Aquaplatform Revive Adserver — known CVE vulnerabilities
Every CVE whose affected-product data names Aquaplatform Revive Adserver, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2026-21641 — CVSS 6.5 (medium): HackerOne community member Jad Ghamloush (0xjad) has reported an authorization bypass vulnerability in the `tracker-delete.php` script of…
CVE-2025-55126 — CVSS 6.5 (medium): HackerOne community member Dang Hung Vi (vidang04) has reported a stored XSS vulnerability involving the navigation box at the top of…
CVE-2025-55128 — CVSS 6.5 (medium): HackerOne community member Dang Hung Vi (vidang04) has reported an uncontrolled resource consumption vulnerability in the…
CVE-2026-21664 — CVSS 6.1 (medium): HackerOne community member Huynh Pham Thanh Luc (nigh7c0r3) has reported a reflected XSS vulnerability in the afr.php delivery script of…
CVE-2026-21642 — CVSS 6.1 (medium): HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the `banner-acl.php` and `channel-acl.php`…
CVE-2026-21663 — CVSS 6.1 (medium): HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the banner-acl.php script of Revive Adserver…
CVE-2025-55127 — CVSS 5.4 (medium): HackerOne community member Dao Hoang Anh (yoyomiski) has reported an improper neutralization of whitespace in the username when adding new…
CVE-2025-55129 — CVSS 5.4 (medium): HackerOne community member Kassem S.(kassem_s94) has reported that username handling in Revive Adserver was still vulnerable to…
CVE-2026-21640 — CVSS 2.7 (low): HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific…