Authorization bypass vulnerability (CVE-2025-13822) has been found in MCPHub project.

CERT Polska has received a report about 3 vulnerabilities (CVE-2026-4901, CVE-2026-34184, CVE-2026-34185) found in Hydrosystem Control System software.

Another year of CERT Polska’s activities is behind us. It was a special one, as it marked the end of the third decade of our operations – we are celebrating our 30th anniversary! The year 2025 was a time full of challenges, growth, and a comprehensive approach to shaping cybersecurity – from proactive threat detection, through handling reports and responding to incidents, to sharing knowledge and building public awareness.

CERT Polska has received a report about 2 vulnerabilities (CVE-2026-33865, CVE-2026-33866) found in Mlflow software.

CERT Polska has received a report about a Stored Cross-site Scripting vulnerability found in Bludit software.

CERT Polska has received a report about 2 vulnerabilities (CVE-2026-26927, CVE-2026-26928) found in Szafir software.

Use of Hard-coded Credentials vulnerability (CVE-2026-1612) has been found in Robolinho Update Software.

CERT Polska has received a report about 3 vulnerabilities (from CVE-2026-25099 to CVE-2026-25101) found in Bludit software.

Use of Hard-coded Credentials vulnerability (CVE-2026-1958) has been found in KlinikaXP and KlinikaXP Insertino software.

Cross-site Scripting vulnerability (CVE-2025-12518) has been found in Befree SDK software.