XSS (Cross-site Scripting) vulnerability (CVE-2024-10385) has been found in DirectAdmin Evolution Skin software.

Incorrect Authorization vulnerability (CVE-2023-4617) has been found in Govee Home mobile application on Android and iOS.

CERT Polska has received a report about 2 vulnerabilities ( CVE-2024-4995 and CVE-2024-4996) found in Wapro ERP Desktop software from Asseco Business Solutions.

CERT Polska has received a report about 2 XSS (Cross-site Scripting) vulnerabilities (CVE-2024-7874 and CVE-2024-7875) found in Tungsten Automation (formerly Kofax) TotalAgility software.

Improper Verification of Intent by Broadcast Receiver vulnerability (CVE-2024-10576) allowing unauthorized factory reset has been found in Infinix Mobile preloaded application com.transsion.agingfunction.

Fraudsters on social media lure users with fake ads promising easy money from celebrities or insider access to government investment programs. These advertisements lead to harmful websites designed to trick or exploit users.

Path Traversal vulnerability (CVE-2024-11136) has been found in TCL Camera software.

Reflected XSS vulnerability (CVE-2024-7124) has been found in Poznan Supercomputing and Networking Center's DInGO dLibra software.

Privilege escalation vulnerability (CVE-2023-42133) has been found in PAX Android based POS terminals.

Resource Injection vulnerability (CVE-2024-6051) has been found in Vercom S.A. Redlink SDK.