Revive Adserver 5.4.1 - Cross-Site Scripting

A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions. id: CVE-2023-38040 info: name: Revive Adserver 5.4.1 - Cross-Site Scripting author: ritikchaddha severity: medium description: | A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions...

Revive Adserver <5.1.0 - Open Redirect

Revive Adserver before 5.1.0 contains an open redirect vulnerability via the dest, oadest, and ct0 parameters of the lg.php and ck.php delivery scripts. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized...

Revive Adserver <=5.0.3 - Cross-Site Scripting

Revive Adserver 5.0.3 and prior contains a reflected cross-site scripting vulnerability in the publicly accessible afr.php delivery script. In older versions, it is possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php...

Revive Adserver 4.2 - Remote Code Execution

Revive Adserver 4.2 is susceptible to remote code execution. An attacker can send a crafted payload to the XML-RPC invocation script and trigger the unserialize call on the "what" parameter in the "openads.spc" RPC method. This can be exploited to perform various types of attacks, e.g...

Revive Adserver: PHP code injection via unexpected delivery limitation parameter

A vulnerability was reported in Revive Adserver 6.0.6 and earlier versions where user input was not properly validated when saving delivery limitations. This allowed a low-privileged user to inject malicious PHP code into the compiledlimitations field, which could then be executed during banner...

Exploit for Stack-based Buffer Overflow in Asustor Data_Master

CVE-2026-6643 — ASUSTOR ADM 5.1.2 RCE Format String CWE-134...

ID-Eraser: Proactive Defense against Face Swapping Via Identity Perturbation

Deepfake technologies have rapidly advanced with modern generative AI, and face swapping in particular poses serious threats to privacy and digital security. Existing proactive defenses mostly rely on pixel-level perturbations, which are ineffective against contemporary swapping models that extra...

Revive Adserver: Banner status override by advertiser‑level users

A vulnerability was reported in Revive Adserver 6.0.6 and earlier, which allowed an advertiser-level user to activate or deactivate a banner without proper permissions. The issue was caused by the banner-edit.php script, which allowed the banner status to be overwritten solely based on banner edi...

Revive Adserver: Missing access control when modifying parent entities via XML‑RPC

Vulnerability description not provided...

Revive Adserver: Session ID reuse allowing XML‑RPC API authentication bypass

Vulnerability description not provided...

Revive Adserver: Stored XSS via Full Name field in userlog email entries

Vulnerability description not provided...

CVE-2026-39561

Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through = 2.0.7...

WordPress plugin Revive.so 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Revive Adserver: PHP code injection via delivery limitation logical

Vulnerability description not provided...

Revive Adserver: Reflected XSS via clientid parameter in zone‑include.php

Vulnerability description not provided...

Revive Adserver: Blind SQL injection via clientid parameter in zone‑include.php

Vulnerability description not provided...

Revive Adserver: Missing access control when linking trackers to campaigns

A missing access control check was reported when linking trackers to campaigns through the "campaign-trackers.php" script of Revive Adserver 6.0.6 and earlier. A low-privileged user could link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent...

Revive Adserver: Missing access control when linking banners or campaigns to zones

A missing access control check was identified when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API. This could have allowed a low-privileged user to link their zones to banners or campaigns owned by other managers on...

CVE-2026-32141 flatted: Unbounded recursion DoS in parse() revive phase

flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...

WordPress WP-Revive Adserver plugin <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin WP-Revive Adserver versions = 2.2.1...