Exek1El

**Name of the Vulnerable Software and Affected Versions** Grandstream UCM6510 versions prior to 1.0.20.53 **Description** An issue allows a remote attacker to obtain sensitive information via the Login function. The vulnerable endpoints are `/cgi` and `/webrtccgi`. **Recommendations** Update to version 1.0.20.53 or later.

**Name of the Vulnerable Software and Affected Versions** Grandstream Networks GXP1628 versions 1.0.4.130 and earlier **Description** The Grandstream Networks GXP1628 device is susceptible to incorrect access control due to directory listing being enabled. This allows unauthorized access to sensitive directories and files. **Recommendations** Disable directory listing on Grandstream Networks GXP1628 versions 1.0.4.130 and earlier.

**Name of the Vulnerable Software and Affected Versions** Gilnei Moraes phpABook version 0.9 **Description** The issue allows a remote attacker to execute arbitrary code via the `rol` parameter in "index.php". This is a Cross Site Scripting issue. **Recommendations** For Gilnei Moraes phpABook version 0.9, consider disabling access to the "index.php" endpoint until a patch is available, or restrict the use of the `rol` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.