Revive Adserver <=5.0.3 - Cross-Site Scripting

Revive Adserver 5.0.3 and prior contains a reflected cross-site scripting vulnerability in the publicly accessible afr.php delivery script. In older versions, it is possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php...

CVE-2026-8115

creationtimestamp| type| source ---|---|--- 2026-05-08 01:07:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlck4vqxkq2r...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : pyOpenSSL vulnerabilities (USN-8115-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8115-1 advisory. It was discovered that pyOpenSSL incorrectly handled exceptions in the tlsextservername callback. This could result in connections...

MAL-2025-8115 Malicious code in @juigorg/similique-ab (npm)

The package @juigorg/similique-ab was found to contain malicious code...

CVE-2025-8115

PHPGurukul Taxi Stand Management System 1.0 contains a cross-site scripting vulnerability in the admin/new-autoortaxi-entry-form.php file. The vulnerability stems from manipulation of the registrationnumber/licensenumber parameter, allowing remote exploitation. Public exploit details exist. Remed...

CVE-2025-8115 PHPGurukul Taxi Stand Management System new-autoortaxi-entry-form.php cross site scripting

A vulnerability has been found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/new-autoortaxi-entry-form.php. The manipulation of the argument registrationnumber/licensenumber leads to cros...

CVE-2020-8115

A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver = 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older version...

CVE-2019-8115

A reflected cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when adding an image for during simple product creation...

CVE-2017-8115

Directory traversal in setup/processors/urlsearch.php aka the search page of an unused processor in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information...

CVE-2020-8115

creationtimestamp| type| source ---|---|--- 2025-02-05 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-02-05...

CVE-2019-8115

creationtimestamp| type| source ---|---|--- 2024-02-04 13:16:19+00:00| seen| https://t.me/ctinow/178815...

CVE-2016-8115

...

CVE-2016-8115

CVE-2016-8115 entry is rejected; it is not associated with an active vulnerability.

CVE-2021-22872

Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting XSS vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers e.g., IE10 that do not automatically URL encode...

Cross site scripting

Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting XSS vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers e.g., IE10 that do not automatically URL encode...

CVE-2021-22872

Revive Adserver

Microsoft Windows Host Compute Service Shim Remote Code Execution (CVE-2018-8115)

A vulnerability exists in Microsoft windows host compute service shim x under 0.6.10. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

CVE-2017-18678

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.x software. An attacker can crash system processes via a Serializable object because of missing exception handling. The Samsung IDs are SVE-2017-8109, SVE-2017-8110, SVE-2017-8115, SVE-2017-8118, and SVE-2017-811...

Code injection

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.x software. An attacker can crash system processes via a Serializable object because of missing exception handling. The Samsung IDs are SVE-2017-8109, SVE-2017-8110, SVE-2017-8115, SVE-2017-8118, and SVE-2017-811...

CVE-2017-18678

CVE-2017-18678 affects Samsung mobile devices running KK(4.4) to N(7.x). The issue allows an attacker to crash system processes via a Serializable object due to missing exception handling. Reported Samsung internal identifiers are SVE-2017-8109, SVE-2017-8110, SVE-2017-8115, SVE-2017-8118, and SV...