Industrial

Privilege escalation in ExactMetrics WordPress plugin versions 7.1.0-9.0.2 allows authenticated users with the `exactmetrics_save_settings` capability to modify any plugin configuration without restrictions, potentially escalating themselves to administrative access. An attacker could exploit the missing input validation in the `update_settings()` function to grant plugin permissions to arbitrary user roles, including subscribers, effectively bypassing intended access controls. No patch is currently available for this vulnerability.

Arbitrary plugin installation and remote code execution in ExactMetrics WordPress plugin versions 8.6.0-9.0.2 allows authenticated users with report-viewing permissions to bypass administrative capability checks via parameter manipulation. An attacker can exploit an Insecure Direct Object Reference in the onboarding process to install malicious plugins and execute arbitrary code on vulnerable WordPress installations. This vulnerability requires the site administrator to have previously granted non-admin users report access permissions.

Unauthenticated REST endpoint in Datalogics Ecommerce Delivery WordPress plugin before 2.6.60.

rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities.

Local privilege escalation in Microsoft Graphics Component on Windows Server 2016 and Windows 11 23h2 stems from improper synchronization of shared resources, enabling authenticated attackers to gain elevated privileges. The race condition vulnerability requires local access and specific timing conditions but carries high impact potential across confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

SAP Customer Checkout stores operational data with weak encryption that can be accessed and modified by authenticated users with high privileges through local interaction, potentially compromising confidentiality and integrity of application behavior. This vulnerability requires physical access and user interaction but carries no availability impact, affecting SAP industrial deployment environments where no patch is currently available.

The Booktics plugin for WordPress versions up to 1.0.16 lacks proper permission validation in its Extension_Controller function, allowing unauthenticated attackers to install arbitrary addon plugins and modify site data. This network-accessible vulnerability affects WordPress installations using the vulnerable plugin without requiring user interaction. No patch is currently available for this medium-severity vulnerability.

Booktic versions up to 1.0.16. is affected by missing authentication for critical function (CVSS 5.3).

IBM Planning Analytics Advanced Certified Containers 3.1.0 versions up to 3.1.4 contains a vulnerability that allows attackers to a local privileged user to obtain sensitive information from environment variabl (CVSS 4.4).

Hitachi Vantara Pentaho has a missing authorization vulnerability enabling unauthorized access to data integration and analytics functions.

Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability. [CVSS 7.5 HIGH]

Stack-based buffer overflow in Delta Electronics COMMGR2 communication management software. ICS vulnerability enabling remote code execution on industrial communication gateways.

Openclaw versions up to 2026.2.14 is affected by authorization bypass through user-controlled key (CVSS 7.5).

Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.4 MEDIUM]

ThemeREX MCKinney's Politics plugin versions up to 1.2.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files on affected servers. The flaw stems from improper validation of file paths in PHP include/require statements, enabling attackers to access sensitive configuration files and potentially execute code. No patch is currently available for this vulnerability.

ThemeREX Global Logistics versions 3.20 and earlier are vulnerable to local file inclusion through improper handling of file paths in PHP include/require statements, enabling attackers to read arbitrary files from the affected system. The vulnerability requires network access but no authentication, and an attacker could leverage this to access sensitive configuration files or application source code. No patch is currently available for this issue.

Arbitrary code execution in Delta Electronics CNCSoft-G2 occurs when the application fails to properly validate user-supplied files, allowing an attacker to execute malicious code by tricking a user into opening a crafted file. This local vulnerability affects industrial environments running CNCSoft-G2 and requires user interaction to exploit. No patch is currently available.

wpForo Forum 2.4.14 fails to properly enforce access controls on its RSS feed endpoint, enabling unauthenticated attackers to enumerate and access private or unapproved forum topics. By omitting the forum ID parameter in RSS feed requests, attackers bypass privacy filters that would normally restrict visibility of sensitive content. This information disclosure vulnerability affects forum administrators and users who rely on topic privacy settings to protect sensitive discussions.

wpForo Forum 2.4.14 fails to properly authorize topic management operations, allowing authenticated users to move, merge, or split any forum topic regardless of their moderator status. Attackers with valid subscriber accounts can reorganize forum content and relocate discussions to restricted areas without appropriate permissions. No patch is currently available for this medium-severity vulnerability.

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users can publish topics into staff-only categories via the `publish_to_category` topic timer, bypassing authorization checks. [CVSS 2.7 LOW]

Umbraco Engage versions prior to 16.2.1 and 17.1.1 expose unauthenticated API endpoints that lack access control, allowing remote attackers to retrieve sensitive data by directly querying endpoints with arbitrary identifier parameters. An attacker can enumerate records at scale without authentication or valid session credentials, potentially exposing confidential business intelligence information. No patch is currently available for affected installations.

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the `move_posts` action only checked `can_move_posts?` on the source topic but never validated write permissions on the destination topic. [CVSS 2.7 LOW]

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users are able to close, archive and pin topics in private categories they don't have access to. [CVSS 2.7 LOW]

Wasmtime's HTTP header handling in the wasmtime-wasi-http crate crashes when processing excessive header fields, allowing remote attackers to trigger denial of service against applications embedding Wasmtime. The vulnerability affects versions prior to 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0, and has been patched to return a controlled trap instead of panicking. Embedders should update immediately to mitigate this DoS vector.

Wasmtime versions 39.0.0 and later experience a denial-of-service panic when async WebAssembly component functions are called and then abandoned by the host before completion, such as when the Future is dropped after a single poll during an async yield. This affects applications using Wasmtime's component model with async support, allowing an attacker to crash the runtime through specially crafted async function invocations. A patch is available to address this stability issue.

free5GC SMF versions up to 1.4.1 crash when receiving malformed PFCP SessionReportRequest packets on UDP port 8805, allowing unauthenticated remote attackers to cause denial of service. Public exploit code exists for this vulnerability, and no official patch is currently available, requiring organizations to implement network-level mitigations such as ACL restrictions or PFCP message inspection.

free5GC SMF versions up to 1.4.1 crash when processing malformed PFCP SessionReportRequest messages on the UDP/8805 interface, allowing unauthenticated remote attackers to cause denial of service. Public exploit code exists for this vulnerability, and no upstream patch is currently available. Organizations running affected SMF instances should restrict PFCP interface access to trusted UPF nodes and implement network-level filtering of malformed requests.

free5GC SMF versions up to 1.4.1 crash when processing malformed PFCP SessionReportRequest messages on the PFCP interface, allowing unauthenticated remote attackers to cause denial of service via nil pointer dereference. Public exploit code exists for this vulnerability and no upstream patch is currently available. Network operators should restrict PFCP interface access to trusted UPF sources and consider implementing message validation at network boundaries.

Metabase versions prior to 0.57.13 and 0.58.x through 0.58.6 allow authenticated users to extract sensitive data including database credentials through template injection in the notification system. An attacker with low privileges can exploit unsafe template evaluation to retrieve confidential information and expose database access credentials. A patch is available in versions 0.57.13 and 0.58.7, or administrators can disable notifications as a temporary mitigation.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Reflected XSS.This issue affects Slimstat Analytics: from n/a through <= 5.3.2. [CVSS 7.1 HIGH]

Passionate Brains Advanced WC Analytics advance-wc-analytics is affected by missing authorization (CVSS 6.5).

Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through <= 2.10.0. [CVSS 6.5 MEDIUM]

SQL injection in Kolay Software Talentics.

MeCODE Informatics and Engineering Services Ltd. Envanty is affected by authorization bypass through user-controlled key (CVSS 7.3).

Scraparr versions 3.0.0-beta through 3.0.1 expose Readarr API keys in plaintext through the /metrics endpoint when the Readarr integration is enabled without a custom alias configured. An attacker with access to the publicly exposed /metrics endpoint can harvest valid API credentials to compromise an externally accessible Readarr instance. This vulnerability affects only deployments where Readarr scraping is enabled, no alias is set, and the metrics endpoint is accessible to untrusted users.

logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 is affected by path traversal (CVSS 5.3).

A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. [CVSS 8.1 HIGH]

A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. [CVSS 6.5 MEDIUM]

Authentication bypass via path traversal in ZBT WE2001 router's check_token function. EPSS 0.69% — crafted requests bypass authentication entirely. CVSS 10.0.

Improper input validation in AMD Graphics Driver could allow a local attacker to write out of bounds, potentially resulting in loss of integrity or denial of service.

Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution. [CVSS 8.8 HIGH]

The integer overflow vulnerability within AMD Graphics driver could allow an attacker to bypass size checks potentially resulting in a denial of service [CVSS 5.5 MEDIUM]

CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a specially crafted TGML graphics file to the EBO server from Workstation.

CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file.

The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up to, and including, 5.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 6.5 MEDIUM]

Privilege escalation in Microsoft Graphics Component on Windows 11 24H2 and Windows 10 21H2 exploits a heap buffer overflow to allow authenticated local attackers to gain system-level access. The vulnerability requires local access and user interaction is not required, presenting a significant risk in multi-user environments. No patch is currently available.

Privilege escalation in Microsoft Graphics Component via use-after-free memory corruption affects Windows Server 2019 and 2012, allowing authenticated local attackers to gain elevated system privileges with user interaction. The vulnerability poses a significant risk in industrial environments where Windows Server hosts critical infrastructure. No patch is currently available for this high-severity issue.

Improper conditions check in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable denial of service. [CVSS 2.8 LOW]

Incorrect default permissions for some Intel(R) Graphics Driver software within Ring 2: Privileged Process may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. [CVSS 6.7 MEDIUM]

Graphics Software versions up to 25.30.1702.0 contains a vulnerability that allows attackers to an escalation of privilege (CVSS 6.7).

The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is due to the plugin not properly verifying that a user is authorized to access the /popup/logs REST API endpoint. [CVSS 5.4 MEDIUM]

A security vulnerability has been detected in AprilRobotics apriltag versions up to 3.4.5. is affected by buffer overflow (CVSS 3.3).

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file.

UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]

Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]

Log Analysis versions 1.3.5.0 versions up to 1.3.8.3 is affected by cross-site request forgery (csrf) (CVSS 4.3).

At Internet Piano Analytics versions up to 1.0.1 is affected by cross-site scripting (xss) (CVSS 4.8).

In the Linux kernel, the following vulnerability has been resolved: timekeeping: Adjust the leap state for the correct auxiliary timekeeper When __do_ajdtimex() was introduced to handle adjtimex for any timekeeper, this reference to tk_core was not updated.

Karel Electronics Industry and Trade Inc. ViPort is affected by cross-site scripting (xss) (CVSS 8.8).

Improper input validation in GalaxyDiagnostic versions up to 3.5.050 contains a security vulnerability.

Kede Electronics IoT smart water meter monitoring platform v1.0 has a SQL injection allowing attackers to compromise the industrial monitoring database.

WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics contains a security vulnerability (CVSS 5.3).

Emit Informatics product has a SQL injection vulnerability allowing unauthenticated database compromise through unsanitized input parameters.

Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers. [CVSS 7.8 HIGH]

LobeHub is an open source human-and-AI-agent network. versions up to 1.143.3 contains a vulnerability that allows attackers to a discrepancy between actual resource consumption and billing calculations, caus.

TrustTunnel VPN protocol versions prior to 0.9.115 contain a rule bypass vulnerability where fragmented TLS ClientHello messages fail to extract the client random value, causing the rules engine to skip client_random_prefix matching conditions and allow traffic that should be blocked. Public exploit code exists for this medium-severity network-accessible vulnerability affecting Industrial and TrustTunnel products. A patch is available for affected versions.

bulk_extractor digital forensics tool starting from version 1.4 has a heap buffer overflow in its embedded unrar code that can be triggered by crafted RAR archives.

Discourse versions before 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allow moderators with insufficient permissions to convert private messages into public topics, potentially exposing sensitive user communications. The vulnerability affects any Discourse instance where untrusted moderators have access to moderation features. Site administrators can mitigate this by temporarily removing moderator privileges or disabling personal message access for moderator groups until patching to a fixed version.

node-tar before version 7.5.7 contains a path traversal vulnerability where inconsistent path resolution between validation and execution logic allows attackers to bypass security checks and create hardlinks to arbitrary files outside the intended extraction directory. Public exploit code exists for this vulnerability, affecting Node.js applications that process untrusted TAR archives. An attacker can craft a malicious TAR file to write to sensitive locations on the system.

vLLM before version 0.14.1 contains a server-side request forgery vulnerability in the MediaConnector class where inconsistent URL parsing between libraries allows attackers to bypass host restrictions and force the server to make arbitrary requests to internal network resources. Public exploit code exists for this vulnerability, which poses significant risk in containerized environments where a compromised vLLM instance could be leveraged to access restricted internal systems. The vulnerability affects users running vLLM's multimodal features with untrusted input.

dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allows attackers to overwrite memory by manipulating the milstd1553result.txt file. [CVSS 8.4 HIGH]

EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality.

Fleet device management software versions prior to 4.78.3 suffer from broken access control that permits any authenticated user, including low-privilege observers, to access debug and profiling endpoints. Attackers can leverage this vulnerability to extract sensitive server diagnostics, runtime profiling data, and application state, or trigger CPU-intensive operations resulting in denial of service. The vulnerability affects multiple Fleet versions and has patches available.

Business Intelligence versions up to 7.6.0.0.0 contains a vulnerability that allows attackers to unauthorized creation, deletion or modification access to critical data or all O (CVSS 7.1).

NotificationX plugin for WordPress versions up to 3.1.11 lacks proper authorization checks on REST API endpoints, allowing authenticated users with Contributor-level permissions to reset analytics data for any campaign regardless of ownership. This capability bypass enables low-privileged attackers to tamper with campaign analytics across the WordPress installation. The vulnerability affects WordPress deployments using the affected plugin versions, with no patch currently available.

A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. Fuzzing performed using Defensics causes the device to become unresponsive, requiring a reboot. [CVSS 7.5 HIGH]

SQL injection in Koko Analytics for WordPress prior to version 2.1.3 allows unauthenticated attackers to inject malicious SQL through the public tracking endpoint, which gets stored unescaped and executed when administrators export and reimport analytics data. Public exploit code exists for this vulnerability, enabling attackers to execute arbitrary SQL commands including database manipulation and potential data destruction. The vulnerability affects WordPress installations using vulnerable versions of the Koko Analytics plugin and requires administrator interaction with a malicious export file to fully exploit.

Use-after-free in QuickJS up to version 0.11.0 within the Atomics Ops Handler allows remote attackers to trigger memory corruption without authentication. Public exploit code exists for this vulnerability, enabling potential information disclosure or denial of service. A patch is available and should be applied immediately.

Stored XSS in the Integrate Dynamics 365 CRM WordPress plugin through version 1.1.1 allows authenticated administrators to inject malicious scripts into plugin settings due to inadequate input sanitization. An attacker with admin privileges can execute arbitrary JavaScript that runs whenever users access affected pages. No patch is currently available.

Delta Electronics DIAView has Command Injection vulnerability. [CVSS 7.8 HIGH]

Gotac's Statistics Database System lacks authentication controls on query functionality, enabling unauthenticated remote attackers to directly access and retrieve sensitive database contents. With a CVSS score of 7.5, this vulnerability poses a significant confidentiality risk to organizations running affected versions, and no patch is currently available.

Gotac's Statistics Database System is vulnerable to unauthenticated path traversal attacks that enable remote attackers to read arbitrary files from affected systems without authentication. The vulnerability affects industrial and statistics database deployments, allowing an attacker to download sensitive system files and potentially obtain confidential data. No patch is currently available for this high-severity vulnerability.

Gotac Police Statistics Database System allows unauthenticated arbitrary file upload, enabling remote attackers to upload web shells and achieve full server compromise.

Gotac's Police Statistics Database System contains a path traversal vulnerability that enables unauthenticated remote attackers to enumerate system directories and access sensitive files. The flaw affects industrial and law enforcement deployments with network accessibility, potentially exposing confidential database contents and system architecture details. No patch is currently available for this medium-severity vulnerability.

The Police Statistics Database System by Gotac has a missing authentication vulnerability allowing unauthenticated remote access to law enforcement statistical data.

Gotac's Police Statistics Database System is vulnerable to unauthenticated arbitrary file read attacks via absolute path traversal, enabling remote attackers to download sensitive system files without authentication. The vulnerability carries high severity (CVSS 7.5) with broad network accessibility and no user interaction required. No patch is currently available, leaving affected deployments at risk until remediation is released.

Delta Electronics DIAView has a missing authentication vulnerability that allows remote attackers to access critical functionality without credentials, potentially compromising SCADA monitoring.

Delta Electronics DIAView uses hard-coded cryptographic keys, allowing attackers to forge authentication tokens, decrypt sensitive data, or bypass security controls entirely.

RustCrypto CMOV before 0.4.4 emits non-constant-time assembly on ARM Cortex-M0/M0+/M1 targets. Cryptographic operations that rely on constant-time guarantees are broken on these embedded platforms. PoC available, patch available.

NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and denial of service. [CVSS 7.8 HIGH]