Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

21 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2025-23001

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.0018EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-23006

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00252EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/07/31 12:33 a.m.5 views

CVE-2025-28171

An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi...

6.5CVSS6.8AI score0.00252EPSS
Exploits0References1
NVD
NVDadded 2025/07/29 4:15 p.m.2 views

CVE-2025-28171

An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi...

6.5CVSS0.00252EPSS
Exploits0References3
OSV
OSVadded 2025/07/29 4:15 p.m.3 views

CVE-2025-28171

An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi...

6.5CVSS5.8AI score0.00252EPSS
Exploits0References3
OSV
OSVadded 2025/07/29 3:15 p.m.2 views

CVE-2025-28172

Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account using a brute force...

6.5CVSS5.9AI score
Exploits0References2
NVD
NVDadded 2025/07/29 3:15 p.m.1 views

CVE-2025-28172

Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account using a brute force...

6.5CVSS0.0018EPSS
Exploits0References2
CVE
CVEadded 2025/07/29 12:0 a.m.15 views

CVE-2025-28172

The CVE-2025-28172 affects Grandstream Networks UCM6510 (versions 1.0.20.52 and earlier). It describes an improper restriction of excessive authentication attempts, enabling brute-force login attempts to target accounts. The cited PT-2025-31217 recommends updating to version 1.0.20.52 or later to...

6.5CVSS7AI score0.0018EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2025/07/29 12:0 a.m.2 views

PT-2025-31217 · Grandstream Networks · Ucm6510

Name of the Vulnerable Software and Affected Versions: Grandstream Networks UCM6510 versions 1.0.20.52 and earlier Description: The software is susceptible to improper restriction of excessive authentication attempts, allowing an attacker to perform a brute force attack to gain access to targeted...

6.5CVSS7.6AI score0.0018EPSS
Exploits0References7
Vulnrichment
Vulnrichmentadded 2025/07/29 12:0 a.m.2 views

CVE-2025-28171

An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi...

6.3AI score0.00252EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/07/29 12:0 a.m.6 views

CVE-2025-28171

An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi...

0.00252EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/07/29 12:0 a.m.2 views

Grandstream UCM6510 安全漏洞

The Grandstream UCM6510 is a VoIP switch from Grandstream USA. A security vulnerability exists in the Grandstream UCM6510 version 1.0.20.52 and earlier, which stems from an improperly restricted authentication attempt that could lead to a brute-force breaking attack...

6.5CVSS6.8AI score0.0018EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/07/29 12:0 a.m.3 views

PT-2025-31219 · Grandstream · Grandstream Ucm6510

Name of the Vulnerable Software and Affected Versions: Grandstream UCM6510 versions prior to 1.0.20.53 Description: An issue allows a remote attacker to obtain sensitive information via the Login function. The vulnerable endpoints are /cgi and /webrtccgi. Recommendations: Update to version...

6.5CVSS6.4AI score0.00252EPSS
Exploits0References8
Cvelist
Cvelistadded 2025/07/29 12:0 a.m.6 views

CVE-2025-28172

Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account using a brute force...

0.0018EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/07/29 12:0 a.m.3 views

CVE-2025-28172

Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account using a brute force...

7.6AI score0.0018EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/07/29 12:0 a.m.1 views

Grandstream UCM6510 安全漏洞

The Grandstream UCM6510 is a VoIP switch from Grandstream USA. A security vulnerability exists in the Grandstream UCM6510 version 1.0.20.52 and prior versions, which stems from a flaw in the login function that could lead to the disclosure of sensitive information...

6.5CVSS6.3AI score0.00252EPSS
Exploits0References4
CVE
CVEadded 2025/07/29 12:0 a.m.18 views

CVE-2025-28171

The CVE-2025-28171 issue affects Grandstream UCM6510 (versions before 1.0.20.53). The vulnerability arises in the login endpoints (/cgi and /webrtccgi), allowing a remote attacker to obtain sensitive information. Remediation: upgrade to version 1.0.20.53 or later. Note: connected PT-2025-31219 co...

6.5CVSS6.1AI score0.00252EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2024/04/29 7:15 p.m.18 views

CVE-2024-0840

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...

8.8CVSS8.8AI score0.00291EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/04/29 6:42 p.m.24 views

CVE-2024-0840 Grandstream UCM Series IP PBX HTTP Parameter Injection

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...

8.8CVSS9AI score0.00291EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/04/29 6:42 p.m.18 views

CVE-2024-0840 Grandstream UCM Series IP PBX HTTP Parameter Injection

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...

8.8CVSS8AI score0.00291EPSS
Exploits0References1
Rows per page
Query Builder