143 matches found
CVE-2026-34913
A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent ownership...
EUVD-2026-38510
A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent ownership...
CVE-2026-34913
CVE-2026-34913 describes a missing access control check in Revive Adserver up to version 6.0.6 in the campaign-trackers.php workflow, where a low-privileged user could link trackers to campaigns owned by other managers on the same instance, leading to inconsistent ownership relationships. The und...
CVE-2026-34913
A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent ownership...
Argamal: Malware hidden in hentai games
In April 2026, we discovered a new malware campaign targeting players of "hentai" games. Once launched, the infected games install a previously unknown malicious implant on the user's machine. After a few days, the implant downloads and executes a Trojan, resulting in full system compromise and...
CVE-2026-48235
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses InstaMapper and Google Latitude integration are concatenated into...
Gazelle 环境问题漏洞
Gazelle is a web framework developed by WhatCD’s developers, designed for private BitTorrent trackers. Versions of Gazelle prior to 0.49 contained an environmental vulnerability, caused by improper handling of HTTP header priorities. This vulnerability could allow attackers to inject malicious HT...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: drm/i915/active: Fixed the misuse of non-idle barriers as fence trackers. Users reported errors related to list corruption when using i915 perf with a number of concurrently running graphics applications. Root cause analysis...
Revive Adserver: Missing access control when linking trackers to campaigns
A missing access control check was reported when linking trackers to campaigns through the "campaign-trackers.php" script of Revive Adserver 6.0.6 and earlier. A low-privileged user could link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent...
Tracking the Trackers: Commercial Surveillance Occurring on U.S. Army Networks
Despite current security implementations, Internet activity on DoD networks is susceptible to web trackers and commercial data collection, which have the potential to expose information about service members and unit operations. This report documents the outcomes of a study to characterize web...
[SECURITY] Fedora 43 Update: rust-redlib-0.35.1-10.fc43
Redlib is alternative private front-end to Reddit, with its origins in Libreddit. Redlib hopes to provide an easier way to browse Reddit, without the ads, trackers, and bloat...
AirCatch: Effectively Tracing Advanced Tag-Based Trackers
Tag-based tracking ecosystems help users locate lost items, but can be leveraged for unwanted tracking and stalking. Existing protocol-driven defenses and prior academic solutions largely assume stable identifiers or predictable beaconing. However, identifier-based defenses fundamentally break do...
CVE-2026-21641
HackerOne community member Jad Ghamloush 0xjad has reported an authorization bypass vulnerability in the tracker-delete.php script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts...
CVE-2026-21641
HackerOne community member Jad Ghamloush 0xjad has reported an authorization bypass vulnerability in the tracker-delete.php script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts...
CVE-2026-21641
HackerOne community member Jad Ghamloush 0xjad has reported an authorization bypass vulnerability in the tracker-delete.php script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts...
CVE-2026-21641
HackerOne community member Jad Ghamloush 0xjad has reported an authorization bypass vulnerability in the tracker-delete.php script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts...
CVE-2026-21641
Revive Adserver CVE-2026-21641 is an authorization bypass in the tracker-delete.php script. Reported by HackerOne, the issue allows users with delete-tracker permissions to delete trackers owned by other accounts. Verified across multiple sources (NVD, RH, CIRCL, CVE List, EUVD, AttackeRKB, etc.)...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992932)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992932 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/active: Fix misuse of non-idle barriers as fence trackers Users reported oopses on list...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992266)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992266 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/active: Fix misuse of non-idle barriers as fence trackers Users reported oopses on list...
Revive Adserver: Broken Access Control allows advertiser accounts to delete trackers they do not own
Vulnerability description not provided...