CVE Tools

revive

Web & CMS Pluginscommercial

13

Cumulative CVEs

1

Monthly snapshots

#66

Peak rank

Top products

revive adserver13

Latest CVEs

The 15 most recently published vulnerabilities affecting revive.

CVE-2026-21642HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the `banner-acl.php` and `channel-acl.php` scripts of Revive Adserver. An attacker can craft a specific U...6.1Jan 20, 2026
CVE-2026-21664HackerOne community member Huynh Pham Thanh Luc (nigh7c0r3) has reported a reflected XSS vulnerability in the afr.php delivery script of Revive Adserver. An attacker can craft a specific URL that i...6.1Jan 20, 2026
CVE-2026-21663HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the banner-acl.php script of Revive Adserver. An attacker can craft a specific URL that includes an HTML ...6.1Jan 20, 2026
CVE-2026-21641HackerOne community member Jad Ghamloush (0xjad) has reported an authorization bypass vulnerability in the `tracker-delete.php` script of Revive Adserver. Users with permissions to delete trackers ...6.5Jan 20, 2026
CVE-2026-21640HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin us...2.7Jan 20, 2026
CVE-2025-55129HackerOne community member Kassem S.(kassem_s94) has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several a...5.4Dec 2, 2025
CVE-2025-52668Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored ...5.4Nov 20, 2025
CVE-2025-48987Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack.6.1Nov 20, 2025
CVE-2025-48986Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forg...8.8Nov 20, 2025
CVE-2025-55124Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script.6.1Nov 20, 2025
CVE-2025-55123Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users.5.4Nov 20, 2025
CVE-2025-52671Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database v...4.3Nov 20, 2025
CVE-2025-52670Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts6.5Nov 20, 2025
CVE-2025-52669Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other u...4.3Nov 20, 2025
CVE-2025-52667Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user.5.4Nov 20, 2025