CERT Polska has received a report about 3 vulnerabilities (CVE-2025-54172, CVE-2025-54174 and CVE-2025-54175) found in OpenSolution Quick.CMS and Quick.CMS.Ext software.

Cross-site Scripting (XSS) vulnerability (CVE-2025-7761) has been found in Akcess-Net Lepszy BIP software.

TCC Bypass vulnerabilities has been found in GIMP (CVE-2025-8672), Mosh-Pro (CVE-2025-53811), Cursor (CVE-2025-9190), MacVim (CVE-2025-8597), Nozbe (CVE-2025-53813) and Invoice Ninja (CVE-2025-8700) applications for MacOS.

Incorrect Authorization vulnerability (CVE-2025-8533) has been found in Flexibits Fantastical software.

Insufficiently Protected Credentials vulnerability (CVE-2025-5922) has been found in TSplus Remote Access software.

CERT Polska has received a report about Hard-coded Credentials vulnerability (CVE-2025-4049) found in SIGNUM-NET FARA software.

CERT Polska has received a report about 3 vulnerabilities (from CVE-2025-5344 to CVE-2025-5346) found in applications preloaded on Bluebird smartphones.

Use of Hard-coded Password vulnerability (CVE-2025-3920) has been found in SUR-FBD CMMS software.

TCC Bypass vulnerability has been found in two macOS applications: Phoneix Code (CVE-2025-5255), Postbox (CVE-2025-5963).

CERT Polska is observing a malicious email campaign conducted by the UNC1151 group against Polish entities, exploiting a vulnerability in the Roundcube software.