Cross-site Scripting vulnerability (CVE-2026-4313) has been found in AdaptiveGRC software.

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability (CVE-2026-5958) has been found in GNU sed software.

Incorrect Authorization vulnerability (CVE-2025-13480) has been found in Fudo Enterprise software.

CERT Polska has received a report about 2 vulnerabilities (CVE-2026-40458, CVE-2026-40459) found in PAC4J software.

Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-5131) has been found in GREENmod software.

Authorization bypass vulnerability (CVE-2025-13822) has been found in MCPHub project.

CERT Polska has received a report about 3 vulnerabilities (CVE-2026-4901, CVE-2026-34184, CVE-2026-34185) found in Hydrosystem Control System software.

Another year of CERT Polska’s activities is behind us. It was a special one, as it marked the end of the third decade of our operations – we are celebrating our 30th anniversary! The year 2025 was a time full of challenges, growth, and a comprehensive approach to shaping cybersecurity – from proactive threat detection, through handling reports and responding to incidents, to sharing knowledge and building public awareness.

CERT Polska has received a report about 2 vulnerabilities (CVE-2026-33865, CVE-2026-33866) found in Mlflow software.

CERT Polska has received a report about a Stored Cross-site Scripting vulnerability found in Bludit software.