15 matches found
EUVD-2025-23024
Malicious code in bioql PyPI...
EUVD-2025-23001
Malicious code in bioql PyPI...
CVE-2025-28172
Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account using a brute force...
CVE-2025-28170
Grandstream Networks GXP1628 =1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files...
CVE-2025-28172
Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account using a brute force...
PT-2025-31217 · Grandstream Networks · Ucm6510
Name of the Vulnerable Software and Affected Versions: Grandstream Networks UCM6510 versions 1.0.20.52 and earlier Description: The software is susceptible to improper restriction of excessive authentication attempts, allowing an attacker to perform a brute force attack to gain access to targeted...
CVE-2025-28170
The CVE-2025-28170 entry concerns Grandstream Networks GXP1628 devices running version 1.0.4.130 or earlier. The root cause is Incorrect Access Control due to directory listing being enabled, which can permit unauthorized access to sensitive directories and files. Publicly available sources in th...
CVE-2025-28170
Grandstream Networks GXP1628 =1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files...
CVE-2025-28172
Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account using a brute force...
PT-2025-31221 · Grandstream Networks · Gxp1628
Name of the Vulnerable Software and Affected Versions: Grandstream Networks GXP1628 versions 1.0.4.130 and earlier Description: The Grandstream Networks GXP1628 device is susceptible to incorrect access control due to directory listing being enabled. This allows unauthorized access to sensitive...
CVE-2025-28170
Grandstream Networks GXP1628 =1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files...
Grandstream Networks UCM6200 Series SQLi (Phone Web UI)
A SQL injection vulnerability exists in Grandstream UCM6200 Series devices. An unauthenticated, remote attacker can exploit this to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17. Note that Nessus has not tested...
Grandstream Networks UCM6200 Series SQLi (SIP)
A SQL injection vulnerability exists in Grandstream UCM6200 Series devices. An unauthenticated, remote attacker can exploit this to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17. Note that Nessus has not tested...
Grandstream Networks UCM6200 Series SQLi (Web UI)
A SQL injection vulnerability exists in Grandstream UCM6200 Series devices. An unauthenticated, remote attacker can exploit this to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17. Note that Nessus has not tested...
Grandstream GXP1405 Executive IP Phone 1.0.1.110 XSS
-------------------------------------------------------------------------------- title: Grandstream GXP1405 Executive IP Phone Persistent XSS product: Grandstream Networks vulnerable version: 1.0.1.110 impact: Low homepage: www.grandstream.com found: 23.10.2012 by: aulmn...