Revive adserver
This hub aggregates every CVE we track for Revive adserver, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
70
CVEs tracked
5
Critical
11
High
0
In CISA KEV
Severity distribution
MEDIUM50HIGH11CRITICAL5LOW4
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
13
2
5
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Revive adserver.
- CVE-2026-21642HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the `banner-acl.php` and `channel-acl.php` scripts of Revive Adserver. An attacker can craft a specific U...6.1
- CVE-2026-21664HackerOne community member Huynh Pham Thanh Luc (nigh7c0r3) has reported a reflected XSS vulnerability in the afr.php delivery script of Revive Adserver. An attacker can craft a specific URL that i...6.1
- CVE-2026-21663HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the banner-acl.php script of Revive Adserver. An attacker can craft a specific URL that includes an HTML ...6.1
- CVE-2026-21640HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin us...2.7
- CVE-2026-21641HackerOne community member Jad Ghamloush (0xjad) has reported an authorization bypass vulnerability in the `tracker-delete.php` script of Revive Adserver. Users with permissions to delete trackers ...6.5
- CVE-2023-53931Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings6.1
- CVE-2025-55129HackerOne community member Kassem S.(kassem_s94) has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several a...5.4
- CVE-2025-52668Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored ...5.4
- CVE-2025-48986Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forg...8.8
- CVE-2025-48987Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack.6.1
- CVE-2025-52667Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user.5.4
- CVE-2025-52671Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database v...4.3
- CVE-2025-52670Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts6.5
- CVE-2025-52666Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PH...2.7
- CVE-2025-52669Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other u...4.3
Product normalization is registry-driven with AI assist and human review. How it works