During its own research, CERT Polska has found 3 critical vulnerabilities (CVE-2024-1576, CVE-2024-1577 and CVE-2024-1659) in MegaBIP software.

Vulnerabilities have been detected in the Eurosoft Przychodnia, drEryk Gabinet and SimpleCare software, involving the use of the same, hard-coded password for the database. The vulnerabilities were assigned identifiers CVE-2024-1228, CVE-2024-3699 and CVE-2024-3700.

Reflected XSS vulnerability (CVE-2024-3579) has been found in Online Shopping System Advanced open-source project.

Authentication Bypass by Assumed-Immutable Data vulnerability (CVE-2024-3462) has been found in Ant Media Server (Community Edition) software.

CERT Poland has received a report about 3 vulnerabilities (from CVE-2024-4423 to CVE-2024-4425) found in CemiPark software.

CERT Poland has received a report about 3 vulnerabilities (CVE-2024-3459, CVE-2024-3460 and CVE-2024-3461) found in Kioware for Windows software.

CERT Polska is observing a malicious e-mail campaign targeting Polish government institutions conducted by the APT28 group.

Improper Input Validation vulnerability (CVE-2024-3955) has been found in PiBrewing CraftBeerPi 4 software.

Improper Access Control vulnerability (CVE-2024-2759) has been found in Apaczka plugin for PrestaShop.

CERT Poland has received a report about three vulnerabilities (from CVE-2024-2463 to CVE-2024-2465) found in CDeX software.