revive
Web & CMS Pluginscommercial
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting revive.
- CVE-2026-50745A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty c...6.1
- CVE-2026-50741Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin ide...8.8
- CVE-2026-50742A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed witho...5.4
- CVE-2026-50744A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the m...4.3
- CVE-2026-50739A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the `tracker-campaigns.php` scri...4.3
- CVE-2026-50740A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFr...5.4
- CVE-2026-44959A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user could add an unexpected component parameter and inject malic...8.8
- CVE-2026-44958An access control bypass allows an advertiser‑level user to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when such permissions were not granted. The banner-edit.php ...5.4
- CVE-2026-44957A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities...4.3
- CVE-2026-34913A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to link their tra...4.3
- CVE-2026-34917Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restricted to admin users. An attacker could leverage this to...4.3
- CVE-2026-34914A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection...8.3
- CVE-2026-34912A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API allows a low‑privileged user co...4.3
- CVE-2026-34915A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to exploit the clientid parameter to perform blind SQL i...6.1
- CVE-2026-21642HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the `banner-acl.php` and `channel-acl.php` scripts of Revive Adserver. An attacker can craft a specific U...6.1