CERT Polska has received a report about 3 vulnerabilities (CVE-2025-54172, CVE-2025-54174 and CVE-2025-54175) found in OpenSolution Quick.CMS and Quick.CMS.Ext software.

Cross-site Scripting (XSS) vulnerability (CVE-2025-7761) has been found in Akcess-Net Lepszy BIP software.

TCC Bypass via Inherited Permissions in Bundled Python Interpreter has been found in GIMP software for MacOS (CVE-2025-8672).

Incorrect Authorization vulnerability (CVE-2025-8533) has been found in Flexibits Fantastical software.

Insufficiently Protected Credentials vulnerability (CVE-2025-5922) has been found in TSplus Remote Access software.

CERT Polska has received a report about Hard-coded Credentials vulnerability (CVE-2025-4049) found in SIGNUM-NET FARA software.

CERT Polska has received a report about 3 vulnerabilities (from CVE-2025-5344 to CVE-2025-5346) found in applications preloaded on Bluebird smartphones.

Use of Hard-coded Password vulnerability (CVE-2025-3920) has been found in SUR-FBD CMMS software.

TCC Bypass vulnerability has been found in two macOS applications: Phoneix Code (CVE-2025-5255), Postbox (CVE-2025-5963).

SQL Injection vulnerability (CVE-2025-4568) has been found in 2ClickPortal software.