Connect
by Adobe Inc.
CVEs (75)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-12804 | Cri | 0.65 | 9.8 | 0.11 | Jul 20, 2018 | Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability. Successful exploitation could lead to session hijacking. | ||
| CVE-2017-11291 | Cri | 0.65 | 10.0 | 0.06 | Dec 9, 2017 | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls. | ||
| CVE-2025-27203 | Cri | 0.64 | 9.6 | 0.01 | Jul 8, 2025 | Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does require user interaction and scope is changed. | ||
| CVE-2018-12805 | Cri | 0.64 | 9.8 | 0.04 | Jul 20, 2018 | Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation. | ||
| CVE-2016-0949 | Cri | 0.64 | 9.8 | 0.04 | Feb 10, 2016 | Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL. | ||
| CVE-2026-34659 | Cri | 0.63 | 9.6 | 0.01 | May 12, 2026 | Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to execute arbitrary code.… | ||
| CVE-2026-27303 | Cri | 0.63 | 9.6 | 0.01 | Apr 14, 2026 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must visit a… | ||
| CVE-2026-34615 | Cri | 0.61 | 9.3 | 0.01 | Apr 14, 2026 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a… | ||
| CVE-2026-34660 | Cri | 0.60 | 9.3 | 0.00 | May 12, 2026 | Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web… | ||
| CVE-2026-27246 | Cri | 0.60 | 9.3 | 0.00 | Apr 14, 2026 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's… | ||
| CVE-2026-27245 | Cri | 0.60 | 9.3 | 0.00 | Apr 14, 2026 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's… | ||
| CVE-2026-27243 | Cri | 0.60 | 9.3 | 0.00 | Apr 14, 2026 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's… | ||
| CVE-2018-4923 | Cri | 0.60 | 9.1 | 0.10 | May 19, 2018 | Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary file deletion. | ||
| CVE-2026-34617 | Hig | 0.57 | 8.7 | 0.00 | Apr 14, 2026 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining… | ||
| CVE-2023-4665 | Hig | 0.57 | 8.8 | 0.01 | Sep 15, 2023 | Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9. | ||
| CVE-2023-4664 | Hig | 0.57 | 8.8 | 0.01 | Sep 15, 2023 | Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9. | ||
| CVE-2016-0948 | Hig | 0.57 | 8.8 | 0.02 | Feb 10, 2016 | Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||
| CVE-2025-49552 | Hig | 0.53 | 8.1 | 0.00 | Oct 14, 2025 | Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a… | ||
| CVE-2016-4118 | Hig | 0.51 | 7.8 | 0.01 | May 30, 2016 | Untrusted search path vulnerability in the installer in Adobe Connect Add-In before 11.9.976.291 on Windows allows local users to gain privileges via unspecified vectors. | ||
| CVE-2018-4994 | Hig | 0.50 | 7.5 | 0.10 | May 19, 2018 | Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could lead to sensitive information disclosure. |
- risk 0.65cvss 9.8epss 0.11
Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability. Successful exploitation could lead to session hijacking.
- risk 0.65cvss 10.0epss 0.06
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.
- risk 0.64cvss 9.6epss 0.01
Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does require user interaction and scope is changed.
- risk 0.64cvss 9.8epss 0.04
Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation.
- risk 0.64cvss 9.8epss 0.04
Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL.
- risk 0.63cvss 9.6epss 0.01
Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to execute arbitrary code.…
- risk 0.63cvss 9.6epss 0.01
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must visit a…
- risk 0.61cvss 9.3epss 0.01
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a…
- risk 0.60cvss 9.3epss 0.00
Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web…
- risk 0.60cvss 9.3epss 0.00
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's…
- risk 0.60cvss 9.3epss 0.00
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's…
- risk 0.60cvss 9.3epss 0.00
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's…
- risk 0.60cvss 9.1epss 0.10
Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary file deletion.
- risk 0.57cvss 8.7epss 0.00
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining…
- risk 0.57cvss 8.8epss 0.01
Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9.
- risk 0.57cvss 8.8epss 0.01
Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9.
- risk 0.57cvss 8.8epss 0.02
Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- risk 0.53cvss 8.1epss 0.00
Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a…
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in the installer in Adobe Connect Add-In before 11.9.976.291 on Windows allows local users to gain privileges via unspecified vectors.
- risk 0.50cvss 7.5epss 0.10
Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could lead to sensitive information disclosure.
Page 1 of 4