CERT Poland has received a report about a vulnerability in the CoolKit Technology eWeLink mobile application (Android & iOS) and assigned it the number CVE-2023-6998.

Stored XSS vulnerability has been found in SmodBIP and MegaBIP software (CVE-2023-5378).

CERT Polska, Polish Military Counterintelligence Service (SKW), and external partners assess Russian Foreign Intelligence Service (SVR) cyber actors, also known as APT 29, the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard, are exploiting CVE-2023-42793 at a large scale.

Reflected XSS vulnerability (CVE-2023-4932) has been found in SAS 9.4 software.

CERT Poland has received a report about vulnerability in the Apereo CAS software and assigned it the number CVE-2023-4612.

Cross-Site Request Forgery vulnerability has been found in SmodBIP software (CVE-2023-4837).

CERT Poland has received a report about vulnerability in the UptimeDC software and assigned it the number CVE-2023-4997.

CERT Poland has received a report about vulnerability in the lua-http Library and assigned it the number CVE-2023-4540.

From the beginning of August, CERT Polska, as the only institution in Poland and one of 7 CERTs in Europe, can assign CVE numbers, which are used to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.