information Disclosure
prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing aβ¦
5.3
CVE-2026-22662 - prompts.chat Blind SSRF via media-generate
prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests tβ¦
8.6
CVE-2026-22661 - prompts.chat Path Traversal via Skill File Handling
prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames containing path traversal sequences. Attackers can exploit missing seβ¦
8.8
CVE-2025-10681 - Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials
Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers.
9.3
CVE-2026-25197 - Gardyn Cloud API Authorization Bypass Through User-Controlled Key
A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call.
9.2
CVE-2026-28766 - Gardyn Cloud API Missing Authentication for Critical Function
A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication.
8.7
CVE-2020-37216 - Hirschmann HiOS EtherNet/IP Stack Denial of Service
Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a β¦
6.9
CVE-2026-28767 - Gardyn Cloud API Missing Authentication for Critical Function
A specific administrative endpoint notifications is accessible without proper authentication.
8.7
CVE-2026-32646 - Gardyn Cloud API Missing Authentication for Critical Function
A specific administrative endpoint is accessible without proper authentication, exposing device management functions.