RSS Parrot

BETA

🦜 CERT Polska

@cert.pl.en@rss-parrot.net

I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.

---

CERT.PL

Your feed and you don't want it here? Just e-mail the birb.

Site URL: cert.pl/en/

Feed URL: cert.pl/en/rss.xml

Posts: 103

Followers: 1

Vulnerabilities in Bludit software

https://cert.pl/en/posts/2026/03/CVE-2026-25099/

Published: March 27, 2026 10:55

CERT Polska has received a report about 3 vulnerabilities (from CVE-2026-25099 to CVE-2026-25101) found in Bludit software.

Vulnerability in KlinikaXP and KlinikaXP Insertino software

https://cert.pl/en/posts/2026/03/CVE-2026-1958/

Published: March 23, 2026 10:55

Use of Hard-coded Credentials vulnerability (CVE-2026-1958) has been found in KlinikaXP and KlinikaXP Insertino software.

Vulnerabilities in Raytha software

https://cert.pl/en/posts/2026/03/CVE-2025-69236/

Published: March 16, 2026 12:55

CERT Polska has received a report about 11 vulnerabilities (CVE-2025-15540 and from CVE-2025-69236 to CVE-2025-69243 and from CVE-2025-69245 to CVE-2025-69246) found in Raytha software.

Vulnerabilities in multiple tinycontrol devices

https://cert.pl/en/posts/2026/03/CVE-2025-11500/

Published: March 16, 2026 10:55

CERT Polska has received reports about 2 vulnerabilities (CVE-2025-11500 and CVE-2025-15587) found in multiple tinycontrol devices (tcPDU and LAN Controllers: LK3.5, LK3.9 and LK4).

Vulnerabilities in DobryCMS software

https://cert.pl/en/posts/2026/03/CVE-2025-12462/

Published: March 2, 2026 12:55

CERT Polska has received a report about 2 vulnerabilities (CVE-2025-12462 and CVE-2025-14532) found in DobryCMS software.

Vulnerabilities in CGM CLININET and CGM NETRAAD software

https://cert.pl/en/posts/2026/03/CVE-2025-10350/

Published: March 2, 2026 10:55

CERT Polska has received reports about 8 vulnerabilities found in CGM CLININET and CGM NETRAAD software.

Vulnerabilities in PluXml CMS software

https://cert.pl/en/posts/2026/02/CVE-2026-24350/

Published: February 27, 2026 10:55

CERT Polska has received a report about 3 vulnerabilities (from CVE-2026-24350 to CVE-2026-24352) found in PluXml CMS software.

Vulnerability in multiple Finka applications

https://cert.pl/en/posts/2026/02/CVE-2025-13776/

Published: February 24, 2026 14:55

Use of Hard-coded Credentials vulnerability (CVE-2025-13776) has been found in Finka-FK, Finka-KPR, Finka-Płace, Finka-Faktura, Finka-Magazyn, Finka-STW applications.

Vulnerability in multiple Slican devices

https://cert.pl/en/posts/2026/02/CVE-2025-14577/

Published: February 24, 2026 11:55

Missing Authentication for Critical Function vulnerability (CVE-2025-14577) has been found in in multiple Slican devices.

ClickFix in action: how fake captcha can lead to a company-wide infection

https://cert.pl/en/posts/2026/02/fake-captcha-in-action/

Published: February 17, 2026 08:00

We assisted a large organisation in the investigation and remediation of a live malware infection caused by a successful Fake Captcha attack. In this report, we summarize our observations and publish an in-depth malware analysis.

Vulnerabilities in Quick.Cart software

https://cert.pl/en/posts/2026/02/CVE-2026-23796/

Published: February 5, 2026 10:55

CERT Polska has received a report about 2 vulnerabilities (CVE-2026-23796 and CVE-2026-23797) found in Quick.Cart software.

Vulnerability in mObywatel application for iOS

https://cert.pl/en/posts/2026/02/CVE-2025-11598/

Published: February 3, 2026 10:55

Exposure of Private Personal Information to an Unauthorized Actor vulnerability (CVE-2025-11598) has been found in mObywatel application for iOS.

Vulnerability in EAP Legislator software

https://cert.pl/en/posts/2026/02/CVE-2026-1186/

Published: February 2, 2026 10:55

A vulnerability has been found in EAP Legislator software that allows a file archive to be extracted outside the target directory (CVE-2026-1186).

Energy Sector Incident Report - 29 December 2025

https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/

Published: January 30, 2026 10:00

CERT Polska presents a report on the analysis of an incident in the energy sector that occurred on 29 December 2025. The attacks were destructive in nature and targeted wind and photovoltaic farms, a large combined heat and power plant, and a company from…

Vulnerabilities in firmware of Pix-Link LV-WR21Q routers

https://cert.pl/en/posts/2026/01/CVE-2025-12386/

Published: January 27, 2026 10:55

CERT Polska has received a report about 2 vulnerabilities (CVE-2025-12386 and CVE-2025-12387) found in LV-WR21Q firmware.

Vulnerabilities in Quick.Cart software

https://cert.pl/en/posts/2026/01/CVE-2025-67683/

Published: January 22, 2026 10:55

CERT Polska has received a report about 2 vulnerabilities (CVE-2025-67683 and CVE-2025-67684) found in Quick.Cart software.

Vulnerability in Crazy Bubble Tea mobile application

https://cert.pl/en/posts/2026/01/CVE-2025-14317/

Published: January 14, 2026 11:55

Exposure of Private Personal Information (CVE-2025-14317) has been identified in Crazy Bubble Tea mobile application.

Vulnerabilities in firmware of Vivotek IP7137 camera

https://cert.pl/en/posts/2026/01/CVE-2025-66049/

Published: January 9, 2026 11:55

CERT Polska has received a report about 4 vulnerabilities (from CVE-2025-66049 to CVE-2025-66052) found in Vivotek IP7137 camera.

Vulnerability in firmware of KAON CG3000T/CG3000TC routers

https://cert.pl/en/posts/2026/01/CVE-2025-7072/

Published: January 9, 2026 10:55

Use of Hard-coded Credentials vulnerability (CVE-2025-7072) has been found in firmware of KAON routers CG3000T and CG3000TC.

Vulnerabilities in Asseco InfoMedica Plus software

https://cert.pl/en/posts/2026/01/CVE-2025-8306/

Published: January 8, 2026 12:55

CERT Polska has received a report about 2 vulnerabilities (CVE-2025-8306 and CVE-2025-8307) found in Asseco InfoMedica Plus software.

Vulnerability in Kieback&Peter Neutrino-GLT software

https://cert.pl/en/posts/2026/01/CVE-2025-6225/

Published: January 7, 2026 10:55

Command Injection vulnerability (CVE-2025-6225) has been found in Kieback&Peter Neutrino-GLT software.

Vulnerabilities in WODESYS WD-R608U router

https://cert.pl/en/posts/2025/12/CVE-2025-65007/

Published: December 18, 2025 12:55

CERT Polska has received a report about 5 vulnerabilities (from CVE-2025-65007 to CVE-2025-65011) found in WODESYS WD-R608U router.

Vulnerability in Govee devices with cloud connectivity firmware

https://cert.pl/en/posts/2025/12/CVE-2025-10910/

Published: December 18, 2025 10:55

Authorization Bypass Through User-Controlled Key vulnerability (CVE-2025-10910) has been found in Govee devices with cloud connectivity firmware.

Vulnerabilities in WaveStore Server software

https://cert.pl/en/posts/2025/12/CVE-2025-65074/

Published: December 16, 2025 10:55

CERT Polska has received a report about 3 vulnerabilities (from CVE-2025-65074 to CVE-2025-65076) found in WaveStore Server software.

Vulnerability in Simple SA Wirtualna Uczelnia software

https://cert.pl/en/posts/2025/11/CVE-2025-12140/

Published: November 27, 2025 13:40

Remote Code Execution vulnerability (CVE-2025-12140) has been found in Wirtualna Uczelnia software.

Vulnerabilities in SOPlanning software

https://cert.pl/en/posts/2025/11/CVE-2025-62293/

Published: November 20, 2025 10:55

CERT Polska has received a report about 8 vulnerabilities (from CVE-2025-62293 to 62297 and from 2025-62729 to CVE-2025-62731) found in SOPlanning software.

Vulnerability in Times Software E-Payroll software

https://cert.pl/en/posts/2025/11/CVE-2025-9977/

Published: November 18, 2025 13:55

An improper neutralization of input data has been detected in Times Software E-Payroll, resulting in the possibility of a DoS attack and (potentially) SQL Injection (CVE-2025-9977).

Vulnerabilities in Windu CMS software

https://cert.pl/en/posts/2025/11/CVE-2025-59110/

Published: November 18, 2025 10:55

CERT Polska has received a report about 8 vulnerabilities (from CVE-2025-59110 to CVE-2025-59117) found in Windu CMS software.

Vulnerabilities in OpenSolution QuickCMS software

https://cert.pl/en/posts/2025/11/CVE-2025-9982/

Published: November 14, 2025 10:55

CERT Polska has received a report about 2 vulnerabilities (CVE-2025-9982 and CVE-2025-10018) found in OpenSolution QuickCMS software.

Analysis of NGate malware campaign (NFC relay)

https://cert.pl/en/posts/2025/11/analiza-ngate/

Published: November 3, 2025 09:37

CERT Polska has observed new samples of mobile malware in recent months associated with an NFC Relay (NGate) attack targeting users of Polish banks.

Vulnerability in OpenSolution Quick.Cart software

https://cert.pl/en/posts/2025/10/CVE-2025-10317/

Published: October 30, 2025 10:55

Cross-Site Request Forgery (CSRF) vulnerability (CVE-2025-10317) has been found in OpenSolution Quick.Cart software.

Vulnerability in Asseco Poland mMedica software

https://cert.pl/en/posts/2025/10/CVE-2025-9313/

Published: October 28, 2025 10:55

Authentication Bypass Using an Alternate Path or Channel vulnerability (CVE-2025-9313) has been found in Asseco mMedica software.

Vulnerabilities in OpenSolution QuickCMS software

https://cert.pl/en/posts/2025/10/CVE-2025-9980/

Published: October 23, 2025 10:55

CERT Polska has received a report about 2 vulnerabilities (from CVE-2025-9980 to CVE-2025-9981) found in OpenSolution QuickCMS software.

Vulnerabilities in firmware of Vilar VS-IPC1002 IP cameras

https://cert.pl/en/posts/2025/10/CVE-2025-53701/

Published: October 23, 2025 10:55

CERT Polska has received a report about 2 vulnerabilities (CVE-2025-53701 and CVE-2025-53702) found in Vilar VS-IPC1002 software.

Vulnerabilities in PAD CMS software

https://cert.pl/en/posts/2025/09/CVE-2025-7063/

Published: September 30, 2025 10:55

CERT Polska has coordinated disclousure of 9 vulnerabilities (CVE-2025-7063, CVE-2025-7065 and from CVE-2025-8116 to CVE-2025-8122) found in PAD CMS software.

Vulnerability in GALAYOU G2 software

https://cert.pl/en/posts/2025/09/CVE-2025-9983/

Published: September 22, 2025 10:55

Missing Authentication for Critical Function vulnerability (CVE-2025-9983) has been found in GALAYOU G2 software.

Vulnerabilities in Sparkle software

https://cert.pl/en/posts/2025/09/CVE-2025-10015/

Published: September 16, 2025 10:55

CERT Polska has received a report about 2 vulnerabilities (CVE-2025-10015 and CVE-2025-10016) found in Sparkle software.

Vulnerability in Concept Intermedia GOV CMS software

https://cert.pl/en/posts/2025/09/CVE-2025-7385/

Published: September 4, 2025 12:55

SQL Injection vulnerability (CVE-2025-7385) has been found in Concept Intermedia GOV CMS software.

Vulnerabilities in OpenSolution QuickCMS software

https://cert.pl/en/posts/2025/08/CVE-2025-54540/

Published: August 28, 2025 10:55

CERT Polska has received a report about 6 vulnerabilities (from CVE-2025-54540 to CVE-2025-55175) found in OpenSolution QuickCMS software.

Vulnerabilities in CGM CLININET software

https://cert.pl/en/posts/2025/08/CVE-2025-2313/

Published: August 27, 2025 10:55

CERT Polska has received a report about 17 vulnerabilities (between CVE-2025-2313 and CVE-2025-30064) found in CGM CLININET software.

Vulnerabilities in OpenSolution Quick.CMS and Quick.CMS.Ext software

https://cert.pl/en/posts/2025/08/CVE-2025-54172/

Published: August 20, 2025 11:00

CERT Polska has received a report about 3 vulnerabilities (CVE-2025-54172, CVE-2025-54174 and CVE-2025-54175) found in OpenSolution Quick.CMS and Quick.CMS.Ext software.

Vulnerability in Akcess-Net Lepszy BIP software

https://cert.pl/en/posts/2025/08/CVE-2025-7761/

Published: August 14, 2025 10:55

Cross-site Scripting (XSS) vulnerability (CVE-2025-7761) has been found in Akcess-Net Lepszy BIP software.

TCC Bypass vulnerabilities in six applications for MacOS

https://cert.pl/en/posts/2025/08/tcc-bypass/

Published: August 11, 2025 14:00

TCC Bypass vulnerabilities has been found in GIMP (CVE-2025-8672), Mosh-Pro (CVE-2025-53811), Cursor (CVE-2025-9190), MacVim (CVE-2025-8597), Nozbe (CVE-2025-53813) and Invoice Ninja (CVE-2025-8700) applications for MacOS.

Vulnerability in TSplus Remote Access software

https://cert.pl/en/posts/2025/07/CVE-2025-5922/

Published: July 29, 2025 14:00

Insufficiently Protected Credentials vulnerability (CVE-2025-5922) has been found in TSplus Remote Access software.

Vulnerability in FARA software

https://cert.pl/en/posts/2025/07/CVE-2025-4049/

Published: July 21, 2025 09:00

CERT Polska has received a report about Hard-coded Credentials vulnerability (CVE-2025-4049) found in SIGNUM-NET FARA software.

Vulnerabilities in applications preloaded on Bluebird smartphones

https://cert.pl/en/posts/2025/07/CVE-2025-5344/

Published: July 17, 2025 10:55

CERT Polska has received a report about 3 vulnerabilities (from CVE-2025-5344 to CVE-2025-5346) found in applications preloaded on Bluebird smartphones.

TCC Bypass vulnerabilities in two macOS applications

https://cert.pl/en/posts/2025/06/tcc-bypass/

Published: June 20, 2025 10:55

TCC Bypass vulnerability has been found in two macOS applications: Phoneix Code (CVE-2025-5255), Postbox (CVE-2025-5963).

UNC1151 exploiting Roundcube to steal user credentials in a spearphishing campaign

https://cert.pl/en/posts/2025/06/unc1151-campaign-roundcube/

Published: June 5, 2025 12:00

CERT Polska is observing a malicious email campaign conducted by the UNC1151 group against Polish entities, exploiting a vulnerability in the Roundcube software.

Vulnerabilities in applications preloaded on Ulefone and Krüger&Matz smartphones

https://cert.pl/en/posts/2025/05/CVE-2024-13915/

Published: May 30, 2025 15:00

CERT Polska has received a report about 3 vulnerabilities (from CVE-2024-13915 to CVE-2024-13917) found in applications preloaded on Ulefone and Krüger&Matz smartphones.

TCC Bypass vulnerabilities in three macOS applications

https://cert.pl/en/posts/2025/05/tcc-bypass/

Published: May 29, 2025 10:55

TCC Bypass vulnerability has been found in three macOS applications: Poedit (CVE-2025-4280), Viscosity (CVE-2025-4412), DaVinci Resolve (CVE-2025-4081)

Vulnerability in Be-Tech Mifare Classic cards software

https://cert.pl/en/posts/2025/05/CVE-2025-4053/

Published: May 26, 2025 11:00

Cleartext Storage of Sensitive Information vulnerability (CVE-2025-4053) has been found in Be-Tech Mifare Classic cards software.

Vulnerability in Studio Fabryka DobryCMS software

https://cert.pl/en/posts/2025/05/CVE-2025-4379/

Published: May 23, 2025 10:55

Cross-site Scripting (XSS) vulnerability (CVE-2025-4379) has been found in Studio Fabryka DobryCMS software.

Three vulnerabilities in MegaBIP software

https://cert.pl/en/posts/2025/05/CVE-2025-3893/

Published: May 23, 2025 09:00

CERT Polska has received a report about 3 vulnerabilities (from CVE-2025-3893 to CVE-2025-3895) found in MegaBIP software.

Multiple vulnerabilities in Proget software

https://cert.pl/en/posts/2025/05/CVE-2025-1415/

Published: May 21, 2025 11:00

CERT Polska has received a report about 7 vulnerabilities (from CVE-2025-1415 to CVE-2025-1421) found in Proget software.

Vulnerabilities in Netis Systems WF2220 software

https://cert.pl/en/posts/2025/05/CVE-2025-3758/

Published: May 8, 2025 11:00

CERT Polska has received a report about 2 vulnerabilities (CVE-2025-3758 and CVE-2025-3759) found in Netis Systems WF2220 software.

Vulnerabilities in Symfonia Ready_ software

https://cert.pl/en/posts/2025/04/CVE-2025-1980/

Published: April 16, 2025 14:00

CERT Polska has received a report about 4 vulnerabilities (from CVE-2025-1980 to CVE-2025-1983) found in Symfonia Ready_ software.

Vulnerabilities in SoftCOM iKSORIS software

https://cert.pl/en/posts/2025/04/CVE-2024-10087/

Published: April 14, 2025 11:00

CERT Polska has received a report about 11 vulnerabilities found in Internet Starter module of SoftCOM iKSORIS software.

Annual report from the actions of CERT Polska 2024

https://cert.pl/en/posts/2025/04/annual-report-2024/

Published: April 3, 2025 10:40

Another year of CERT Polska’s activities is behind us. An absolutely record-breaking year, if we take into account practically all the statistics cited in our previous reports. Behind these numbers is the daily work of experts who care for the safety of…

Meta is not adequately meeting the demands of CERT Polska

https://cert.pl/en/posts/2025/03/evaluation-of-expectations-towards-meta/

Published: March 31, 2025 12:45

The problem of scammers exploiting social media platforms continues to persist. Meta has yet to fulfill all the recommendations made last year by experts from the CERT Polska team at NASK, which were intended to enhance the safety of Polish social media…

Two vulnerabilities in Streamsoft Prestiż software

https://cert.pl/en/posts/2025/03/CVE-2024-7407/

Published: March 28, 2025 11:00

CERT Polska has received a report about 2 vulnerabilities (CVE-2024-11504 and CVE-2024-7407) found in Streamsoft Prestiż software.

Vulnerability in Fast CAD Reader application

https://cert.pl/en/posts/2025/03/CVE-2025-2098/

Published: March 26, 2025 15:00

Incorrect Privilege Assignment vulnerability (CVE-2025-2098) has been found in Fast CAD Reader (Beijing Honghu Yuntu Technology) application.

Vulnerability in OXARI ServiceDesk software

https://cert.pl/en/posts/2025/03/CVE-2025-1542/

Published: March 26, 2025 11:00

Incorrect Authorization vulnerability (CVE-2025-1542) has been found in Infonet Projekt SA OXARI ServiceDesk software.

Vulnerabilities in SIMPLE.ERP software

https://cert.pl/en/posts/2025/03/CVE-2024-8773/

Published: March 24, 2025 11:00

CERT Polska has received a report about 2 vulnerabilities (CVE-2024-8773 and CVE-2024-8774) found in SIMPLE.ERP software.

Vulnerability in NASK-PIB BotSense software

https://cert.pl/en/posts/2025/03/CVE-2025-1774/

Published: March 17, 2025 15:00

Improper Neutralization of Value Delimiters vulnerability (CVE-2025-1774) has been found in NASK - PIB BotSense software.

Vulnerabilities in Smartwares cameras

https://cert.pl/en/posts/2025/03/CVE-2024-13892/

Published: March 6, 2025 11:00

CERT Polska has received a report about 3 vulnerabilities (from CVE-2024-13892 to CVE-2024-13894) found in Smartwares cameras.

Vulnerabilities in CyberArk Endpoint Privilege Manager software

https://cert.pl/en/posts/2025/02/CVE-2025-22270/

Published: February 28, 2025 12:00

CERT Polska has received a report about 5 vulnerabilities (from CVE-2025-22270 to CVE-2025-22274) found in CyberArk Endpoint Privilege Manager software.

Vulnerability in DaVinci Resolve application

https://cert.pl/en/posts/2025/02/CVE-2025-1413/

Published: February 28, 2025 11:00

Incorrect Privilege Assignment vulnerability (CVE-2025-1413) has been found in DaVinci Resolve application.

~ 3 additional posts are not shown ~