CERT Polska has received a report about 5 vulnerabilities (from CVE-2025-22270 to CVE-2025-22274) found in CyberArk Endpoint Privilege Manager software.

Incorrect Privilege Assignment vulnerability (CVE-2025-1413) has been found in DaVinci Resolve application.

Privilege escalation vulnerability (CVE-2024-9150) has been found in Wyn Enterprise software.

Command Injection vulnerability has been found in Arc53 DocsGPT software (CVE-2025-0868).

Stored XSS (Cross-site Scripting) vulnerability has been found in authentik software.

XSS (Cross-site Scripting) vulnerability has been found in Eura7 CMSmanager software (CVE-2024-11348).

The Dangerous websites Warning List will soon be five years old. Over this time it stopped millions of attempts to connect to malicious domains and has become our most effective tool in the fight against phishing websites.

XSS (Cross-site Scripting) vulnerability has been found in Kentico CMS software (CVE-2024-12907).

CERT Polska has received a report about 2 vulnerabilities (CVE-2024-11716 and CVE-2024-11717) found in CTFd software.

Vulnerability CVE-2024-12993 allowing revealing the user’s location has been found in Infinix Mobile com.rlk.weathers application.