Security Vulnerabilities
libcsp 2.0 is vulnerable to Buffer Overflow in the csp_eth_init() function due to improper handling of the ifname parameter. The function uses strcpy to copy the interface name into a structure member (ctx->name) without validating the input length.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-08-11
libcsp 2.0 is vulnerable to Buffer Overflow in the csp_usart_open() function at drivers/usart/zephyr.c.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-08-11
A vulnerability was identified in code-projects eBlog Site 1.0. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-08-11
MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions
granted by the user to the main application bundle. An attacker with local user access can
invoke this interpreter with arbitrary commands or scripts, leveraging the
application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of GIMP, potentially disguising attacker's malicious intent.
This issue has been fixed in 3.1.4.2 version of GIMP.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-08-11
A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-08-11
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-08-11
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-08-11
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-08-11
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-08-11
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-08-11