Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-52670
Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts
CVSS Score
7.1
EPSS Score
0.0
Published
2025-11-20
CVE-2025-52671
Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-11-20
CVE-2025-55123
Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-11-20
CVE-2025-55124
Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-11-20
CVE-2025-48986
Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-11-20
CVE-2025-48987
Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-11-20
CVE-2025-52666
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.
CVSS Score
2.7
EPSS Score
0.001
Published
2025-11-20
CVE-2025-52667
Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-11-20
CVE-2025-52668
Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack.
CVSS Score
8.7
EPSS Score
0.0
Published
2025-11-20
CVE-2025-63889
The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved