Stack-based buffer overflow in Wincor Nixdorf PORT IO Driver versions up to 1.0.0.1 allows local authenticated attackers with low privileges to achieve arbitrary code execution with kernel-level permissions. The vulnerability exists in the sub_11100 function of the wnport.sys kernel driver's IOCTL handler. Public exploit code is available (CVSS E:P). Vendor has released version 3.0.0.1 to address this issue. EPSS data not available, not listed in CISA KEV, suggesting targeted rather than widespread exploitation despite public POC.
Server-Side Request Forgery in Gutenberg Essential Blocks plugin for WordPress allows authenticated attackers with Author-level or higher privileges to make arbitrary web requests originating from the vulnerable server via the eb_save_ai_generated_image function, enabling reconnaissance and manipulation of internal services. Affects all versions up to 5.7.1 with CVSS 6.4 severity; no active KEV status or public exploit code confirmed at time of analysis.