CVE-2026-32859 ByteDance DeerFlow Stored XSS via Inline Artifact Rendering

ByteDance DeerFlow versions prior to commit 5dbb362 contain a stored cross-site scripting vulnerability in the artifacts API that allows attackers to execute arbitrary scripts by uploading malicious HTML or script content as artifacts. Attackers can store malicious content that executes in the...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add new repository proxy connectors via the token parameter to admin/addProxyConnectorcommit.action, 2 new...