GHSA-pfr9-2p92-qrhq: Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function

GHSA-jqfv-jrvq-95jm: Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability

GHSA-9722-9j67-vjcr: Improper Authorization in Select Permissions

GHSA-qjrv-v6qp-x99x: SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings

GHSA-f3cx-396f-7jqp: Livewire Remote Code Execution on File Uploads

### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-5h9g-x5rv-25wg. This link is maintained to preserve external references.

### Original Description
TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.


**Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE plugins**

Moderate severity GitHub Reviewed Published Jan 3, 2024 to the GitHub Advisory Database • Updated Jan 3, 2024

Headline

GHSA-wxj2-777f-vxmf: Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE plugins

Duplicate Advisory

Original Description

ghsa: Latest News