Lucene search
+L

4 matches found

nvd
nvd
added 2026/06/26 2:16 a.m.12 views

CVE-2026-50739

A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the tracker-campaigns.php script in Revive Adserver 6.0.7 and earlier. As a result, a low‑privileged user could link their trackers to...

4.3CVSS0.00287EPSS
Exploits1References1
euvd
euvd
added 2026/06/23 4:14 p.m.10 views

EUVD-2026-38510

A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent ownership...

4.3CVSS5.8AI score0.00235EPSS
Exploits2References1
cve
cve
added 2026/06/23 4:14 p.m.33 views

CVE-2026-34913

CVE-2026-34913 describes a missing access control check in Revive Adserver up to version 6.0.6 in the campaign-trackers.php workflow, where a low-privileged user could link trackers to campaigns owned by other managers on the same instance, leading to inconsistent ownership relationships. The und...

4.3CVSS5.8AI score0.00235EPSS
Exploits2References1
hackerone
hackerone
added 2026/04/05 8:47 a.m.13 views

Revive Adserver: Missing access control when linking trackers to campaigns

A missing access control check was reported when linking trackers to campaigns through the "campaign-trackers.php" script of Revive Adserver 6.0.6 and earlier. A low-privileged user could link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent...

4.3CVSS5.7AI score0.00235EPSS
Exploits2
Rows per page
Query Builder