0.0
CVE-2026-22832 -
Not used
0.0
CVE-2026-22836 -
Not used
0.0
CVE-2026-22829 -
Not used
0.0
CVE-2026-22830 -
Not used
0.0
CVE-2026-22831 -
Not used
8.1
CVE-2025-14279 - DNS Rebinding Vulnerability in mlflow/mlflow
MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An attaβ¦
8.7
CVE-2026-0855 - Merit LILINο½IP Camera - OS Command Injection
Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
0.0
CVE-2025-14579 - Quiz Maker < 6.7.0.89 - Admin+ Stored XSS
The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
8.7
CVE-2026-0854 - Merit LILINο½NVR - OS Command Injection
Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
2.3
CVE-2025-69276 - Spectrum insecure deserialiation
Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier.