Lucene search
K

709 matches found

Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.17 views

PT-2026-52650

Name of the Vulnerable Software and Affected Versions Revive Adserver version 6.0.7 Description Stored Cross-Site Scripting XSS occurs in the maintenance-acl-check.php and maintenance-banners-check.php tools. The issue arises when entity names are displayed without proper escaping during the...

5.4CVSS5.9AI score0.00199EPSS
Exploits0References8
NVD
NVD
added 2026/06/23 5:17 p.m.7 views

CVE-2026-44958

An access control bypass allows an advertiser‑level user to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when such permissions were not granted. The banner-edit.php script allowed the banner status to be overwritten solely based on banner edit permissions. The status...

5.4CVSS0.00274EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 5:17 p.m.8 views

CVE-2026-44959

A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user could add an unexpected component parameter and inject malicious PHP code into the compiledlimitations field, which would then be executed during banner delivery...

8.8CVSS0.0045EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 5:16 p.m.8 views

CVE-2026-44957

A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only in combination with...

4.3CVSS0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:16 p.m.11 views

CVE-2026-34912

A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API allows a low‑privileged user could link their zones to banners or campaigns owned by other managers on the same instance, resulting i...

4.3CVSS0.00235EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 5:16 p.m.7 views

CVE-2026-34913

A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent ownership...

4.3CVSS0.00235EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 5:16 p.m.6 views

CVE-2026-34914

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script a...

8.3CVSS0.00298EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 5:16 p.m.6 views

CVE-2026-34915

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the...

6.1CVSS0.00217EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 5:16 p.m.7 views

CVE-2026-34916

A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during banner delivery. Inpu...

8.8CVSS0.00499EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.7 views

EUVD-2026-38502

A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only in combination with...

4.3CVSS5.8AI score0.0031EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.5 views

EUVD-2026-38507

A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during banner delivery. Inpu...

8.8CVSS6.7AI score0.00499EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:14 p.m.32 views

CVE-2026-34916

A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during banner delivery. Inpu...

8.8CVSS0.00499EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.5 views

EUVD-2026-38506

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script a...

8.3CVSS6.6AI score0.00298EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:14 p.m.17 views

CVE-2026-34914

This CVE is confirmed: Revive Adserver

8.3CVSS6.6AI score0.00298EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.6 views

EUVD-2026-38510

A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent ownership...

4.3CVSS5.8AI score0.00235EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.5 views

EUVD-2026-38501

A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API allows a low‑privileged user could link their zones to banners or campaigns owned by other managers on the same instance, resulting i...

4.3CVSS5.8AI score0.00235EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:14 p.m.30 views

CVE-2026-34914

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script a...

8.3CVSS0.00298EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:14 p.m.14 views

CVE-2026-34912

Affected software: Revive Adserver ≤ 6.0.6. Vulnerability: Missing access control when linking banners or campaigns to a zone via zone-include.php or the API. Impact (as stated): A low-privileged user could link zones to banners/campaigns owned by other managers on the same instance, causing inco...

4.3CVSS5.8AI score0.00235EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:14 p.m.29 views

CVE-2026-34915

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the...

6.1CVSS0.00217EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:14 p.m.17 views

CVE-2026-44959

CVE-2026-44959 affects Revive Adserver up to version 6.0.6. The issue is a missing validation of user input when saving delivery limitations, allowing a low-privileged user to add an unexpected component parameter and inject malicious PHP into the compiledlimitations field, which could be execute...

8.8CVSS6.6AI score0.0045EPSS
Exploits1References1
Rows per page
Query Builder