CERT Polska

CERT Polskahttps://cert.pl/en/CERT.PLThu, 09 Apr 2026 11:55:00 +0100Vulnerabilities in Hydrosystem Control System softwarehttps://cert.pl/en/posts/2026/04/CVE-2026-4901/CERT Polska has received a report about 3 vulnerabilities (CVE-2026-4901, CVE-2026-34184, CVE-2026-34185) found in Hydrosystem Control System software.CERT PolskaThu, 09 Apr 2026 11:55:00 +0100tag:cert.pl,2026-04-09:/en/posts/2026/04/CVE-2026-4901/CVEvulnerabilitywarningcveAnnual report from the actions of CERT Polska 2025https://cert.pl/en/posts/2026/04/annual-report-2025/Another year of CERT Polska’s activities is behind us. It was a special one, as it marked the end of the third decade of our operations – we are celebrating our 30th anniversary! The year 2025 was a time full of challenges, growth, and a comprehensive approach to shaping cybersecurity – from proactive threat detection, through handling reports and responding to incidents, to sharing knowledge and building public awareness.CERT PolskaWed, 08 Apr 2026 09:00:00 +0200tag:cert.pl,2026-04-08:/en/posts/2026/04/annual-report-2025/Newsannual reportreportVulnerabilities in Mlflow softwarehttps://cert.pl/en/posts/2026/04/CVE-2026-33865/CERT Polska has received a report about 2 vulnerabilities (CVE-2026-33865, CVE-2026-33866) found in Mlflow software.CERT PolskaTue, 07 Apr 2026 13:55:00 +0100tag:cert.pl,2026-04-07:/en/posts/2026/04/CVE-2026-33865/CVEvulnerabilitywarningcveVulnerability in Bludit softwarehttps://cert.pl/en/posts/2026/04/CVE-2026-4420/CERT Polska has received a report about a Stored Cross-site Scripting vulnerability found in Bludit software.CERT PolskaTue, 07 Apr 2026 11:55:00 +0100tag:cert.pl,2026-04-07:/en/posts/2026/04/CVE-2026-4420/CVEvulnerabilitywarningcveAnalysis of cifrat: could this be an evolution of a mobile RAT?https://cert.pl/en/posts/2026/04/cifrat-analysis/CERT Polska analyzed a Booking themed Android malware chain delivered through phishing and a fake update website. The sample is a multistage dropper that installs a hidden accessibility controlled RAT with WebSocket C2.Kacper RatajczakFri, 03 Apr 2026 12:00:00 +0200tag:cert.pl,2026-04-03:/en/posts/2026/04/cifrat-analysis/NewsandroidanalysisbookingbankerratVulnerabilities in Szafir softwarehttps://cert.pl/en/posts/2026/04/CVE-2026-26927/CERT Polska has received a report about 2 vulnerabilities (CVE-2026-26927, CVE-2026-26928) found in Szafir software.CERT PolskaThu, 02 Apr 2026 11:55:00 +0100tag:cert.pl,2026-04-02:/en/posts/2026/04/CVE-2026-26927/CVEvulnerabilitywarningcveAnalysis of FvncBot campaignhttps://cert.pl/en/posts/2026/03/fvncbot-analysis/CERT Polska has analyzed an SGB-branded Android malware sample from the FvncBot campaign targeting Poland. The app installs a second-stage implant, coerces the victim into enabling accessibility, and registers the device to a backend that issues per-device credentials.Kacper RatajczakMon, 30 Mar 2026 14:00:00 +0100tag:cert.pl,2026-03-30:/en/posts/2026/03/fvncbot-analysis/NewsandroidanalysisfvncbotVulnerability in Robolinho Update Softwarehttps://cert.pl/en/posts/2026/03/CVE-2026-1612/Use of Hard-coded Credentials vulnerability (CVE-2026-1612) has been found in Robolinho Update Software.CERT PolskaMon, 30 Mar 2026 09:55:00 +0100tag:cert.pl,2026-03-30:/en/posts/2026/03/CVE-2026-1612/CVEvulnerabilitywarningcveVulnerabilities in Bludit softwarehttps://cert.pl/en/posts/2026/03/CVE-2026-25099/CERT Polska has received a report about 3 vulnerabilities (from CVE-2026-25099 to CVE-2026-25101) found in Bludit software.CERT PolskaFri, 27 Mar 2026 11:55:00 +0100tag:cert.pl,2026-03-27:/en/posts/2026/03/CVE-2026-25099/CVEvulnerabilitywarningcveVulnerability in KlinikaXP and KlinikaXP Insertino softwarehttps://cert.pl/en/posts/2026/03/CVE-2026-1958/Use of Hard-coded Credentials vulnerability (CVE-2026-1958) has been found in KlinikaXP and KlinikaXP Insertino software.CERT PolskaMon, 23 Mar 2026 11:55:00 +0100tag:cert.pl,2026-03-23:/en/posts/2026/03/CVE-2026-1958/CVEvulnerabilitywarningcveVulnerability in Befree SDK softwarehttps://cert.pl/en/posts/2026/03/CVE-2025-12518/Cross-site Scripting vulnerability (CVE-2025-12518) has been found in Befree SDK software.CERT PolskaWed, 18 Mar 2026 11:55:00 +0100tag:cert.pl,2026-03-18:/en/posts/2026/03/CVE-2025-12518/CVEvulnerabilitywarningcveVulnerabilities in Raytha softwarehttps://cert.pl/en/posts/2026/03/CVE-2025-69236/CERT Polska has received a report about 11 vulnerabilities (CVE-2025-15540 and from CVE-2025-69236 to CVE-2025-69243 and from CVE-2025-69245 to CVE-2025-69246) found in Raytha software.CERT PolskaMon, 16 Mar 2026 13:55:00 +0100tag:cert.pl,2026-03-16:/en/posts/2026/03/CVE-2025-69236/CVEvulnerabilitywarningcveVulnerabilities in multiple tinycontrol deviceshttps://cert.pl/en/posts/2026/03/CVE-2025-11500/CERT Polska has received reports about 2 vulnerabilities (CVE-2025-11500 and CVE-2025-15587) found in multiple tinycontrol devices (tcPDU and LAN Controllers: LK3.5, LK3.9 and LK4).CERT PolskaMon, 16 Mar 2026 11:55:00 +0100tag:cert.pl,2026-03-16:/en/posts/2026/03/CVE-2025-11500/CVEvulnerabilitywarningcveVulnerability in Streamsoft Prestiż softwarehttps://cert.pl/en/posts/2026/03/CVE-2026-0809/Weak Token Encoding vulnerability (CVE-2026-0809) has been found in Streamsoft Prestiż software.CERT PolskaThu, 12 Mar 2026 11:55:00 +0100tag:cert.pl,2026-03-12:/en/posts/2026/03/CVE-2026-0809/CVEvulnerabilitywarningcveVulnerability in Coppermine Photo Gallery softwarehttps://cert.pl/en/posts/2026/03/CVE-2026-3013/Path Traversal vulnerability (CVE-2026-3013) has been found in Coppermine Photo Gallery software.CERT PolskaWed, 11 Mar 2026 11:55:00 +0100tag:cert.pl,2026-03-11:/en/posts/2026/03/CVE-2026-3013/CVEvulnerabilitywarningcveVulnerability in QuickCMS softwarehttps://cert.pl/en/posts/2026/03/CVE-2026-1468/Cross-Site Request Forgery (CSRF) vulnerability (CVE-2026-1468) has been found in QuickCMS software.CERT PolskaFri, 06 Mar 2026 11:55:00 +0100tag:cert.pl,2026-03-06:/en/posts/2026/03/CVE-2026-1468/CVEvulnerabilitywarningcveVulnerabilities in DobryCMS softwarehttps://cert.pl/en/posts/2026/03/CVE-2025-12462/CERT Polska has received a report about 2 vulnerabilities (CVE-2025-12462 and CVE-2025-14532) found in DobryCMS software.CERT PolskaMon, 02 Mar 2026 13:55:00 +0100tag:cert.pl,2026-03-02:/en/posts/2026/03/CVE-2025-12462/CVEvulnerabilitywarningcveVulnerabilities in CGM CLININET and CGM NETRAAD softwarehttps://cert.pl/en/posts/2026/03/CVE-2025-10350/CERT Polska has received reports about 8 vulnerabilities found in CGM CLININET and CGM NETRAAD software.CERT PolskaMon, 02 Mar 2026 11:55:00 +0100tag:cert.pl,2026-03-02:/en/posts/2026/03/CVE-2025-10350/CVEvulnerabilitywarningcveVulnerability in Pro3W CMS softwarehttps://cert.pl/en/posts/2026/02/CVE-2025-15498/SQL Injection vulnerability (CVE-2025-15498) has been found in Pro3W CMS software.CERT PolskaFri, 27 Feb 2026 13:55:00 +0100tag:cert.pl,2026-02-27:/en/posts/2026/02/CVE-2025-15498/CVEvulnerabilitywarningcveVulnerabilities in PluXml CMS softwarehttps://cert.pl/en/posts/2026/02/CVE-2026-24350/CERT Polska has received a report about 3 vulnerabilities (from CVE-2026-24350 to CVE-2026-24352) found in PluXml CMS software.CERT PolskaFri, 27 Feb 2026 11:55:00 +0100tag:cert.pl,2026-02-27:/en/posts/2026/02/CVE-2026-24350/CVEvulnerabilitywarningcveVulnerability in Omega-PSIR softwarehttps://cert.pl/en/posts/2026/02/CVE-2026-1434/Reflected XSS vulnerability (CVE-2026-1434) has been found in Omega-PSIR software.CERT PolskaThu, 26 Feb 2026 12:55:00 +0100tag:cert.pl,2026-02-26:/en/posts/2026/02/CVE-2026-1434/CVEvulnerabilitywarningcveVulnerability in Simple.ERP softwarehttps://cert.pl/en/posts/2026/02/CVE-2026-1198/SQL Injection vulnerability (CVE-2026-1198) has been found in Simple.ERP software.CERT PolskaThu, 26 Feb 2026 11:55:00 +0100tag:cert.pl,2026-02-26:/en/posts/2026/02/CVE-2026-1198/CVEvulnerabilitywarningcveVulnerability in multiple Finka applicationshttps://cert.pl/en/posts/2026/02/CVE-2025-13776/Use of Hard-coded Credentials vulnerability (CVE-2025-13776) has been found in Finka-FK, Finka-KPR, Finka-Płace, Finka-Faktura, Finka-Magazyn, Finka-STW applications.CERT PolskaTue, 24 Feb 2026 15:55:00 +0100tag:cert.pl,2026-02-24:/en/posts/2026/02/CVE-2025-13776/CVEvulnerabilitywarningcveVulnerability in multiple Slican deviceshttps://cert.pl/en/posts/2026/02/CVE-2025-14577/Missing Authentication for Critical Function vulnerability (CVE-2025-14577) has been found in in multiple Slican devices.CERT PolskaTue, 24 Feb 2026 12:55:00 +0100tag:cert.pl,2026-02-24:/en/posts/2026/02/CVE-2025-14577/CVEvulnerabilitywarningcveClickFix in action: how fake captcha can lead to a company-wide infectionhttps://cert.pl/en/posts/2026/02/fake-captcha-in-action/We assisted a large organisation in the investigation and remediation of a live malware infection caused by a successful Fake Captcha attack. In this report, we summarize our observations and publish an in-depth malware analysis.Jarosław JedynakTue, 17 Feb 2026 10:00:00 +0200tag:cert.pl,2026-02-17:/en/posts/2026/02/fake-captcha-in-action/NewsmalwareanalysisdfirVulnerabilities in Quick.Cart softwarehttps://cert.pl/en/posts/2026/02/CVE-2026-23796/CERT Polska has received a report about 2 vulnerabilities (CVE-2026-23796 and CVE-2026-23797) found in Quick.Cart software.CERT PolskaThu, 05 Feb 2026 11:55:00 +0100tag:cert.pl,2026-02-05:/en/posts/2026/02/CVE-2026-23796/CVEvulnerabilitywarningcveVulnerability in mObywatel application for iOShttps://cert.pl/en/posts/2026/02/CVE-2025-11598/Exposure of Private Personal Information to an Unauthorized Actor vulnerability (CVE-2025-11598) has been found in mObywatel application for iOS.CERT PolskaTue, 03 Feb 2026 11:55:00 +0100tag:cert.pl,2026-02-03:/en/posts/2026/02/CVE-2025-11598/CVEvulnerabilitywarningcveVulnerability in EAP Legislator softwarehttps://cert.pl/en/posts/2026/02/CVE-2026-1186/A vulnerability has been found in EAP Legislator software that allows a file archive to be extracted outside the target directory (CVE-2026-1186).CERT PolskaMon, 02 Feb 2026 11:55:00 +0100tag:cert.pl,2026-02-02:/en/posts/2026/02/CVE-2026-1186/CVEvulnerabilitywarningcveEnergy Sector Incident Report - 29 December 2025https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/CERT Polska presents a report on the analysis of an incident in the energy sector that occurred on 29 December 2025. The attacks were destructive in nature and targeted wind and photovoltaic farms, a large combined heat and power plant, and a company from the manufacturing sector. The publication aims to raise awareness of the risks associated with sabotage in cyberspace.CERT PolskaFri, 30 Jan 2026 11:00:00 +0100tag:cert.pl,2026-01-30:/en/posts/2026/01/incident-report-energy-sector-2025/NewsreportincidentenergyVulnerabilities in firmware of Pix-Link LV-WR21Q routershttps://cert.pl/en/posts/2026/01/CVE-2025-12386/CERT Polska has received a report about 2 vulnerabilities (CVE-2025-12386 and CVE-2025-12387) found in LV-WR21Q firmware.CERT PolskaTue, 27 Jan 2026 11:55:00 +0100tag:cert.pl,2026-01-27:/en/posts/2026/01/CVE-2025-12386/CVEvulnerabilitywarningcveTCC Bypass vulnerability in Inkscape application for MacOShttps://cert.pl/en/posts/2026/01/CVE-2025-15523/TCC Bypass vulnerability (CVE-2025-15523) has been found in Inkscape application for MacOS.CERT PolskaThu, 22 Jan 2026 13:55:00 +0100tag:cert.pl,2026-01-22:/en/posts/2026/01/CVE-2025-15523/CVEvulnerabilitywarningcveVulnerabilities in Quick.Cart softwarehttps://cert.pl/en/posts/2026/01/CVE-2025-67683/CERT Polska has received a report about 2 vulnerabilities (CVE-2025-67683 and CVE-2025-67684) found in Quick.Cart software.CERT PolskaThu, 22 Jan 2026 11:55:00 +0100tag:cert.pl,2026-01-22:/en/posts/2026/01/CVE-2025-67683/CVEvulnerabilitywarningcveVulnerability in Crazy Bubble Tea mobile applicationhttps://cert.pl/en/posts/2026/01/CVE-2025-14317/Exposure of Private Personal Information (CVE-2025-14317) has been identified in Crazy Bubble Tea mobile application.CERT PolskaWed, 14 Jan 2026 12:55:00 +0100tag:cert.pl,2026-01-14:/en/posts/2026/01/CVE-2025-14317/CVEvulnerabilitywarningcveVulnerability in Ysoft SafeQ 6 softwarehttps://cert.pl/en/posts/2026/01/CVE-2025-13175/Missing Password Field Masking vulnerability (CVE-2025-13175) has been found in Ysoft SafeQ 6 software.CERT PolskaWed, 14 Jan 2026 11:55:00 +0100tag:cert.pl,2026-01-14:/en/posts/2026/01/CVE-2025-13175/CVEvulnerabilitywarningcveVulnerabilities in firmware of Vivotek IP7137 camerahttps://cert.pl/en/posts/2026/01/CVE-2025-66049/CERT Polska has received a report about 4 vulnerabilities (from CVE-2025-66049 to CVE-2025-66052) found in Vivotek IP7137 camera.CERT PolskaFri, 09 Jan 2026 12:55:00 +0100tag:cert.pl,2026-01-09:/en/posts/2026/01/CVE-2025-66049/CVEvulnerabilitywarningcveVulnerability in firmware of KAON CG3000T/CG3000TC routershttps://cert.pl/en/posts/2026/01/CVE-2025-7072/Use of Hard-coded Credentials vulnerability (CVE-2025-7072) has been found in firmware of KAON routers CG3000T and CG3000TC.CERT PolskaFri, 09 Jan 2026 11:55:00 +0100tag:cert.pl,2026-01-09:/en/posts/2026/01/CVE-2025-7072/CVEvulnerabilitywarningcveVulnerability in Asseco AMDX softwarehttps://cert.pl/en/posts/2026/01/CVE-2025-4596/An issue allowing unauthorized access to medical records (CVE-2025-4596) was found in Asseco AMDX software.CERT PolskaThu, 08 Jan 2026 15:56:00 +0100tag:cert.pl,2026-01-08:/en/posts/2026/01/CVE-2025-4596/CVEvulnerabilitywarningcveVulnerabilities in Asseco InfoMedica Plus softwarehttps://cert.pl/en/posts/2026/01/CVE-2025-8306/CERT Polska has received a report about 2 vulnerabilities (CVE-2025-8306 and CVE-2025-8307) found in Asseco InfoMedica Plus software.CERT PolskaThu, 08 Jan 2026 13:55:00 +0100tag:cert.pl,2026-01-08:/en/posts/2026/01/CVE-2025-8306/CVEvulnerabilitywarningcveVulnerability in Kieback&Peter Neutrino-GLT softwarehttps://cert.pl/en/posts/2026/01/CVE-2025-6225/Command Injection vulnerability (CVE-2025-6225) has been found in Kieback&Peter Neutrino-GLT software.CERT PolskaWed, 07 Jan 2026 11:55:00 +0100tag:cert.pl,2026-01-07:/en/posts/2026/01/CVE-2025-6225/CVEvulnerabilitywarningcveVulnerabilities in WODESYS WD-R608U routerhttps://cert.pl/en/posts/2025/12/CVE-2025-65007/CERT Polska has received a report about 5 vulnerabilities (from CVE-2025-65007 to CVE-2025-65011) found in WODESYS WD-R608U router.CERT PolskaThu, 18 Dec 2025 13:55:00 +0100tag:cert.pl,2025-12-18:/en/posts/2025/12/CVE-2025-65007/CVEvulnerabilitywarningcveVulnerability in Govee devices with cloud connectivity firmwarehttps://cert.pl/en/posts/2025/12/CVE-2025-10910/Authorization Bypass Through User-Controlled Key vulnerability (CVE-2025-10910) has been found in Govee devices with cloud connectivity firmware.CERT PolskaThu, 18 Dec 2025 11:55:00 +0100tag:cert.pl,2025-12-18:/en/posts/2025/12/CVE-2025-10910/CVEvulnerabilitywarningcveVulnerabilities in WaveStore Server softwarehttps://cert.pl/en/posts/2025/12/CVE-2025-65074/CERT Polska has received a report about 3 vulnerabilities (from CVE-2025-65074 to CVE-2025-65076) found in WaveStore Server software.CERT PolskaTue, 16 Dec 2025 11:55:00 +0100tag:cert.pl,2025-12-16:/en/posts/2025/12/CVE-2025-65074/CVEvulnerabilitywarningcveVulnerability in OpenSolution QuickCMS softwarehttps://cert.pl/en/posts/2025/12/CVE-2025-12465/SQL Injection vulnerability (CVE-2025-12465) has been found in OpenSolution QuickCMS software.CERT PolskaTue, 02 Dec 2025 11:55:00 +0100tag:cert.pl,2025-12-02:/en/posts/2025/12/CVE-2025-12465/CVEvulnerabilitywarningcveVulnerability in Simple SA Wirtualna Uczelnia softwarehttps://cert.pl/en/posts/2025/11/CVE-2025-12140/Remote Code Execution vulnerability (CVE-2025-12140) has been found in Wirtualna Uczelnia software.CERT PolskaThu, 27 Nov 2025 14:40:00 +0100tag:cert.pl,2025-11-27:/en/posts/2025/11/CVE-2025-12140/CVEvulnerabilitywarningcveVulnerability in SDMC NE6037 routershttps://cert.pl/en/posts/2025/11/CVE-2025-8890/Authorized shell command injection vulnerability (CVE-2025-8890) has been found in SDMC NE6037 routers.CERT PolskaThu, 27 Nov 2025 14:30:00 +0100tag:cert.pl,2025-11-27:/en/posts/2025/11/CVE-2025-8890/CVEvulnerabilitywarningcveVulnerabilities in SOPlanning softwarehttps://cert.pl/en/posts/2025/11/CVE-2025-62293/CERT Polska has received a report about 8 vulnerabilities (from CVE-2025-62293 to 62297 and from 2025-62729 to CVE-2025-62731) found in SOPlanning software.CERT PolskaThu, 20 Nov 2025 11:55:00 +0100tag:cert.pl,2025-11-20:/en/posts/2025/11/CVE-2025-62293/CVEvulnerabilitywarningcveVulnerability in Times Software E-Payroll softwarehttps://cert.pl/en/posts/2025/11/CVE-2025-9977/An improper neutralization of input data has been detected in Times Software E-Payroll, resulting in the possibility of a DoS attack and (potentially) SQL Injection (CVE-2025-9977).CERT PolskaTue, 18 Nov 2025 14:55:00 +0100tag:cert.pl,2025-11-18:/en/posts/2025/11/CVE-2025-9977/CVEvulnerabilitywarningcveVulnerabilities in Windu CMS softwarehttps://cert.pl/en/posts/2025/11/CVE-2025-59110/CERT Polska has received a report about 8 vulnerabilities (from CVE-2025-59110 to CVE-2025-59117) found in Windu CMS software.CERT PolskaTue, 18 Nov 2025 11:55:00 +0100tag:cert.pl,2025-11-18:/en/posts/2025/11/CVE-2025-59110/CVEvulnerabilitywarningcveVulnerabilities in OpenSolution QuickCMS softwarehttps://cert.pl/en/posts/2025/11/CVE-2025-9982/CERT Polska has received a report about 2 vulnerabilities (CVE-2025-9982 and CVE-2025-10018) found in OpenSolution QuickCMS software.CERT PolskaFri, 14 Nov 2025 11:55:00 +0100tag:cert.pl,2025-11-14:/en/posts/2025/11/CVE-2025-9982/CVEvulnerabilitywarningcveAnalysis of NGate malware campaign (NFC relay)https://cert.pl/en/posts/2025/11/analiza-ngate/CERT Polska has observed new samples of mobile malware in recent months associated with an NFC Relay (NGate) attack targeting users of Polish banks.Kacper RatajczakMon, 03 Nov 2025 10:37:00 +0100tag:cert.pl,2025-11-03:/en/posts/2025/11/analiza-ngate/NewsnfcanalysisandroidanalizaVulnerability in Eveo URVE Smart Office softwarehttps://cert.pl/en/posts/2025/10/CVE-2025-10348/Cross-site Scripting vulnerability (CVE-2025-10348) has been found in Eveo URVE Smart Office software.CERT PolskaThu, 30 Oct 2025 13:55:00 +0100tag:cert.pl,2025-10-30:/en/posts/2025/10/CVE-2025-10348/CVEvulnerabilitywarningcveVulnerability in OpenSolution Quick.Cart softwarehttps://cert.pl/en/posts/2025/10/CVE-2025-10317/Cross-Site Request Forgery (CSRF) vulnerability (CVE-2025-10317) has been found in OpenSolution Quick.Cart software.CERT PolskaThu, 30 Oct 2025 11:55:00 +0100tag:cert.pl,2025-10-30:/en/posts/2025/10/CVE-2025-10317/CVEvulnerabilitywarningcveVulnerability in Asseco Poland mMedica softwarehttps://cert.pl/en/posts/2025/10/CVE-2025-9313/Authentication Bypass Using an Alternate Path or Channel vulnerability (CVE-2025-9313) has been found in Asseco mMedica software.CERT PolskaTue, 28 Oct 2025 11:55:00 +0100tag:cert.pl,2025-10-28:/en/posts/2025/10/CVE-2025-9313/CVEvulnerabilitywarningcveVulnerability in Studio Fabryka DobryCMS softwarehttps://cert.pl/en/posts/2025/10/CVE-2025-8536/SQL Injection vulnerability (CVE-2025-8536) has been found in Studio Fabryka DobryCMS software.CERT PolskaFri, 24 Oct 2025 11:55:00 +0100tag:cert.pl,2025-10-24:/en/posts/2025/10/CVE-2025-8536/CVEvulnerabilitywarningcveVulnerability in Request Tracker softwarehttps://cert.pl/en/posts/2025/10/CVE-2025-9158/XSS vulnerability (CVE-2025-9158) has been found in Best Practical Request Tracker software.CERT PolskaFri, 24 Oct 2025 07:55:00 +0100tag:cert.pl,2025-10-24:/en/posts/2025/10/CVE-2025-9158/CVEvulnerabilitywarningcveVulnerabilities in firmware of Vilar VS-IPC1002 IP camerashttps://cert.pl/en/posts/2025/10/CVE-2025-53701/CERT Polska has received a report about 2 vulnerabilities (CVE-2025-53701 and CVE-2025-53702) found in Vilar VS-IPC1002 software.CERT PolskaThu, 23 Oct 2025 11:55:00 +0100tag:cert.pl,2025-10-23:/en/posts/2025/10/CVE-2025-53701/CVEvulnerabilitywarningcveVulnerabilities in OpenSolution QuickCMS softwarehttps://cert.pl/en/posts/2025/10/CVE-2025-9980/CERT Polska has received a report about 2 vulnerabilities (from CVE-2025-9980 to CVE-2025-9981) found in OpenSolution QuickCMS software.CERT PolskaThu, 23 Oct 2025 11:55:00 +0100tag:cert.pl,2025-10-23:/en/posts/2025/10/CVE-2025-9980/CVEvulnerabilitywarningcveVulnerability in SIMPLE.ERP softwarehttps://cert.pl/en/posts/2025/10/CVE-2025-9339/SQL Injection vulnerability (CVE-2025-9339) has been found in SIMPLE.ERP software.CERT PolskaTue, 21 Oct 2025 11:55:00 +0100tag:cert.pl,2025-10-21:/en/posts/2025/10/CVE-2025-9339/CVEvulnerabilitywarningcveVulnerability in NetBird VPN softwarehttps://cert.pl/en/posts/2025/10/CVE-2025-10678/Use of Default Credentials vulnerability (CVE-2025-10678) has been found in NetBird VPN software.CERT PolskaMon, 20 Oct 2025 11:55:00 +0100tag:cert.pl,2025-10-20:/en/posts/2025/10/CVE-2025-10678/CVEvulnerabilitywarningcveVulnerability in Strapi softwarehttps://cert.pl/en/posts/2025/10/CVE-2025-3930/Insufficient Session Expiration vulnerability (CVE-2025-3930) has been found in Strapi software.CERT PolskaThu, 16 Oct 2025 11:55:00 +0100tag:cert.pl,2025-10-16:/en/posts/2025/10/CVE-2025-3930/CVEvulnerabilitywarningcveVulnerabilities in PAD CMS softwarehttps://cert.pl/en/posts/2025/09/CVE-2025-7063/CERT Polska has coordinated disclousure of 9 vulnerabilities (CVE-2025-7063, CVE-2025-7065 and from CVE-2025-8116 to CVE-2025-8122) found in PAD CMS software.CERT PolskaTue, 30 Sep 2025 11:55:00 +0100tag:cert.pl,2025-09-30:/en/posts/2025/09/CVE-2025-7063/CVEvulnerabilitywarningcveVulnerability in CivetWeb softwarehttps://cert.pl/en/posts/2025/09/CVE-2025-9648/Improper Neutralization of NUL Character vulnerability (CVE-2025-9648) has been found in CivetWeb software.CERT PolskaMon, 29 Sep 2025 11:55:00 +0100tag:cert.pl,2025-09-29:/en/posts/2025/09/CVE-2025-9648/CVEvulnerabilitywarningcveVulnerability in GALAYOU G2 softwarehttps://cert.pl/en/posts/2025/09/CVE-2025-9983/Missing Authentication for Critical Function vulnerability (CVE-2025-9983) has been found in GALAYOU G2 software.CERT PolskaMon, 22 Sep 2025 11:55:00 +0100tag:cert.pl,2025-09-22:/en/posts/2025/09/CVE-2025-9983/CVEvulnerabilitywarningcveVulnerabilities in Sparkle softwarehttps://cert.pl/en/posts/2025/09/CVE-2025-10015/CERT Polska has received a report about 2 vulnerabilities (CVE-2025-10015 and CVE-2025-10016) found in Sparkle software.CERT PolskaTue, 16 Sep 2025 11:55:00 +0100tag:cert.pl,2025-09-16:/en/posts/2025/09/CVE-2025-10015/CVEvulnerabilitywarningcveVulnerability in SMSEagle deviceshttps://cert.pl/en/posts/2025/09/CVE-2025-10095/SQL Injection (CVE-2025-10095) has been found in SMSEagle firmware.CERT PolskaTue, 09 Sep 2025 11:55:00 +0100tag:cert.pl,2025-09-09:/en/posts/2025/09/CVE-2025-10095/CVEvulnerabilitywarningcveVulnerability in ITCube CRM softwarehttps://cert.pl/en/posts/2025/09/CVE-2025-5993/Path Traversal vulnerability (CVE-2025-5993) has been found in ITCube CRM software.CERT PolskaMon, 08 Sep 2025 11:55:00 +0100tag:cert.pl,2025-09-08:/en/posts/2025/09/CVE-2025-5993/CVEvulnerabilitywarningcveVulnerability in Concept Intermedia GOV CMS softwarehttps://cert.pl/en/posts/2025/09/CVE-2025-7385/SQL Injection vulnerability (CVE-2025-7385) has been found in Concept Intermedia GOV CMS software.CERT PolskaThu, 04 Sep 2025 13:55:00 +0100tag:cert.pl,2025-09-04:/en/posts/2025/09/CVE-2025-7385/CVEvulnerabilitywarningcveVulnerabilities in Payload CMS softwarehttps://cert.pl/en/posts/2025/08/CVE-2025-4643/CERT Polska has received a report about 2 vulnerabilities (CVE-2025-4643 and CVE-2025-4644).CERT PolskaFri, 29 Aug 2025 11:55:00 +0100tag:cert.pl,2025-08-29:/en/posts/2025/08/CVE-2025-4643/CVEvulnerabilitywarningcveVulnerabilities in OpenSolution QuickCMS softwarehttps://cert.pl/en/posts/2025/08/CVE-2025-54540/CERT Polska has received a report about 6 vulnerabilities (from CVE-2025-54540 to CVE-2025-55175) found in OpenSolution QuickCMS software.CERT PolskaThu, 28 Aug 2025 11:55:00 +0100tag:cert.pl,2025-08-28:/en/posts/2025/08/CVE-2025-54540/CVEvulnerabilitywarningcveVulnerabilities in CGM CLININET softwarehttps://cert.pl/en/posts/2025/08/CVE-2025-2313/CERT Polska has received a report about 17 vulnerabilities (between CVE-2025-2313 and CVE-2025-30064) found in CGM CLININET software.CERT PolskaWed, 27 Aug 2025 11:55:00 +0100tag:cert.pl,2025-08-27:/en/posts/2025/08/CVE-2025-2313/CVEvulnerabilitywarningcveVulnerabilities in OpenSolution Quick.CMS and Quick.CMS.Ext softwarehttps://cert.pl/en/posts/2025/08/CVE-2025-54172/CERT Polska has received a report about 3 vulnerabilities (CVE-2025-54172, CVE-2025-54174 and CVE-2025-54175) found in OpenSolution Quick.CMS and Quick.CMS.Ext software.CERT PolskaWed, 20 Aug 2025 12:00:00 +0100tag:cert.pl,2025-08-20:/en/posts/2025/08/CVE-2025-54172/CVEvulnerabilitywarningcveVulnerability in Akcess-Net Lepszy BIP softwarehttps://cert.pl/en/posts/2025/08/CVE-2025-7761/Cross-site Scripting (XSS) vulnerability (CVE-2025-7761) has been found in Akcess-Net Lepszy BIP software.CERT PolskaThu, 14 Aug 2025 11:55:00 +0100tag:cert.pl,2025-08-14:/en/posts/2025/08/CVE-2025-7761/CVEvulnerabilitywarningcveTCC Bypass vulnerabilities in six applications for MacOShttps://cert.pl/en/posts/2025/08/tcc-bypass/TCC Bypass vulnerabilities has been found in GIMP (CVE-2025-8672), Mosh-Pro (CVE-2025-53811), Cursor (CVE-2025-9190), MacVim (CVE-2025-8597), Nozbe (CVE-2025-53813) and Invoice Ninja (CVE-2025-8700) applications for MacOS.CERT PolskaMon, 11 Aug 2025 15:00:00 +0100tag:cert.pl,2025-08-11:/en/posts/2025/08/tcc-bypass/CVEvulnerabilitywarningcveVulnerability in Flexibits Fantastical softwarehttps://cert.pl/en/posts/2025/08/CVE-2025-8533/Incorrect Authorization vulnerability (CVE-2025-8533) has been found in Flexibits Fantastical software.CERT PolskaThu, 07 Aug 2025 11:55:00 +0100tag:cert.pl,2025-08-07:/en/posts/2025/08/CVE-2025-8533/CVEvulnerabilitywarningcveVulnerability in TSplus Remote Access softwarehttps://cert.pl/en/posts/2025/07/CVE-2025-5922/Insufficiently Protected Credentials vulnerability (CVE-2025-5922) has been found in TSplus Remote Access software.CERT PolskaTue, 29 Jul 2025 15:00:00 +0100tag:cert.pl,2025-07-29:/en/posts/2025/07/CVE-2025-5922/CVEvulnerabilitywarningcveVulnerability in FARA softwarehttps://cert.pl/en/posts/2025/07/CVE-2025-4049/CERT Polska has received a report about Hard-coded Credentials vulnerability (CVE-2025-4049) found in SIGNUM-NET FARA software.CERT PolskaMon, 21 Jul 2025 10:00:00 +0100tag:cert.pl,2025-07-21:/en/posts/2025/07/CVE-2025-4049/CVEvulnerabilitywarningcveVulnerabilities in applications preloaded on Bluebird smartphoneshttps://cert.pl/en/posts/2025/07/CVE-2025-5344/CERT Polska has received a report about 3 vulnerabilities (from CVE-2025-5344 to CVE-2025-5346) found in applications preloaded on Bluebird smartphones.CERT PolskaThu, 17 Jul 2025 11:55:00 +0100tag:cert.pl,2025-07-17:/en/posts/2025/07/CVE-2025-5344/CVEvulnerabilitywarningcveVulnerability in SUR-FBD CMMS softwarehttps://cert.pl/en/posts/2025/07/CVE-2025-3920/Use of Hard-coded Password vulnerability (CVE-2025-3920) has been found in SUR-FBD CMMS software.CERT PolskaMon, 07 Jul 2025 12:00:00 +0100tag:cert.pl,2025-07-07:/en/posts/2025/07/CVE-2025-3920/CVEvulnerabilitywarningcveTCC Bypass vulnerabilities in two macOS applicationshttps://cert.pl/en/posts/2025/06/tcc-bypass/TCC Bypass vulnerability has been found in two macOS applications: Phoneix Code (CVE-2025-5255), Postbox (CVE-2025-5963).CERT PolskaFri, 20 Jun 2025 11:55:00 +0100tag:cert.pl,2025-06-20:/en/posts/2025/06/tcc-bypass/CVEvulnerabilitywarningcveUNC1151 exploiting Roundcube to steal user credentials in a spearphishing campaignhttps://cert.pl/en/posts/2025/06/unc1151-campaign-roundcube/CERT Polska is observing a malicious email campaign conducted by the UNC1151 group against Polish entities, exploiting a vulnerability in the Roundcube software.CERT PolskaThu, 05 Jun 2025 14:00:00 +0200tag:cert.pl,2025-06-05:/en/posts/2025/06/unc1151-campaign-roundcube/NewsanalysisCVE-2024-42009roundcubeunc1151Vulnerability in 2ClickPortal softwarehttps://cert.pl/en/posts/2025/06/CVE-2025-4568/SQL Injection vulnerability (CVE-2025-4568) has been found in 2ClickPortal software.CERT PolskaThu, 05 Jun 2025 12:00:00 +0100tag:cert.pl,2025-06-05:/en/posts/2025/06/CVE-2025-4568/CVEvulnerabilitywarningcveVulnerabilities in applications preloaded on Ulefone and Krüger&Matz smartphoneshttps://cert.pl/en/posts/2025/05/CVE-2024-13915/CERT Polska has received a report about 3 vulnerabilities (from CVE-2024-13915 to CVE-2024-13917) found in applications preloaded on Ulefone and Krüger&Matz smartphones.CERT PolskaFri, 30 May 2025 16:00:00 +0100tag:cert.pl,2025-05-30:/en/posts/2025/05/CVE-2024-13915/CVEvulnerabilitywarningcveTCC Bypass vulnerabilities in three macOS applicationshttps://cert.pl/en/posts/2025/05/tcc-bypass/TCC Bypass vulnerability has been found in three macOS applications: Poedit (CVE-2025-4280), Viscosity (CVE-2025-4412), DaVinci Resolve (CVE-2025-4081)CERT PolskaThu, 29 May 2025 11:55:00 +0100tag:cert.pl,2025-05-29:/en/posts/2025/05/tcc-bypass/CVEvulnerabilitywarningcveVulnerability in hackney open-source projecthttps://cert.pl/en/posts/2025/05/CVE-2025-3864/Incorrect connection releasing causing pool exhaustion (CVE-2025-3864) has been found in hackney software.CERT PolskaWed, 28 May 2025 11:00:00 +0100tag:cert.pl,2025-05-28:/en/posts/2025/05/CVE-2025-3864/CVEvulnerabilitywarningcveVulnerability in Be-Tech Mifare Classic cards softwarehttps://cert.pl/en/posts/2025/05/CVE-2025-4053/Cleartext Storage of Sensitive Information vulnerability (CVE-2025-4053) has been found in Be-Tech Mifare Classic cards software.CERT PolskaMon, 26 May 2025 12:00:00 +0100tag:cert.pl,2025-05-26:/en/posts/2025/05/CVE-2025-4053/CVEvulnerabilitywarningcveVulnerability in Studio Fabryka DobryCMS softwarehttps://cert.pl/en/posts/2025/05/CVE-2025-4379/Cross-site Scripting (XSS) vulnerability (CVE-2025-4379) has been found in Studio Fabryka DobryCMS software.CERT PolskaFri, 23 May 2025 11:55:00 +0100tag:cert.pl,2025-05-23:/en/posts/2025/05/CVE-2025-4379/CVEvulnerabilitywarningcveThree vulnerabilities in MegaBIP softwarehttps://cert.pl/en/posts/2025/05/CVE-2025-3893/CERT Polska has received a report about 3 vulnerabilities (from CVE-2025-3893 to CVE-2025-3895) found in MegaBIP software.CERT PolskaFri, 23 May 2025 10:00:00 +0100tag:cert.pl,2025-05-23:/en/posts/2025/05/CVE-2025-3893/CVEvulnerabilitywarningcveMultiple vulnerabilities in Proget softwarehttps://cert.pl/en/posts/2025/05/CVE-2025-1415/CERT Polska has received a report about 7 vulnerabilities (from CVE-2025-1415 to CVE-2025-1421) found in Proget software.CERT PolskaWed, 21 May 2025 12:00:00 +0100tag:cert.pl,2025-05-21:/en/posts/2025/05/CVE-2025-1415/CVEvulnerabilitywarningcveVulnerability in EZD RP softwarehttps://cert.pl/en/posts/2025/05/CVE-2025-4430/Missing Authorization vulnerability (CVE-2025-4430) has been found in EZD RP software.CERT PolskaWed, 14 May 2025 12:00:00 +0100tag:cert.pl,2025-05-14:/en/posts/2025/05/CVE-2025-4430/CVEvulnerabilitywarningcveVulnerabilities in Netis Systems WF2220 softwarehttps://cert.pl/en/posts/2025/05/CVE-2025-3758/CERT Polska has received a report about 2 vulnerabilities (CVE-2025-3758 and CVE-2025-3759) found in Netis Systems WF2220 software.CERT PolskaThu, 08 May 2025 12:00:00 +0100tag:cert.pl,2025-05-08:/en/posts/2025/05/CVE-2025-3758/CVEvulnerabilitywarningcveDeobfuscation techniques: Peephole deobfuscationhttps://cert.pl/en/posts/2025/04/peephole-deobfuscation/In this article we describe a basic deobfuscation technique by leveraging a code snippet substitution.Jarosław JedynakThu, 24 Apr 2025 15:00:00 +0200tag:cert.pl,2025-04-24:/en/posts/2025/04/peephole-deobfuscation/NewsredeobfuscationmalwareanalysisVulnerabilities in Symfonia Ready_ softwarehttps://cert.pl/en/posts/2025/04/CVE-2025-1980/CERT Polska has received a report about 4 vulnerabilities (from CVE-2025-1980 to CVE-2025-1983) found in Symfonia Ready_ software.CERT PolskaWed, 16 Apr 2025 15:00:00 +0100tag:cert.pl,2025-04-16:/en/posts/2025/04/CVE-2025-1980/CVEvulnerabilitywarningcveVulnerabilities in SoftCOM iKSORIS softwarehttps://cert.pl/en/posts/2025/04/CVE-2024-10087/CERT Polska has received a report about 11 vulnerabilities found in Internet Starter module of SoftCOM iKSORIS software.CERT PolskaMon, 14 Apr 2025 12:00:00 +0100tag:cert.pl,2025-04-14:/en/posts/2025/04/CVE-2024-10087/CVEvulnerabilitywarningcveAnnual report from the actions of CERT Polska 2024https://cert.pl/en/posts/2025/04/annual-report-2024/Another year of CERT Polska’s activities is behind us. An absolutely record-breaking year, if we take into account practically all the statistics cited in our previous reports. Behind these numbers is the daily work of experts who care for the safety of Poles online every day. This year’s report is about this work, the key challenges we face and the threats we analyse.CERT PolskaThu, 03 Apr 2025 12:40:00 +0200tag:cert.pl,2025-04-03:/en/posts/2025/04/annual-report-2024/Newsannual reportreportMeta is not adequately meeting the demands of CERT Polskahttps://cert.pl/en/posts/2025/03/evaluation-of-expectations-towards-meta/The problem of scammers exploiting social media platforms continues to persist. Meta has yet to fulfill all the recommendations made last year by experts from the CERT Polska team at NASK, which were intended to enhance the safety of Polish social media users.CERT PolskaMon, 31 Mar 2025 13:45:00 +0100tag:cert.pl,2025-03-31:/en/posts/2025/03/evaluation-of-expectations-towards-meta/NewsfacebookmetaadvertisementsscamTwo vulnerabilities in Streamsoft Prestiż softwarehttps://cert.pl/en/posts/2025/03/CVE-2024-7407/CERT Polska has received a report about 2 vulnerabilities (CVE-2024-11504 and CVE-2024-7407) found in Streamsoft Prestiż software.CERT PolskaFri, 28 Mar 2025 12:00:00 +0100tag:cert.pl,2025-03-28:/en/posts/2025/03/CVE-2024-7407/CVEvulnerabilitywarningcveVulnerability in Fast CAD Reader applicationhttps://cert.pl/en/posts/2025/03/CVE-2025-2098/Incorrect Privilege Assignment vulnerability (CVE-2025-2098) has been found in Fast CAD Reader (Beijing Honghu Yuntu Technology) application.CERT PolskaWed, 26 Mar 2025 16:00:00 +0100tag:cert.pl,2025-03-26:/en/posts/2025/03/CVE-2025-2098/CVEvulnerabilitywarningcveVulnerability in OXARI ServiceDesk softwarehttps://cert.pl/en/posts/2025/03/CVE-2025-1542/Incorrect Authorization vulnerability (CVE-2025-1542) has been found in Infonet Projekt SA OXARI ServiceDesk software.CERT PolskaWed, 26 Mar 2025 12:00:00 +0100tag:cert.pl,2025-03-26:/en/posts/2025/03/CVE-2025-1542/CVEvulnerabilitywarningcveVulnerabilities in SIMPLE.ERP softwarehttps://cert.pl/en/posts/2025/03/CVE-2024-8773/CERT Polska has received a report about 2 vulnerabilities (CVE-2024-8773 and CVE-2024-8774) found in SIMPLE.ERP software.CERT PolskaMon, 24 Mar 2025 12:00:00 +0100tag:cert.pl,2025-03-24:/en/posts/2025/03/CVE-2024-8773/CVEvulnerabilitywarningcveVulnerability in NASK-PIB BotSense softwarehttps://cert.pl/en/posts/2025/03/CVE-2025-1774/Improper Neutralization of Value Delimiters vulnerability (CVE-2025-1774) has been found in NASK - PIB BotSense software.CERT PolskaMon, 17 Mar 2025 16:00:00 +0100tag:cert.pl,2025-03-17:/en/posts/2025/03/CVE-2025-1774/CVEvulnerabilitywarningcve