GHSA-7p9f-6x8j-gxxp: CRI-O: Maliciously structured checkpoint file can gain arbitrary node access

GHSA-hh33-46q4-hwm2: Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion

GHSA-rmv2-8jjc-23xw: TCPDF Local File Inclusion vulnerability

GHSA-w5rq-g9r6-vrcg: @dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling

GHSA-q4xm-6fjc-5f6w: sigstore-java has vulnerability with bundle verification

### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-5h9g-x5rv-25wg. This link is maintained to preserve external references.

### Original Description
TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.

**Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE**

Moderate severity GitHub Reviewed Published Jan 3, 2024 to the GitHub Advisory Database • Updated Jan 3, 2024

Headline

GHSA-q5pp-5q2h-g8rv: Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE

Duplicate Advisory

Original Description

ghsa: Latest News