GHSA-W7RV-GFP4-J9J3 Slippers Vulnerable to Cross-Site Scripting (XSS) in `attrs` Template Tag

Summary A Cross-site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML attribute string without escaping, allowing an attacker to break o...

Cross-site Scripting (XSS)

Overview slippers is a Build reusable components in Django without writing a single line of Python. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the attrstring function of the % attrs % template tag, which fails to escape user-supplied values interpolated into...

CVE-2025-64183

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-after-free in PyObjectStealAttrString of pyOpenEXRold.cpp...

CVE-2025-64183

OpenEXR vulnerability CVE-2025-64183 affects the Python exposure PyOpenEXR_old.cpp: a use-after-free in PyObject_StealAttrString when retrieving attributes via PyObject_GetAttrString, returning a dangling PyObject*. This can be triggered in various reads (e.g., PixelType.v, Box2i, V2f) and is exp...

CVE-2025-64183 OpenEXR has use after free in PyObject_StealAttrString

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-after-free in PyObjectStealAttrString of pyOpenEXRold.cpp...

security flaw

The printattrstring function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service segmentation fault via a RADIUS attribute with a large length value...