Lucene search
K

709 matches found

Cvelist
Cvelist
added 2026/01/20 8:48 p.m.17 views

CVE-2026-21640

HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...

2.7CVSS0.0021EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/20 8:48 p.m.3 views

CVE-2026-21640

HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...

2.7CVSS5.5AI score0.0021EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 8:48 p.m.3 views

CVE-2026-21641

HackerOne community member Jad Ghamloush 0xjad has reported an authorization bypass vulnerability in the tracker-delete.php script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts...

7.1CVSS5.4AI score0.00227EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/01/20 8:48 p.m.14 views

CVE-2026-21664

CVE-2026-21664 is a reported reflected XSS vulnerability affecting Revive Adserver’s afr.php delivery script. A crafted URL containing HTML payload parameters can cause an administrator visiting the link to have malicious scripts executed in the browser. The available sources consistently describ...

6.1CVSS5.5AI score0.00163EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/20 8:48 p.m.5 views

CVE-2026-21664

HackerOne community member Huynh Pham Thanh Luc nigh7c0r3 has reported a reflected XSS vulnerability in the afr.php delivery script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent ...

6.1CVSS5.5AI score0.00163EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/20 8:48 p.m.3 views

CVE-2026-21664

HackerOne community member Huynh Pham Thanh Luc nigh7c0r3 has reported a reflected XSS vulnerability in the afr.php delivery script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent ...

6.1CVSS5.5AI score0.00163EPSS
Exploits0References1
CVE
CVE
added 2026/01/20 8:48 p.m.14 views

CVE-2026-21640

The CVE-2026-21640 entry describes an INI format-string injection in Revive Adserver settings that can crash the admin console with a fatal PHP error when certain character sequences are used. The issue is reported for Revive Adserver (with a referenced 6.0.4 context in the HackerOne report). Roo...

2.7CVSS5.5AI score0.0021EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/01/20 8:48 p.m.15 views

CVE-2026-21641

HackerOne community member Jad Ghamloush 0xjad has reported an authorization bypass vulnerability in the tracker-delete.php script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts...

7.1CVSS0.00227EPSS
Exploits0References1
CVE
CVE
added 2026/01/20 8:48 p.m.10 views

CVE-2026-21663

CVE-2026-21663 is a reflected XSS vulnerability in Revive Adserver’s banner-acl.php script. An attacker can craft a URL with an HTML payload in a parameter (e.g., cap) that, when visited by a logged-in administrator, causes the payload to execute in the administrator’s browser. Multiple sources (...

6.1CVSS5.5AI score0.00163EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.7 views

Revive Adserver security vulnerability

Revive Adserver is a set of open-source advertising management systems developed by the Revive Adserver team. This system provides functions such as advertising placement, ad slot management, and data statistics. There is a security vulnerability in Revive Adserver; this vulnerability stems from ...

6.1CVSS6.5AI score0.00163EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.5 views

PT-2026-3659

HackerOne community member Patrick Lang 7yr has reported a reflected XSS vulnerability in the banner-acl.php and channel-acl.php scripts of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is...

6.1CVSS5.5AI score0.00163EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.6 views

PT-2026-3660

HackerOne community member Patrick Lang 7yr has reported a reflected XSS vulnerability in the banner-acl.php script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent to the browser a...

6.1CVSS5.5AI score0.00163EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.6 views

PT-2026-3658

HackerOne community member Jad Ghamloush 0xjad has reported an authorization bypass vulnerability in the tracker-delete.php script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts...

7.1CVSS5.5AI score0.00227EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.7 views

Revive Adserver security vulnerability

Revive Adserver is a set of open-source advertising management systems developed by the Revive Adserver team. This system offers functions such as advertising placement, ad slot management, and data statistics. There is a security vulnerability in Revive Adserver; this vulnerability stems from an...

7.1CVSS7AI score0.00227EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.5 views

PT-2026-3657

HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...

2.7CVSS5.5AI score0.0021EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.7 views

Revive Adserver security vulnerability

Revive Adserver is a set of open-source advertising management systems developed by the Revive Adserver team. This system provides functions such as advertising placement, ad slot management, and data statistics. There are security vulnerabilities in Revive Adserver; these vulnerabilities stem fr...

6.1CVSS6.2AI score0.00163EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.5 views

PT-2026-3661

HackerOne community member Huynh Pham Thanh Luc nigh7c0r3 has reported a reflected XSS vulnerability in the afr.php delivery script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent ...

6.1CVSS5.5AI score0.00163EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.6 views

Revive Adserver security vulnerability

Revive Adserver is a set of open-source advertising management systems developed by the Revive Adserver team. This system provides functions such as advertising placement, ad slot management, and data statistics. There is a security vulnerability in Revive Adserver; this vulnerability stems from...

6.1CVSS6.2AI score0.00163EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.6 views

Revive Adserver security vulnerability

Revive Adserver is a set of open-source advertising management systems developed by the Revive Adserver team. This system offers functions such as advertising placement, ad slot management, and data statistics. There is a security vulnerability in Revive Adserver; this vulnerability stems from...

2.7CVSS5.8AI score0.0021EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:22 a.m.7 views

CVE-2021-22873

Revive Adserver before 5.1.0 is vulnerable to open redirects via the dest, oadest, and/or ct0 parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third...

6.1CVSS6.7AI score0.66141EPSS
Exploits3References1
Rows per page
Query Builder