During its own research, CERT Polska has found another SQL Injection vulnerability (CVE-2024-6160) in MegaBIP software.

Stored XSS vulnerability (CVE-2024-5961) has been found in 2ClickPortal software.

During its own research, CERT Polska has found 3 critical vulnerabilities (CVE-2024-1576, CVE-2024-1577 and CVE-2024-1659) in MegaBIP software.

Vulnerabilities have been detected in the Eurosoft Przychodnia, drEryk Gabinet and SimpleCare software, involving the use of the same, hard-coded password for the database. The vulnerabilities were assigned identifiers CVE-2024-1228, CVE-2024-3699 and CVE-2024-3700.

Reflected XSS vulnerability (CVE-2024-3579) has been found in Online Shopping System Advanced open-source project.

Authentication Bypass by Assumed-Immutable Data vulnerability (CVE-2024-3462) has been found in Ant Media Server (Community Edition) software.

CERT Poland has received a report about 3 vulnerabilities (from CVE-2024-4423 to CVE-2024-4425) found in CemiPark software.

CERT Poland has received a report about 3 vulnerabilities (CVE-2024-3459, CVE-2024-3460 and CVE-2024-3461) found in Kioware for Windows software.

Improper Input Validation vulnerability (CVE-2024-3955) has been found in PiBrewing CraftBeerPi 4 software.

Improper Access Control vulnerability (CVE-2024-2759) has been found in Apaczka plugin for PrestaShop.