|
281
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the `tracker-campaigns.php` script in …
New
|
CWE-284
Improper Access Control
|
CVE-2026-50739
|
2026-06-27 01:11 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-50740
|
2026-06-27 01:11 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283
|
8.8 |
HIGH
Network
|
-
|
-
|
Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin ident…
New
|
CWE-94
Code Injection
|
CVE-2026-50741
|
2026-06-27 01:11 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284
|
4.4 |
MEDIUM
Network
|
-
|
-
|
A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-50742
|
2026-06-27 01:11 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method …
New
|
CWE-284
Improper Access Control
|
CVE-2026-50744
|
2026-06-27 01:11 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty cus…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-50745
|
2026-06-27 01:11 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287
|
- |
|
-
|
-
|
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, w…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-43920
|
2026-06-27 01:10 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring check rather than a host check at str_contains($refer…
New
|
CWE-601
Open Redirect
|
CVE-2026-40080
|
2026-06-27 01:09 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing session_regenerate_id() after login, leading to Session Fixation. session_regenerate_id() is…
New
|
CWE-384
Session Fixation
|
CVE-2026-40082
|
2026-06-27 01:09 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290
|
7.2 |
HIGH
Network
|
-
|
-
|
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php,…
New
|
CWE-89
SQL Injection
|
CVE-2026-40083
|
2026-06-27 01:09 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
