Lucene search
K

4 matches found

NVD
NVD
added 2026/06/26 2:16 a.m.11 views

CVE-2026-50739

A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the tracker-campaigns.php script in Revive Adserver 6.0.7 and earlier. As a result, a low‑privileged user could link their trackers to...

4.3CVSS0.00287EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.8 views

EUVD-2026-38510

A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent ownership...

4.3CVSS5.8AI score0.00235EPSS
Exploits2References1
CVE
CVE
added 2026/06/23 4:14 p.m.31 views

CVE-2026-34913

CVE-2026-34913 describes a missing access control check in Revive Adserver up to version 6.0.6 in the campaign-trackers.php workflow, where a low-privileged user could link trackers to campaigns owned by other managers on the same instance, leading to inconsistent ownership relationships. The und...

4.3CVSS5.8AI score0.00235EPSS
Exploits2References1
Hacker One
Hacker One
added 2026/04/05 8:47 a.m.13 views

Revive Adserver: Missing access control when linking trackers to campaigns

A missing access control check was reported when linking trackers to campaigns through the "campaign-trackers.php" script of Revive Adserver 6.0.6 and earlier. A low-privileged user could link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent...

4.3CVSS5.7AI score0.00235EPSS
Exploits2
Rows per page
Query Builder