-
TCC Bypass vulnerabilities in two macOS applications
TCC Bypass vulnerability has been found in two macOS applications: Phoneix Code (CVE-2025-5255), Postbox (CVE-2025-5963).
Read more -
UNC1151 exploiting Roundcube to steal user credentials in a spearphishing campaign
CERT Polska is observing a malicious email campaign conducted by the UNC1151 group against Polish entities, exploiting a vulnerability in the Roundcube software.
Read more -
Vulnerability in 2ClickPortal software
SQL Injection vulnerability (CVE-2025-4568) has been found in 2ClickPortal software.
Read more -
Vulnerabilities in applications preloaded on Ulefone and Krüger&Matz smartphones
CERT Polska has received a report about 3 vulnerabilities (from CVE-2024-13915 to CVE-2024-13917) found in applications preloaded on Ulefone and Krüger&Matz smartphones.
Read more -
TCC Bypass vulnerabilities in three macOS applications
TCC Bypass vulnerability has been found in three macOS applications: Poedit (CVE-2025-4280), Viscosity (CVE-2025-4412), DaVinci Resolve (CVE-2025-4081)
Read more -
Vulnerability in hackney open-source project
Incorrect connection releasing causing pool exhaustion (CVE-2025-3864) has been found in hackney software.
Read more -
Vulnerability in Be-Tech Mifare Classic cards software
Cleartext Storage of Sensitive Information vulnerability (CVE-2025-4053) has been found in Be-Tech Mifare Classic cards software.
Read more -
Vulnerability in Studio Fabryka DobryCMS software
Cross-site Scripting (XSS) vulnerability (CVE-2025-4379) has been found in Studio Fabryka DobryCMS software.
Read more -
Three vulnerabilities in MegaBIP software
CERT Polska has received a report about 3 vulnerabilities (from CVE-2025-3893 to CVE-2025-3895) found in MegaBIP software.
Read more -
Multiple vulnerabilities in Proget software
CERT Polska has received a report about 7 vulnerabilities (from CVE-2025-1415 to CVE-2025-1421) found in Proget software.
Read more