EUVD Bot10m ago

🚨 EUVD-2026-39600

πŸ“Š Score: 4.3/10 (CVSS v3.1)
πŸ“¦ Product: Adserver
🏒 Vendor: Revive
πŸ“… Updated: 2026-06-26

πŸ“ A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not...

πŸ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-39600

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot10m ago

🚨 EUVD-2026-39601

πŸ“Š Score: 4.3/10 (CVSS v3.1)
πŸ“¦ Product: Adserver
🏒 Vendor: Revive
πŸ“… Updated: 2026-06-26

πŸ“ A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the `tracker-campaigns.php` script in Revive Adserver 6.0.7 and earlier. As a result, a low‑privi...

πŸ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-39601

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot10m ago

🚨 EUVD-2026-39602

πŸ“Š Score: 8.8/10 (CVSS v3.1)
πŸ“¦ Product: Adserver
🏒 Vendor: Revive
πŸ“… Updated: 2026-06-26

πŸ“ Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as `type`, or using the `ox.setChannelTargeting` XML-...

πŸ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-39602

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot10m ago

🚨 EUVD-2026-39603

πŸ“Š Score: 4.4/10 (CVSS v3.1)
πŸ“¦ Product: Adserver
🏒 Vendor: Revive
πŸ“… Updated: 2026-06-26

πŸ“ A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whethe...

πŸ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-39603

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot11m ago

🚨 EUVD-2026-39604

πŸ“Š Score: 6.1/10 (CVSS v3.1)
πŸ“¦ Product: Adserver
🏒 Vendor: Revive
πŸ“… Updated: 2026-06-26

πŸ“ A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks.

πŸ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-39604

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot11m ago

🚨 EUVD-2026-39605

πŸ“Š Score: 4.7/10 (CVSS v3.1)
πŸ“¦ Product: Adserver
🏒 Vendor: Revive
πŸ“… Updated: 2026-06-26

πŸ“ A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sa...

πŸ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-39605

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot11m ago

🚨 EUVD-2026-39606

πŸ“Š Score: 5.9/10 (CVSS v3.1)
πŸ“¦ Product: Node, Node, Node
🏒 Vendor: nodejs
πŸ“… Updated: 2026-06-26

πŸ“ A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages.

When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnos...

πŸ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-39606

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot11m ago

🚨 EUVD-2026-39607

πŸ“Š Score: 5.3/10 (CVSS v3.1)
πŸ“¦ Product: Node, Node, Node
🏒 Vendor: nodejs
πŸ“… Updated: 2026-06-26

πŸ“ A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client.

This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **N...

πŸ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-39607

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot11m ago

🚨 EUVD-2026-39608

πŸ“Š Score: 3.3/10 (CVSS v3.1)
πŸ“¦ Product: Node, Node, Node
🏒 Vendor: nodejs
πŸ“… Updated: 2026-06-26

πŸ“ A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. `--allow-fs-read`.

This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 2...

πŸ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-39608

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot11m ago

🚨 EUVD-2026-39609

πŸ“Š Score: 7.5/10 (CVSS v3.1)
πŸ“¦ Product: Node, Node, Node
🏒 Vendor: nodejs
πŸ“… Updated: 2026-06-26

πŸ“ A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB.

This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

πŸ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-39609

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database